[Secure-testing-commits] r13246 - data/CVE

Mon Nov 9 11:36:24 UTC 2009

Author: nion
Date: 2009-11-09 11:36:24 +0000 (Mon, 09 Nov 2009)
New Revision: 13246

Modified:
   data/CVE/list
Log:
- NFU
- vmware removed
- new mozilla issue (CVE-2009-3371)
- adjust snort impact (CVE-2009-3641)


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2009-11-09 03:36:28 UTC (rev 13245)
+++ data/CVE/list	2009-11-09 11:36:24 UTC (rev 13246)
@@ -15,7 +15,7 @@
 CVE-2009-3856 (Cross-site scripting (XSS) vulnerability in the default URI in news/ ...)
 	NOT-FOR-US: Twilight CMS
 CVE-2009-3855 (Multiple unspecified vulnerabilities in the (1) UNIX and (2) Linux ...)
-	TODO: check
+	NOT-FOR-US: IBM Tivoli Storage Manager
 CVE-2009-3854 (Buffer overflow in the traditional client scheduler in the client in ...)
 	NOT-FOR-US: IBM Tivoli Storage Manager
 CVE-2009-3853 (Buffer overflow in the client acceptor daemon (CAD) scheduler in the ...)
@@ -292,7 +292,7 @@
 CVE-2009-XXXX [mandos 0600 file being included in initrd]
 	- mandos 1.0.13-1 (bug #551907)
 CVE-2009-3733 (Directory traversal vulnerability in VMware Server 1.x before 1.0.10 ...)
-	TODO: check
+	- vmware-package <removed>
 CVE-2009-3732
 	RESERVED
 CVE-2009-3731
@@ -546,7 +546,8 @@
 CVE-2009-3642 (Multiple SQL injection vulnerabilities in the Call Logging feature in ...)
 	NOT-FOR-US: FrontRange HEAT
 CVE-2009-3641 (Snort before 2.8.5.1, when the -v option is enabled, allows remote ...)
-	- snort <unfixed> (medium; bug #553584)
+	- snort <unfixed> (low; bug #553584)
+	NOTE: -v is usually not used as it's slow and is only for debugging purposes
 CVE-2009-3640 (The update_cr8_intercept function in arch/x86/kvm/x86.c in the KVM ...)
 	- linux-2.6 <unfixed> (medium)
 	[etch] - linux-2.6 <not-affected> (introduced in 2.6.25)
@@ -1053,13 +1054,13 @@
 CVE-2009-3467
 	RESERVED
 CVE-2009-3466 (Adobe Shockwave Player before 11.5.2.602 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Adobe Shockwave Player
 CVE-2009-3465 (Adobe Shockwave Player before 11.5.2.602 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Adobe Shockwave Player
 CVE-2009-3464 (Adobe Shockwave Player before 11.5.2.602 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Adobe Shockwave Player
 CVE-2009-3463 (Array index error in Adobe Shockwave Player before 11.5.2.602 allows ...)
-	TODO: check
+	NOT-FOR-US: Adobe Shockwave Player
 CVE-2009-3462 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...)
 	NOT-FOR-US: Adobe
 CVE-2009-3461 (Unspecified vulnerability in Adobe Acrobat 9.x before 9.2 allows ...)
@@ -1299,7 +1300,10 @@
 	- xulrunner 1.9.1.4-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
 CVE-2009-3371 (Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 ...)
-	TODO: check
+	- icedove <unfixed> (bug #555313)
+	- iceweasel 3.5.4-1
+	- xulrunner 1.9.1.4-1
+	- kompozer <unfixed> (bug #555326)
 CVE-2009-3370 (Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote ...)
 	{DSA-1922-1}
 	- xulrunner 1.9.1.4-1
@@ -2441,7 +2445,7 @@
 CVE-2009-3032
 	RESERVED
 CVE-2009-3031 (Stack-based buffer overflow in the BrowseAndSaveFile method in the ...)
-	TODO: check
+	NOT-FOR-US: Symantec Altiris Notification Server
 CVE-2009-3030 (Cross-site scripting (XSS) vulnerability in Symantec ...)
 	NOT-FOR-US: Symantec SecurityExpressions Audit and Compliance Server
 CVE-2009-3029 (Cross-site scripting (XSS) vulnerability in the console in Symantec ...)
@@ -5078,7 +5082,7 @@
 CVE-2009-2268 (Cross-site scripting (XSS) vulnerability in the Cross-Domain ...)
 	NOT-FOR-US: Sun Java System Access Manager
 CVE-2009-2267 (VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player ...)
-	TODO: check
+	- vmware-package <removed>
 CVE-2009-2266 (OXID eShop 4.x before 4.1.4-21266, 3.x, and 2.x allows remote ...)
 	NOT-FOR-US: OXID eShop
 CVE-2009-2281 (Multiple heap-based buffer underflows in the readPostBody function in ...)


