[Secure-testing-commits] r13357 - data/CVE

[Raphael Geissert]

Author: geissert
Date: 2009-11-24 00:52:56 +0000 (Tue, 24 Nov 2009)
New Revision: 13357

Modified:
   data/CVE/list
Log:
some issues were CVEified


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-11-23 21:14:17 UTC (rev 13356)
+++ data/CVE/list	2009-11-24 00:52:56 UTC (rev 13357)
@@ -56,8 +56,8 @@
 	RESERVED
 CVE-2009-4018
 	RESERVED
-CVE-2009-4017
-	RESERVED
+	- php5 <unfixed> (unimportant)
+	NOTE: safe_mode bypass
 CVE-2005-4883 (Race condition in Philippe Jounin Tftpd32 before 2.80 allows remote ...)
 	TODO: check
 CVE-2005-4882 (tftpd in Philippe Jounin Tftpd32 2.74 and earlier, as used in Wyse ...)
@@ -169,16 +169,16 @@
 	NOT-FOR-US: New 5 star Rating
 CVE-2009-3964 (SQL injection vulnerability in the NinjaMonials (com_ninjacentral) ...)
 	NOT-FOR-US: component for Joomla!
-CVE-2009-XXXX [ngingx webdav directory traversal]
+CVE-2009-3898 [ngingx webdav directory traversal]
 	- nginx 0.7.63-1 (low; bug #557389)
 	[etch] - nginx <no-dsa> (upload rights required)
 	[lenny] - nginx <no-dsa> (upload rights required)
-CVE-2009-XXXX [dovecot 0777 base_dir creation]
+CVE-2009-3897 [dovecot 0777 base_dir creation]
 	- dovecot <unfixed> (medium; bug #557601)
 	[lenny] - dovecot <not-affected> (Only affects 1.2.x)
 	[etch] - dovecot <not-affected> (Only affects 1.2.x)
 	NOTE: http://www.dovecot.org/list/dovecot-news/2009-November/000143.html, CVE requested on oss-sec
-CVE-2009-XXXX [php temporary files exhaustion DoS]
+CVE-2009-4017 [php temporary files exhaustion DoS]
 	- php5 5.2.11.dfsg.1-2 (medium)
 	- php4 <unfixed> (medium)
 	NOTE: workarounds include using 5.3.1 or php5-suhosin
@@ -345,10 +345,6 @@
 	NOT-FOR-US: IBM PowerHA
 CVE-2009-3899 (Memory leak in the Sockets Direct Protocol (SDP) driver in Sun Solaris ...)
 	NOT-FOR-US: Sun Solaris
-CVE-2009-3898
-	RESERVED
-CVE-2009-3897
-	RESERVED
 CVE-2009-3896
 	RESERVED
 	{DSA-1920-1}