[Secure-testing-commits] r11318 - data/CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Tue Mar 3 18:27:50 UTC 2009 

Author: jmm-guest
Date: 2009-03-03 18:27:49 +0000 (Tue, 03 Mar 2009)
New Revision: 11318

Modified:
   data/CVE/list
Log:
- five new kernel issues
- xine-lib fixed
- NFUs
- new pngcrush issue
- rewrite libvirt entry



Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-03-03 09:14:18 UTC (rev 11317)
+++ data/CVE/list	2009-03-03 18:27:49 UTC (rev 11318)
@@ -1,11 +1,23 @@
 CVE-2009-0748 (The ext4_fill_super function in fs/ext4/super.c in the Linux kernel ...)
-	TODO: check
+	- linux-2.6 <unfixed> (low)
+	[etch] - linux-2.6 <not-affected> (ext4 not yet present)
+	- linux-2.6.24 <unfixed> (low)
+	NOTE: Since the feature is experimental until 2.6.27, I don't think we need to fix this
 CVE-2009-0747 (The ext4_isize function in fs/ext4/ext4.h in the Linux kernel 2.6.27 ...)
-	TODO: check
+	- linux-2.6 <unfixed> (low)
+	[etch] - linux-2.6 <not-affected> (ext4 not yet present)
+	- linux-2.6.24 <unfixed> (low)
+	NOTE: Since the feature is experimental until 2.6.27, I don't think we need to fix this
 CVE-2009-0746 (The make_indexed_dir function in fs/ext4/namei.c in the Linux kernel ...)
-	TODO: check
+	- linux-2.6 <unfixed> (low)
+	[etch] - linux-2.6 <not-affected> (ext4 not yet present)
+	- linux-2.6.24 <unfixed> (low)
+	NOTE: Since the feature is experimental until 2.6.27, I don't think we need to fix this
 CVE-2009-0745 (The ext4_group_add function in fs/ext4/resize.c in the Linux kernel ...)
-	TODO: check
+	- linux-2.6 <unfixed> (low)
+	[etch] - linux-2.6 <not-affected> (ext4 not yet present)
+	- linux-2.6.24 <unfixed> (low)
+	NOTE: Since the feature is experimental until 2.6.27, I don't think we need to fix this
 CVE-2009-0744 (Apple Safari 4 Beta build 528.16 allows remote attackers to cause a ...)
 	TODO: check
 CVE-2009-0743 (Cross-site scripting (XSS) vulnerability in the edit account page in ...)
@@ -224,7 +236,7 @@
 CVE-2009-0699 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: Plunet BusinessManager
 CVE-2009-0698 (Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib ...)
-	- xine-lib <unfixed> (bug #517792; medium)
+	- xine-lib 1.1.16.2-1 (bug #517792; medium)
 CVE-2009-0697
 	RESERVED
 CVE-2009-0696
@@ -275,7 +287,9 @@
 	NOTE: Reproducer in <https://bugzilla.redhat.com/show_bug.cgi?id=486305>
 	NOTE: lacks initialzer for len.  Leak confirmed with fixed reproducer.
 CVE-2009-0675 (The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux ...)
-	TODO: check
+	- linux-2.6 <unfixed> (low)
+	- linux-2.6.24 <unfixed> (low)
+	NOTE: Didn't check 2.6.24 so far, only temporary for now
 CVE-2009-0674 (images/captcha.php in Raven Web Services RavenNuke 2.30, when ...)
 	NOT-FOR-US: RavenNuke
 CVE-2009-0673 (Eval injection vulnerability in the Custom Fields feature in the Your ...)
@@ -653,29 +667,29 @@
 CVE-2009-0626
 	RESERVED
 CVE-2009-0625 (Unspecified vulnerability in Cisco ACE Application Control Engine ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2009-0624 (Unspecified vulnerability in the SNMPv2c implementation in Cisco ACE ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2009-0623 (Unspecified vulnerability in Cisco ACE Application Control Engine ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2009-0622 (Unspecified vulnerability in Cisco ACE Application Control Engine ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2009-0621 (Cisco ACE 4710 Application Control Engine Appliance before A1(8a) uses ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2009-0620 (Cisco ACE Application Control Engine Module for Catalyst 6500 Switches ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2009-0619
 	RESERVED
 CVE-2009-0618 (Unspecified vulnerability in the Java agent in Cisco Application ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2009-0617 (Cisco Application Networking Manager (ANM) before 2.0 uses a default ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2009-0616 (Cisco Application Networking Manager (ANM) before 2.0 uses default ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2009-0615 (Directory traversal vulnerability in Cisco Application Networking ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2009-0614 (Unspecified vulnerability in the Web Server in Cisco Unified ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2009-0613 (Trend Micro InterScan Web Security Suite (IWSS) 3.1 before build 1237 ...)
 	NOT-FOR-US: Trend Micro
 CVE-2009-0612 (Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and ...)
@@ -973,17 +987,17 @@
 	- mediawiki <unfixed> (low; bug #514547)
 	[lenny] - mediawiki 1:1.12.0-2lenny3
 CVE-2009-0524 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 6 and 7, ...)
-	TODO: check
+	NOT-FOR-US: Adobe RoboHelp
 CVE-2009-0523 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 ...)
-	TODO: check
+	NOT-FOR-US: Adobe RoboHelp
 CVE-2009-0522 (Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on ...)
-	TODO: check
+	NOT-FOR-US: Adobe Flash Player
 CVE-2009-0521 (Untrusted search path vulnerability in Adobe Flash Player 9.x before ...)
-	TODO: check
+	NOT-FOR-US: Adobe Flash Player
 CVE-2009-0520 (Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 ...)
-	TODO: check
+	NOT-FOR-US: Adobe Flash Player
 CVE-2009-0519 (Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 ...)
-	TODO: check
+	NOT-FOR-US: Adobe Flash Player
 CVE-2009-0518
 	RESERVED
 CVE-2009-0517 (Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and ...)
@@ -1007,7 +1021,7 @@
 CVE-2009-0508
 	RESERVED
 CVE-2009-0507 (IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2 before ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere
 CVE-2009-0506 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) ...)
 	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2009-0505 (The CICS listener in IBM TXSeries for Multiplatforms 6.2 GA waits for ...)
@@ -3201,6 +3215,7 @@
 	NOTE: fixed in r6 point update
 	NOTE: http://www.tdiary.org/20071215.html
 CVE-2009-0040 (The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before ...)
+	- pngcrush 1.6.15-1
 	TODO: check
 CVE-2009-0039
 	RESERVED
@@ -3209,7 +3224,8 @@
 CVE-2009-0037
 	RESERVED
 CVE-2009-0036 (Buffer overflow in the proxyReadClientSocket function in ...)
-	NOT-FOR-US: not building libvirt proxy from libvirt
+	- libvirt 0.5.1-7 (unimportant)
+	NOTE: not building libvirt proxy from libvirt source package
 CVE-2009-0035
 	RESERVED
 CVE-2009-0034 (parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret ...)

More information about the Secure-testing-commits mailing list