[Secure-testing-commits] r12914 - in data: CVE DSA
Giuseppe Iuculano
derevko-guest at alioth.debian.org
Fri Oct 2 08:07:14 UTC 2009
Author: derevko-guest
Date: 2009-10-02 08:07:14 +0000 (Fri, 02 Oct 2009)
New Revision: 12914
Modified:
data/CVE/list
data/DSA/list
Log:
- NFUs
- CVE-2009-3474 CVE-2009-3475 CVE-2009-3476 fixed in DSA-1895-1 and DSA-1896-1
- CVE-2009-3490: wget '\0' character issue
- chromium-browser itp
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-10-01 04:19:30 UTC (rev 12913)
+++ data/CVE/list 2009-10-02 08:07:14 UTC (rev 12914)
@@ -1,79 +1,85 @@
CVE-2009-3505 (SQL injection vulnerability in view_news.php in Vastal I-Tech MMORPG ...)
- TODO: check
+ NOT-FOR-US: Vastal I-Tech MMORPG Zone
CVE-2009-3504 (SQL injection vulnerability in offers_buy.php in Alibaba Clone 3.0 ...)
- TODO: check
+ NOT-FOR-US: Alibaba Clone
CVE-2009-3503 (Multiple SQL injection vulnerabilities in search.aspx in BPowerHouse ...)
- TODO: check
+ NOT-FOR-US: BPowerHouse BPHolidayLettings
CVE-2009-3502 (SQL injection vulnerability in music.php in BPowerHouse BPMusic 1.0 ...)
- TODO: check
+ NOT-FOR-US: BPowerHouse BPMusic
CVE-2009-3501 (SQL injection vulnerability in students.php in BPowerHouse BPStudents ...)
- TODO: check
+ NOT-FOR-US: BPowerHouse BPStudents
CVE-2009-3500 (Multiple SQL injection vulnerabilities in BPowerHouse BPGames 1.0 ...)
- TODO: check
+ NOT-FOR-US: BPowerHouse BPGames
CVE-2009-3499 (SQL injection vulnerability in employee.aspx in BPowerHouse ...)
- TODO: check
+ NOT-FOR-US: BPowerHouse BPLawyerCaseDocuments
CVE-2009-3498 (SQL injection vulnerability in php/update_article_hits.php in HBcms ...)
- TODO: check
+ NOT-FOR-US: HBcms
CVE-2009-3497 (SQL injection vulnerability in view_listing.php in Vastal I-Tech Agent ...)
- TODO: check
+ NOT-FOR-US: Vastal I-Tech Agent
CVE-2009-3496 (Cross-site scripting (XSS) vulnerability in view_mag.php in Vastal ...)
- TODO: check
+ NOT-FOR-US: Vastal I-Tech DVD Zone
CVE-2009-3495 (SQL injection vulnerability in view_mag.php in Vastal I-Tech DVD Zone ...)
- TODO: check
+ NOT-FOR-US: Vastal I-Tech DVD Zone
CVE-2009-3494 (Multiple SQL injection vulnerabilities in index.php in T-HTB Manager ...)
- TODO: check
+ NOT-FOR-US: T-HTB Manager
CVE-2009-3493 (Multiple cross-site scripting (XSS) vulnerabilities in Zenas ...)
- TODO: check
+ NOT-FOR-US: Zenas PaoBacheca Guestbook
CVE-2009-3492 (Multiple PHP remote file inclusion vulnerabilities in Loggix Project ...)
- TODO: check
+ NOT-FOR-US: Loggix Project
CVE-2009-3491 (SQL injection vulnerability in the Kinfusion SportFusion ...)
- TODO: check
+ NOT-FOR-US: Kinfusion SportFusion
CVE-2009-3490 (GNU Wget before 1.12 does not properly handle a '\0' character in a ...)
- TODO: check
+ - wget <unfixed> (medium; bug #549293)
CVE-2009-3489 (Adobe Photoshop Elements 8.0 installs the Adobe Active File Monitor V8 ...)
- TODO: check
+ NOT-FOR-US: Adobe Photoshop Elements
CVE-2009-3488 (Cross-site scripting (XSS) vulnerability in the Bibliography (aka ...)
- TODO: check
+ NOT-FOR-US: Drupal Bibliography Module
CVE-2009-3487 (Multiple cross-site scripting (XSS) vulnerabilities in the J-Web ...)
- TODO: check
+ NOT-FOR-US: J-Web interface in Juniper JUNOS
CVE-2009-3486 (Multiple cross-site scripting (XSS) vulnerabilities in the J-Web ...)
- TODO: check
+ NOT-FOR-US: J-Web interface in Juniper JUNOS
CVE-2009-3485 (Cross-site scripting (XSS) vulnerability in the J-Web interface in ...)
- TODO: check
+ NOT-FOR-US: J-Web interface in Juniper JUNOS
CVE-2009-3484 (Stack-based buffer overflow in Core FTP 2.1 build 1612 allows ...)
- TODO: check
+ NOT-FOR-US: Core FTP
CVE-2009-3483 (Heap-based buffer overflow in the Create New Site feature in ...)
- TODO: check
+ NOT-FOR-US: CuteFTP
CVE-2009-3482 (TrustPort Antivirus before 2.8.0.2266 and PC Security before ...)
