[Secure-testing-commits] r11983 - data/CVE

Giuseppe Iuculano derevko-guest at alioth.debian.org
Thu May 28 06:57:47 UTC 2009 

Author: derevko-guest
Date: 2009-05-28 06:57:46 +0000 (Thu, 28 May 2009)
New Revision: 11983

Modified:
   data/CVE/list
Log:
NFUs
CVE-2009-1195 is disclosed in RHSA-2009-1075, apache2 is affected.


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-05-27 21:14:12 UTC (rev 11982)
+++ data/CVE/list	2009-05-28 06:57:46 UTC (rev 11983)
@@ -3,7 +3,7 @@
 CVE-2009-1797
 	RESERVED
 CVE-2009-1796 (Cross-site scripting (XSS) vulnerability in Sun Java System Portal ...)
-	TODO: check
+	NOT-FOR-US: Sun Java System Portal Server
 CVE-2009-1795
 	RESERVED
 CVE-2009-1794
@@ -13,11 +13,11 @@
 CVE-2009-1792
 	RESERVED
 CVE-2009-1790 (Cross-site scripting (XSS) vulnerability in CGI RESCUE Trees before ...)
-	TODO: check
+	NOT-FOR-US: CGI Rescue Trees
 CVE-2009-1787 (Multiple SQL injection vulnerabilities in PHP Dir Submit (aka ...)
-	TODO: check
+	NOT-FOR-US: PHP Dir Submit
 CVE-2009-1786 (The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows local users ...)
-	TODO: check
+	NOT-FOR-US: IBM AIX libc
 CVE-2009-1785 (Cross-site scripting (XSS) vulnerability in Ulteo Open Virtual Desktop ...)
 	NOT-FOR-US: Ulteo Open Virtual Desktop
 CVE-2009-1784 (The AVG parsing engine 8.5 323, as used in multiple AVG anti-virus ...)
@@ -85,7 +85,7 @@
 	[lenny] - transmission <not-affected> (Vulnerable code not present, the web interface was introduced in 1.30)
 	[etch] - transmission <not-affected> (Vulnerable code not present, the web interface was introduced in 1.30)
 CVE-2009-1754 (The PackageManagerService class in ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2009-1752 (exJune Office Message System 1 does not properly restrict access to ...)
 	NOT-FOR-US: exJune Office Message System
 CVE-2009-1751 (SQL injection vulnerability in list_list.php in Realty Webware ...)
@@ -353,11 +353,11 @@
 	[etch] - kdebase <not-affected> (vulnerability introduced in konqueror 4)
 	[lenny] - kdebase <not-affected> (vulnerability introduced in konqueror 4)
 CVE-2009-1636 (Multiple buffer overflows in the Internet Agent (aka GWIA) component ...)
-	TODO: check
+	NOT-FOR-US: Novell GroupWise
 CVE-2009-1635 (Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess ...)
 	NOT-FOR-US: Novell GroupWise
 CVE-2009-1634 (The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and ...)
-	TODO: check
+	NOT-FOR-US: Novell GroupWise
 CVE-2009-1633 [CIFS Unicode issue]
 	RESERVED
 	- linux-2.6 <unfixed>
@@ -1971,8 +1971,9 @@
 	RESERVED
 CVE-2009-1196
 	RESERVED
-CVE-2009-1195
+CVE-2009-1195 [apache2: Apache HTTP Server AllowOverride Options Security Bypass]
 	RESERVED
+	- apache2 <unfixed> (low; bug #530834)
 CVE-2009-1194 (Integer overflow in the pango_glyph_string_set_size function in ...)
 	{DSA-1798-1}
 	- pango1.0 1.24.0-2 (medium; bug #527474)

More information about the Secure-testing-commits mailing list