[Secure-testing-commits] r13340 - data/CVE
Giuseppe Iuculano
derevko-guest at alioth.debian.org
Sat Nov 21 13:39:14 UTC 2009
Author: derevko-guest
Date: 2009-11-21 13:39:13 +0000 (Sat, 21 Nov 2009)
New Revision: 13340
Modified:
data/CVE/list
Log:
NFUs
CVE-2009-3978 fixed in xulrunner 1.9.1.5-1
CVE-2009-3941, CVE-2009-3942, msmtp and mpop are not affected
CVE-2009-3940: fixed in virtualbox-guest-additions 3.0.10-1
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-11-21 11:46:20 UTC (rev 13339)
+++ data/CVE/list 2009-11-21 13:39:13 UTC (rev 13340)
@@ -19,7 +19,7 @@
CVE-2009-4007
RESERVED
CVE-2009-4006 (Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft ...)
- TODO: check
+ NOT-FOR-US: Serv-U FTP server
CVE-2009-4005 (The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the ...)
- linux-2.6 <unfixed>
- linux-2.6.24 <removed>
@@ -75,36 +75,36 @@
CVE-2009-3979
RESERVED
CVE-2009-3978 (The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2.cpp ...)
- - xulrunner <unfixed>
+ - xulrunner 1.9.1.5-1
TODO: check
CVE-2009-3977 (Multiple buffer overflows in a certain ActiveX control in ...)
- TODO: check
+ NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-3976 (Buffer overflow in Labtam ProFTP 2.9 allows remote FTP servers to ...)
- TODO: check
+ NOT-FOR-US: Labtam ProFTP
CVE-2009-3975 (SQL injection vulnerability in index.php in Moa Gallery 1.1.0 and ...)
- TODO: check
+ NOT-FOR-US: Moa Gallery
CVE-2009-3974 (Multiple SQL injection vulnerabilities in Invision Power Board (IPB or ...)
NOT-FOR-US: Invision Power Board
CVE-2009-3973 (SQL injection vulnerability in index.php in Turnkey Arcade Script ...)
- TODO: check
+ NOT-FOR-US: Turnkey Arcade Script
CVE-2009-3972 (SQL injection vulnerability in the Q-Proje Siirler Bileseni ...)
- TODO: check
+ NOT-FOR-US: component for Joomla!
CVE-2009-3971 (SQL injection vulnerability in the jTips (com_jtips) component 1.0.7 ...)
- TODO: check
+ NOT-FOR-US: component for Joomla!
CVE-2009-3970 (SQL injection vulnerability in index.php in PHP Dir Submit (aka ...)
- TODO: check
+ NOT-FOR-US: PHP Dir Submit
CVE-2009-3969 (Stack-based buffer overflow in Faslo Player 7.0 allows remote ...)
- TODO: check
+ NOT-FOR-US: Faslo Player
CVE-2009-3968 (Multiple SQL injection vulnerabilities in ITechBids 8.0 allow remote ...)
- TODO: check
+ NOT-FOR-US: ITechBids
CVE-2009-3967 (SQL injection vulnerability in browse.php in Ed Charkow SuperCharged ...)
- TODO: check
+ NOT-FOR-US: Ed Charkow SuperCharged Linking
CVE-2009-3966 (Arcade Trade Script 1.0 allows remote attackers to bypass ...)
- TODO: check
+ NOT-FOR-US: Arcade Trade Script
CVE-2009-3965 (SQL injection vulnerability in rating.php in New 5 star Rating 1.0 ...)
- TODO: check
+ NOT-FOR-US: New 5 star Rating
CVE-2009-3964 (SQL injection vulnerability in the NinjaMonials (com_ninjacentral) ...)
- TODO: check
+ NOT-FOR-US: component for Joomla!
CVE-2009-XXXX [ngingx webdav directory traversal]
- nginx <unfixed> (low)
TODO: check
@@ -173,12 +173,11 @@
CVE-2009-3943 (Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-3942 (Martin Lambers msmtp before 1.4.19, when OpenSSL is used, does not ...)
- TODO: check
+ - msmtp <not-affected> (uses GnuTLS and not OpenSSL; bug #557324)
CVE-2009-3941 (Martin Lambers mpop before 1.0.19, when OpenSSL is used, does not ...)
- TODO: check
+ - mpop <not-affected> (uses GnuTLS and not OpenSSL; bug #557326)
CVE-2009-3940 (Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox ...)
- - virtualbox-guest-additions
- TODO: check
+ - virtualbox-guest-additions 3.0.10-1
CVE-2009-3939 (The poll_mode_io file for the megaraid_sas driver in the Linux kernel ...)
- linux-2.6 <unfixed> (low)
- linux-2.6.24 <removed> (low)
@@ -297,11 +296,9 @@
CVE-2009-3893
RESERVED
CVE-2009-3891 (Cross-site scripting (XSS) vulnerability in wp-admin/press-this.php in ...)
- - wordpress 2.8.6-1
- TODO: check
+ - wordpress 2.8.6-1 (low)
CVE-2009-3890 (Unrestricted file upload vulnerability in the wp_check_filetype ...)
- - wordpress 2.8.6-1
- TODO: check
+ - wordpress 2.8.6-1 (low)
CVE-2009-3889 (The dbg_lvl file for the megaraid_sas driver in the Linux kernel ...)
- linux-2.6 2.6.27-1 (low)
- linux-2.6.24 <removed> (low)
More information about the Secure-testing-commits
mailing list