[Secure-testing-commits] r11850 - in data: . CVE DSA

Sat May 9 13:06:05 UTC 2009

Author: jmm-guest
Date: 2009-05-09 13:06:05 +0000 (Sat, 09 May 2009)
New Revision: 11850

Modified:
   data/CVE/list
   data/DSA/list
   data/ospu-candidates.txt
   data/spu-candidates.txt
Log:
- CVE-2009-0164 won't be fixed in spu updates
- fix date in DSA list
- new minor hex-a-hop issue
- fix jetty issue, why was this marked unimportant?


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2009-05-09 13:01:39 UTC (rev 11849)
+++ data/CVE/list	2009-05-09 13:06:05 UTC (rev 11850)
@@ -1,3 +1,6 @@
+CVE-2009-XXXX [hex-a-hop: buffer overflow in loading save games]
+	- hex-a-hop <unfixed> (low)
+	[lenny] - hex-a-hop <no-dsa> (Minor issue, very obscure attack vector)
 CVE-2009-1587 (index.php in PHP Site Lock 2.0 allows remote attackers to bypass ...)
 	NOT-FOR-US: PHP Site Lock
 CVE-2009-1586 (Stack-based buffer overflow in the NZB importer feature in GrabIt ...)
@@ -163,10 +166,9 @@
 	NOT-FOR-US: Directadmin
 CVE-2009-1524 (Cross-site scripting (XSS) vulnerability in Mort Bay Jetty before ...)
 	- jetty <unfixed> (low; bug #527571)
-	NOTE: only in unstable, only in contrib, fairly unmaintained
 CVE-2009-1523 (Directory traversal vulnerability in the HTTP server in Mort Bay Jetty ...)
-	- jetty <unfixed> (unimportant)
-	NOTE: only in unstable, only in contrib, fairly unmaintained
+	- jetty <unfixed>
+	TODO: file bug
 CVE-2009-1522 (The IBM Tivoli Storage Manager (TSM) client 5.5.0.0 through 5.5.1.17 ...)
 	NOT-FOR-US: Tivoli
 CVE-2009-1521 (Unspecified vulnerability in the Java GUI in the IBM Tivoli Storage ...)
@@ -457,7 +459,7 @@
 CVE-2009-1437 (Stack-based buffer overflow in PortableApps CoolPlayer Portable (aka ...)
 	NOT-FOR-US: CoolPlayer
 CVE-2009-1436 (The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and ...)
-	- kfreebsd-7 <not-affected> (kfreebsd uses a different libc version)
+	- kfreebsd-7 <not-affected> (Debian/kfreebsd uses glibc)
 CVE-2009-1435 (NTRtScan.exe in Trend Micro OfficeScan Client 8.0 SP1 and 8.0 SP1 ...)
 	NOT-FOR-US: Trend Micro OfficeScan
 CVE-2009-1434 (Cross-site request forgery (CSRF) vulnerability in Foswiki before ...)
@@ -1038,7 +1040,7 @@
 CVE-2009-1265 (Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the Linux ...)
 	{DSA-1794-1 DSA-1787-1}
 	- linux-2.6 2.6.29-4
-	- linux-2.6.24 <unfixed>
+	- linux-2.6.24 <removed>
 CVE-2009-1264 (Frontend User Registration (sr_feuser_register) extension 2.5.20 and ...)
 	NOT-FOR-US: Frontend User Registration (sr_feuser_register) extension
 CVE-2009-1263 (SQL injection vulnerability in sub_commententry.php in the BookJoomlas ...)
@@ -1157,7 +1159,7 @@
 	{DSA-1787-1}
 	- linux-2.6 <unfixed>
 	[etch] - linux-2.6 <not-affected> (Doesn't include KVM yet)
-	- linux-2.6.24 <unfixed>
+	- linux-2.6.24 <removed>
 CVE-2008-6656 (Multiple SQL injection vulnerabilities in Open Auto Classifieds 1.4.3b ...)
 	NOT-FOR-US: Open Auto Classifieds
 CVE-2008-6655 (Multiple cross-site scripting (XSS) vulnerabilities in GEDCOM_TO_MYSQL ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2009-05-09 13:01:39 UTC (rev 11849)
+++ data/DSA/list	2009-05-09 13:06:05 UTC (rev 11850)
@@ -1,7 +1,7 @@
 [09 May 2009] DSA-1797-1 xulrunner - several vulnerabilities
 	{CVE-2009-0652 CVE-2009-1302 CVE-2009-1303 CVE-2009-1304 CVE-2009-1305 CVE-2009-1306 CVE-2009-1307 CVE-2009-1308 CVE-2009-1309 CVE-2009-1311 CVE-2009-1312}
 	[lenny] - xulrunner 1.9.0.9-0lenny2
-[07 Apr 2009] DSA-1796-1 libwmf - denial of service
+[07 May 2009] DSA-1796-1 libwmf - denial of service
 	{CVE-2009-1364}
 	[etch] - libwmf 0.2.8.4-2+etch1
 	[lenny] - libwmf 0.2.8.4-6+lenny1

Modified: data/ospu-candidates.txt
===================================================================
--- data/ospu-candidates.txt	2009-05-09 13:01:39 UTC (rev 11849)
+++ data/ospu-candidates.txt	2009-05-09 13:06:05 UTC (rev 11850)
@@ -135,7 +135,7 @@
 
 --
 
-cupsys (CVE-2009-0164 CVE-2008-5377)
+cupsys (CVE-2008-5377)
 
 --
 

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2009-05-09 13:01:39 UTC (rev 11849)
+++ data/spu-candidates.txt	2009-05-09 13:06:05 UTC (rev 11850)
@@ -27,11 +27,6 @@
 
 --
 
-cups (CVE-2009-0164)
-notified maintainer
-
---
-
 kvm 82-1 (CVE-2008-5714)
 #509997
 


