[Secure-testing-commits] r13164 - data/CVE

Giuseppe Iuculano derevko-guest at alioth.debian.org
Sun Nov 1 09:01:22 UTC 2009 

Author: derevko-guest
Date: 2009-11-01 09:01:09 +0000 (Sun, 01 Nov 2009)
New Revision: 13164

Modified:
   data/CVE/list
Log:
- NFUs
- mutt and openssl issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-10-31 21:12:50 UTC (rev 13163)
+++ data/CVE/list	2009-11-01 09:01:09 UTC (rev 13164)
@@ -1,13 +1,13 @@
 CVE-2009-3832 (Opera before 10.01 on Windows does not prevent use of Web fonts in ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2009-3831 (Opera before 10.01 allows remote attackers to execute arbitrary code ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2009-3830 (The download functionality in Team Services in Microsoft Office ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2009-3829 (Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows ...)
 	TODO: check
 CVE-2009-3828 (The web interface for Everfocus EDR1600 DVR allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Everfocus EDR1600 DVR
 CVE-2009-3827
 	RESERVED
 CVE-2009-3826 (Multiple buffer overflows in squidGuard 1.4 allow remote attackers to ...)
@@ -53,7 +53,7 @@
 CVE-2009-3806 (SQL injection vulnerability in feedback_js.php in DedeCMS 5.1 allows ...)
 	NOT-FOR-US: DedeCMS
 CVE-2009-3805 (gpg2.exe in Gpg4win 2.0.1, as used in KDE Kleopatra 2.0.11, allows ...)
-	TODO: check
+	NOT-FOR-US: Gpg4win
 	NOTE: looks like an issue in gpg2 for windows (gpg4win.org), not specific
 	NOTE: to kleopatra
 CVE-2009-3804 (Multiple SQL injection vulnerabilities in modules/forum/post.php in ...)
@@ -158,13 +158,10 @@
 CVE-2009-3768
 	RESERVED
 CVE-2009-3767 (libraries/libldap/tls_o.c in OpenLDAP, when OpenSSL is used, does not ...)
-	- openldap <unfixed>
+	- openldap <unfixed> (medium; bug #553432)
 	TODO: check
 CVE-2009-3766 (mutt_ssl.c in mutt 1.5.16, when OpenSSL is used, does not verify the ...)
-	- mutt <unfixed>
-	TODO: check
-	NOTE: probably not an issue, etch has 1.5.13-1.1 and lenny has 1.5.18-6
-	NOTE: but it is not enough to rule them out
+	- mutt <unfixed> (medium; bug #553433)
 CVE-2009-3765 (mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not ...)
 	- mutt <unfixed>
 	TODO: check

More information about the Secure-testing-commits mailing list