[Secure-testing-commits] r11762 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Fri May 1 21:59:24 UTC 2009


Author: jmm-guest
Date: 2009-05-01 21:59:24 +0000 (Fri, 01 May 2009)
New Revision: 11762

Modified:
   data/CVE/list
Log:
- new memcached issue
- NFUs
- zoneminder permission fixed some time ago


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-05-01 21:29:35 UTC (rev 11761)
+++ data/CVE/list	2009-05-01 21:59:24 UTC (rev 11762)
@@ -3,11 +3,11 @@
 	NOTE: http://jira.codehaus.org/browse/JETTY-1004 
 	NOTE: It's not entirely clear, whether version 5 is affected
 CVE-2009-1494 (The process_stat function in Memcached 1.2.8 discloses ...)
-	TODO: check
+	- memcached <unfixed> (low; bug filed)
 CVE-2009-1493 (The customDictionaryOpen spell method in the JavaScript API in Adobe ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2009-1492 (The getAnnots Doc method in the JavaScript API in Adobe Reader and ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2009-1491
 	RESERVED
 CVE-2009-1490
@@ -164,27 +164,27 @@
 CVE-2009-1435 (NTRtScan.exe in Trend Micro OfficeScan Client 8.0 SP1 and 8.0 SP1 ...)
 	NOT-FOR-US: Trend Micro OfficeScan
 CVE-2009-1434 (Cross-site request forgery (CSRF) vulnerability in Foswiki before ...)
-	TODO: check
+	- foswiki <itp> (bug #509864)
 CVE-2008-6756 (ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for ...)
-	TODO: check
+	- zoneminder 1.22.3-5
 CVE-2008-6755 (ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to ...)
 	TODO: check
 CVE-2008-6754 (The Personal Sticky Threads addon 1.0.3c for vBulletin allows remote ...)
-	TODO: check
+	NOT-FOR-US: vBullerin addon
 CVE-2008-6753 (SQL injection vulnerability in SilverStripe before 2.2.2 allows remote ...)
-	TODO: check
+	NOT-FOR-US: SilverStripe
 CVE-2009-1433 (SQL injection vulnerability in File::find (filesystem/File.php) in ...)
 	NOT-FOR-US: SilverStripe
 CVE-2009-1432 (Symantec Reporting Server, as used in Symantec AntiVirus (SAV) ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2009-1431 (XFR.EXE in the Intel File Transfer service in the console in Symantec ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2009-1430 (Multiple stack-based buffer overflows in IAO.EXE in the Intel Alert ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2009-1429 (The Intel LANDesk Common Base Agent (CBA) in Symantec Alert Management ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2009-1428 (Multiple cross-site scripting (XSS) vulnerabilities in ccLgView.exe in ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2009-1427
 	RESERVED
 CVE-2009-1426
@@ -402,7 +402,7 @@
 CVE-2009-1440 (Incomplete blacklist vulnerability in DownloadListCtrl.cpp in amule ...)
 	- amule <unfixed> (low; bug #525078)
 CVE-2009-1348 (The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, ...)
-	TODO: check
+	NOT-FOR-US: Various AV junk
 CVE-2009-1347 (Multiple SQL injection vulnerabilities in stats/index.php in chCounter ...)
 	NOT-FOR-US: chCounter
 CVE-2009-1346 (SQL injection vulnerability in publico/ficha.php in NetHoteles 3.0 ...)




More information about the Secure-testing-commits mailing list