[Secure-testing-commits] r13165 - in data: . CVE

Giuseppe Iuculano derevko-guest at alioth.debian.org
Sun Nov 1 10:45:03 UTC 2009 

Author: derevko-guest
Date: 2009-11-01 10:45:03 +0000 (Sun, 01 Nov 2009)
New Revision: 13165

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
- wireshark issues
- CVE-2009-3765: mutt not-affected, our mutt is linked against gnutls
- CVE-2009-3641: DoS while printing specially-crafted IPv6 packet using the -v option in snort
- CVE-2009-3616: Multiple use-after-free vulnerabilities in qemu and kvm
- CVE-2006-5031: fixed in cakephp 1.1.13.4450-1
- CVE-2006-4067: fixed in cakephp 1.1.13.4450-1


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-11-01 09:01:09 UTC (rev 13164)
+++ data/CVE/list	2009-11-01 10:45:03 UTC (rev 13165)
@@ -5,7 +5,7 @@
 CVE-2009-3830 (The download functionality in Team Services in Microsoft Office ...)
 	NOT-FOR-US: Microsoft
 CVE-2009-3829 (Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows ...)
-	TODO: check
+	- wireshark 1.2.2-1 (bug #553583)
 CVE-2009-3828 (The web interface for Everfocus EDR1600 DVR allows remote attackers to ...)
 	NOT-FOR-US: Everfocus EDR1600 DVR
 CVE-2009-3827
@@ -159,13 +159,11 @@
 	RESERVED
 CVE-2009-3767 (libraries/libldap/tls_o.c in OpenLDAP, when OpenSSL is used, does not ...)
 	- openldap <unfixed> (medium; bug #553432)
-	TODO: check
 CVE-2009-3766 (mutt_ssl.c in mutt 1.5.16, when OpenSSL is used, does not verify the ...)
 	- mutt <unfixed> (medium; bug #553433)
 CVE-2009-3765 (mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not ...)
-	- mutt <unfixed>
-	TODO: check
-	NOTE: probably not an issue, as our mutt is linked against gnutls
+	- mutt <not-affected> (uses GnuTLS and not OpenSSL)
+	NOTE: our mutt is linked against gnutls
 CVE-2009-3764
 	RESERVED
 CVE-2009-3763
@@ -477,7 +475,7 @@
 CVE-2009-3642 (Multiple SQL injection vulnerabilities in the Call Logging feature in ...)
 	NOT-FOR-US: FrontRange HEAT
 CVE-2009-3641 (Snort before 2.8.5.1, when the -v option is enabled, allows remote ...)
-	TODO: check
+	- snort <unfixed> (medium; bug #553584)
 CVE-2009-3640 (The update_cr8_intercept function in arch/x86/kvm/x86.c in the KVM ...)
 	- linux-2.6 <unfixed> (medium)
 	[etch] - linux-2.6 <not-affected> (introduced in 2.6.25)
@@ -564,8 +562,11 @@
 CVE-2009-3617 (Format string vulnerability in the AbstractCommand::onAbort function ...)
 	- aria2 1.6.2-1 (low)
 CVE-2009-3616 (Multiple use-after-free vulnerabilities in vnc.c in the VNC server in ...)
-	- qemu <unfixed>
-	TODO: check
+	- qemu <unfixed> (medium; bug #553589)
+	[lenny] - qemu <not-affected> (Vulnerable code not present)
+	[etch] - qemu <not-affected> (Vulnerable code not present)
+	- kvm <unfixed> (medium; bug #553590)
+	[lenny] - kvm <not-affected> (Vulnerable code not present)
 CVE-2009-3615 (The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and ...)
 	- pidgin 2.6.3-1
 	NOTE: http://pidgin.im/news/security/?id=41
@@ -737,16 +738,13 @@
 CVE-2009-3552
 	RESERVED
 CVE-2009-3551 (Off-by-one error in the dissect_negprot_response function in ...)
-	- wireshark <unfixed>
-	TODO: check
+	- wireshark <unfixed> (low; bug #553583)
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2009-07.html
 CVE-2009-3550 (The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 ...)
-	- wireshark <unfixed>
-	TODO: check
+	- wireshark <unfixed> (low; bug #553583)
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2009-07.html
 CVE-2009-3549 (packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through ...)
-	- wireshark <unfixed>
-	TODO: check
+	- wireshark <unfixed> (low; bug #553583)
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2009-07.html
 CVE-2009-3548
 	RESERVED
@@ -48789,8 +48787,7 @@
 CVE-2006-5032 (PHP remote file inclusion vulnerability in dix.php3 in PHPartenaire ...)
 	NOT-FOR-US: PHPartenaire
 CVE-2006-5031 (Directory traversal vulnerability in app/webroot/js/vendors.php in ...)
-	- cakephp <unfixed>
-	TODO: check
+	- cakephp 1.1.13.4450-1
 CVE-2006-5030 (SQL injection vulnerability in modules/messages/index.php in exV2 ...)
 	NOT-FOR-US: exV2
 CVE-2006-5029 (SQL injection vulnerability in thread.php in WoltLab Burning Board ...)
@@ -51003,8 +51000,7 @@
 CVE-2006-4068 (The pswd.js script relies on the client to calculate whether a ...)
 	NOT-FOR-US: pswd.js
 CVE-2006-4067 (Cross-site scripting (XSS) vulnerability in cake/libs/error.php in ...)
-	- cakephp <unfixed>
-	TODO: check
+	- cakephp 1.1.13.4450-1
 CVE-2006-4066 (The Graphical Device Interface Plus library (gdiplus.dll) in Microsoft ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-4065 (Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko ...)

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2009-11-01 09:01:09 UTC (rev 13164)
+++ data/spu-candidates.txt	2009-11-01 10:45:03 UTC (rev 13165)
@@ -287,13 +287,6 @@
 
 --
 
-smarty (CVE-2009-1669)
-#529810
-http://groups.google.com/group/smarty-svn/browse_thread/thread/b2da2e5d1ef8b462
-notified maintainer
-
---
-
 tau (CVE-2008-5157)
 #506348
 notified maintainer

More information about the Secure-testing-commits mailing list