[Secure-testing-commits] r11898 - in data: CVE DSA

Giuseppe Iuculano derevko-guest at alioth.debian.org
Fri May 15 08:17:12 UTC 2009 

Author: derevko-guest
Date: 2009-05-15 08:17:12 +0000 (Fri, 15 May 2009)
New Revision: 11898

Modified:
   data/CVE/list
   data/DSA/list
Log:
NFUs
CVE-2009-0195 already covered by DSA-1790-1


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-05-14 21:14:11 UTC (rev 11897)
+++ data/CVE/list	2009-05-15 08:17:12 UTC (rev 11898)
@@ -3,33 +3,33 @@
 CVE-2009-1628
 	RESERVED
 CVE-2009-1627 (Stack-based buffer overflow in Streaming Download Project (SDP) ...)
-	TODO: check
+	NOT-FOR-US: Streaming Download Project (SDP)
 CVE-2009-1626 (SQL injection vulnerability in public/specific.php in EZ-Blog before ...)
-	TODO: check
+	NOT-FOR-US: EZ-Blog
 CVE-2009-1625 (Directory traversal vulnerability in index.php in Thickbox Gallery 2 ...)
-	TODO: check
+	NOT-FOR-US: Thickbox Gallery 2
 CVE-2009-1624 (Directory traversal vulnerability in index.php in Dew-NewPHPLinks 2.0 ...)
-	TODO: check
+	NOT-FOR-US: Dew-NewPHPLinks 2.0
 CVE-2009-1623 (Cross-site scripting (XSS) vulnerability in index.php in ...)
-	TODO: check
+	NOT-FOR-US: Dew-NewPHPLinks 2.0
 CVE-2009-1622 (SQL injection vulnerability in user.php in EcShop 2.5.0 allows remote ...)
-	TODO: check
+	NOT-FOR-US: EcShop 2.5.0
 CVE-2009-1621 (Directory traversal vulnerability in index.php in OpenCart 1.1.8 ...)
-	TODO: check
+	NOT-FOR-US: OpenCart
 CVE-2009-1620 (Multiple cross-site scripting (XSS) vulnerabilities in input.php in ...)
-	TODO: check
+	NOT-FOR-US: MataChat
 CVE-2009-1619 (Teraway FileStream 1.0 allows remote attackers to bypass ...)
-	TODO: check
+	NOT-FOR-US: Teraway FileStream
 CVE-2009-1618 (Teraway LiveHelp 2.0 allows remote attackers to bypass authentication ...)
-	TODO: check
+	NOT-FOR-US: Teraway LiveHelp
 CVE-2009-1617 (Teraway LinkTracker 1.0 allows remote attackers to bypass ...)
-	TODO: check
+	NOT-FOR-US: Teraway LinkTracker
 CVE-2008-6808 (SQL injection vulnerability in links.php in Scripts for Sites (SFS) EZ ...)
-	TODO: check
+	NOT-FOR-US: SFS Link Directory
 CVE-2008-6807 (PHP remote file inclusion vulnerability in ListRecords.php in osprey ...)
-	TODO: check
+	NOT-FOR-US: osprey
 CVE-2008-6806 (Unrestricted file upload vulnerability in includes/imageupload.php in ...)
-	TODO: check
+	NOT-FOR-US: 7Shop
 CVE-2009-1616 (Cross-site scripting (XSS) vulnerability in docs/showdoc.php in ...)
 	NOT-FOR-US: Coppermine Photo Gallery
 CVE-2009-1615 (Unrestricted file upload vulnerability in Leap CMS 0.1.4 allows remote ...)
@@ -1766,7 +1766,7 @@
 CVE-2009-1138
 	RESERVED
 CVE-2009-1137 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2009-1136
 	RESERVED
 CVE-2009-1135
@@ -1778,13 +1778,13 @@
 CVE-2009-1132
 	RESERVED
 CVE-2009-1131 (Multiple stack-based buffer overflows in Microsoft Office PowerPoint ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2009-1130 (Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2009-1129 (Multiple stack-based buffer overflows in the PowerPoint 95 importer ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2009-1128 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2009-1127
 	RESERVED
 CVE-2009-1126
@@ -5324,21 +5324,21 @@
 CVE-2009-0228
 	RESERVED
 CVE-2009-0227 (Stack-based buffer overflow in the PowerPoint 4.2 conversion filter ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2009-0226 (Stack-based buffer overflow in the PowerPoint 4.2 conversion filter in ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2009-0225 (Microsoft Office PowerPoint 2002 SP3 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2009-0224 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2009-0223 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2009-0222 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2009-0221 (Integer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2009-0220 (Multiple stack-based buffer overflows in the PowerPoint 4.0 importer ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2009-0219 (The PDF distiller in the Attachment Service in Research in Motion ...)
 	NOT-FOR-US: BlackBerry
 CVE-2009-0218 (Insecure method vulnerability in Particle Software IntraLaunch ...)
@@ -5389,7 +5389,8 @@
 	{DTSA-198-1}
 	- ghostscript 8.64~dfsg-1.1 (medium; bug #524803)
 CVE-2009-0195 (Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, ...)
-	TODO: check
+	- xpdf <unfixed> (medium; bug #524809)
+	TODO: check poppler cups kdegraphics swftools
 CVE-2009-0194 (The domain-locking implementation in the ...)
 	NOT-FOR-US: Garmin Communicator Plug-In
 CVE-2009-0193 (Heap-based buffer overflow in Adobe Acrobat Reader 9 before 9.1, 8 ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2009-05-14 21:14:11 UTC (rev 11897)
+++ data/DSA/list	2009-05-15 08:17:12 UTC (rev 11898)
@@ -32,7 +32,7 @@
 	{CVE-2009-1482}
 	[lenny] - moin 1.7.1-3+lenny2
 [05 May 2009] DSA-1790-1 xpdf - multiple vulnerabilities
-	{CVE-2009-0146 CVE-2009-0147 CVE-2009-0165 CVE-2009-0166 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183}
+	{CVE-2009-0146 CVE-2009-0147 CVE-2009-0165 CVE-2009-0166 CVE-2009-0799 CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182 CVE-2009-1183 CVE-2009-0195}
 	[etch] - xpdf 3.01-9.1+etch6
 	[lenny] - xpdf 3.02-1.4+lenny1
 [04 May 2009] DSA-1789-1 php5 - several vulnerabilities

More information about the Secure-testing-commits mailing list