[Secure-testing-commits] r13384 - in data: CVE DSA

[Raphael Geissert]

Author: geissert
Date: 2009-11-26 16:03:57 +0000 (Thu, 26 Nov 2009)
New Revision: 13384

Modified:
   data/CVE/list
   data/DSA/list
Log:
cacti CVEified
add missing CVE fixed in recent php5 DSA
CVE-2009-2626 not fixed in etch


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-11-26 09:54:38 UTC (rev 13383)
+++ data/CVE/list	2009-11-26 16:03:57 UTC (rev 13384)
@@ -52,7 +52,13 @@
 	TODO: check
 CVE-2009-4047 (Multiple cross-site scripting (XSS) vulnerabilities in PHD Help Desk ...)
 	TODO: check
-CVE-2009-XXXX [Cacti Multiple Script Insertion Vulnerabilities]
+CVE-2009-XXXX [Cacti priviledge scalation]
+	- cacti <unfixed> (low)
+	TODO: check
+	NOTE: 4B0E1566.1070509 at moritz-naumann.com in bugtraq
+	NOTE: low or maybe even unimportant as one requires admin access
+	NOTE: to cacti
+CVE-2009-4032 [Cacti Multiple Script Insertion Vulnerabilities]
 	- cacti <unfixed>
 	TODO: check
 	NOTE: http://docs.cacti.net/#cross-site_scripting_fixes
@@ -85,8 +91,6 @@
 	RESERVED
 CVE-2009-4033
 	RESERVED
-CVE-2009-4032
-	RESERVED
 CVE-2009-4031 [linux-2.6/kvm dos]
 	RESERVED
 	- linux-2.6 <unfixed> (low)
@@ -4273,10 +4277,11 @@
 	[etch] - xscreensaver <no-dsa> (Minor issue)
 	[lenny] - xscreensaver <no-dsa> (Minor issue)
 	TODO: next point release [lenny] - xscreensaver 5.05-3+lenny1
-CVE-2009-2626 [php5: remote information disclosure]
+CVE-2009-2626 [php5: remote memory disclosure]
 	RESERVED
 	{DSA-1940-1}
 	- php5 5.2.11.dfsg.1-1 (low; bug #540605)
+	[etch] - php5 <no-dsa> (too risky to fix it there)
 	TODO: check php4
 	NOTE: requires the script itself to set and then restore a config var
 CVE-2009-XXXX [php5: 'open_basedir' bypass]

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2009-11-26 09:54:38 UTC (rev 13383)
+++ data/DSA/list	2009-11-26 16:03:57 UTC (rev 13384)
@@ -2,7 +2,7 @@
 	{CVE-2009-0755 CVE-2009-3603 CVE-2009-3604 CVE-2009-3605 CVE-2009-3606 CVE-2009-3607 CVE-2009-3608 CVE-2009-3609 CVE-2009-3938}
 	[lenny] - poppler 0.8.7-3
 [25 Nov 2009] DSA-1940-1 php5 - multiple issues
-	{CVE-2009-2626 CVE-2009-2687 CVE-2009-3291 CVE-2009-3292}
+	{CVE-2009-2626 CVE-2009-2687 CVE-2009-3291 CVE-2009-3292 CVE-2009-4017}
 	[etch] - php5 5.2.0+dfsg-8+etch16
 	[lenny] - php5 5.2.6.dfsg.1-1+lenny4
 [24 Nov 2009] DSA-1939-1 libvorbis - several vulnerabilities