- TODO: check
+ NOT-FOR-US: TrustPort Antivirus and PC Security
CVE-2009-3481 (A certain interface in the iCRM Basic (com_icrmbasic) component ...)
- TODO: check
+ NOT-FOR-US: Joomla component
CVE-2009-3480 (SQL injection vulnerability in the iCRM Basic (com_icrmbasic) ...)
- TODO: check
+ NOT-FOR-US: Joomla component
CVE-2009-3479 (Cross-site scripting (XSS) vulnerability in Bibliography (Biblio) 5.x ...)
- TODO: check
+ NOT-FOR-US: Bibliography
CVE-2009-3478 (Argument injection vulnerability in (1) ...)
- TODO: check
+ NOT-FOR-US: Bibliography
CVE-2009-3477 (The Blackberry Browser in RIM BlackBerry Device Software 4.5.0 before ...)
- TODO: check
+ NOT-FOR-US: Blackberry Browser in RIM BlackBerry Device Software
CVE-2009-3476 (Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 ...)
- TODO: check
+ - xmltooling 1.2.2-1
+ - opensaml <removed>
+ - shibboleth-sp <removed>
CVE-2009-3475 (Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and ...)
- TODO: check
+ - xmltooling 1.2.2-1
+ - opensaml <removed>
+ - shibboleth-sp <removed>
CVE-2009-3474 (OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by ...)
- TODO: check
+ - xmltooling 1.2.2-1
+ - opensaml <removed>
+ - shibboleth-sp <removed>
CVE-2009-3473 (IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER privilege ...)
- TODO: check
+ NOT-FOR-US: IBM DB2
CVE-2009-3472 (IBM DB2 8 before FP18, 9.1 before FP8, and 9.5 before FP4 allows ...)
- TODO: check
+ NOT-FOR-US: IBM DB2
CVE-2009-3471 (IBM DB2 8 before FP18, 9.1 before FP8, and 9.5 before FP4 does not ...)
- TODO: check
+ NOT-FOR-US: IBM DB2
CVE-2009-3470 (IBM Informix Dynamic Server (IDS) 10.00 before 10.00.xC11, 11.10 ...)
- TODO: check
+ NOT-FOR-US: IBM Informix Dynamic Server (IDS)
CVE-2009-3469 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: IBM Lotus Connections
CVE-2009-3468 (Multiple unspecified vulnerabilities in Common Desktop Environment ...)
- TODO: check
+ NOT-FOR-US: Common Desktop Environment (CDE) in Sun Solaris
CVE-2009-3467
RESERVED
CVE-2009-3466
@@ -95,27 +101,27 @@
CVE-2009-3458
RESERVED
CVE-2009-3457 (Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) ...)
- TODO: check
+ NOT-FOR-US: Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF)
CVE-2009-3456 (Google Chrome, possibly 3.0.195.21 and earlier, does not properly ...)
- TODO: check
+ - chromium-browser <itp> (bug #520324)
CVE-2009-3455 (Apple Safari, possibly before 4.0.3, on Mac OS X does not properly ...)
- TODO: check
+ NOT-FOR-US: Apple Safari
CVE-2009-3454 (Microsoft Internet Explorer does not properly handle a '\0' character ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-3453 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus ...)
- TODO: check
+ NOT-FOR-US: IBM Lotus Quickr
CVE-2009-3452 (WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allows remote ...)
- TODO: check
+ NOT-FOR-US: RADactive I-Load
CVE-2009-3451 (Directory traversal vulnerability in WebCoreModule.ashx in RADactive ...)
- TODO: check
+ NOT-FOR-US: RADactive
CVE-2009-3450 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: RADactive I-Load
CVE-2009-3449 (MP3 Collector 2.3 allows remote attackers to cause a denial of service ...)
- TODO: check
+ NOT-FOR-US: MP3 Collector
CVE-2009-3448 (npvmgr.exe in BakBone NetVault Backup 8.22 Build 29 allows remote ...)
- TODO: check
+ NOT-FOR-US: BakBone NetVault Backup
CVE-2009-3447 (Unrestricted file upload vulnerability in RADactive I-Load before ...)
- TODO: check
+ NOT-FOR-US: RADactive I-Load
CVE-2009-XXXX [ffmpeg missing input sanitization/crashes]
- ffmpeg <unfixed>
- ffmpeg-debian <removed>
@@ -2705,11 +2711,11 @@
CVE-2009-2684
RESERVED
CVE-2009-2683 (Unspecified vulnerability in the Sender module in HP Remote Graphics ...)
- TODO: check
+ NOT-FOR-US: HP Remote Graphics
CVE-2009-2682 (Unspecified vulnerability in Role-Based Access Control (RBAC) in HP ...)
NOT-FOR-US: HP-UX
CVE-2009-2681 (Unspecified vulnerability in HP ProCurve Identity Driven Manager (IDM) ...)
- TODO: check
+ NOT-FOR-US: HP ProCurve Identity Driven Manager
CVE-2009-2680 (Unspecified vulnerability in the Remote Management Interface (RMI) for ...)
NOT-FOR-US: HP StorageWorks
CVE-2009-2679
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2009-10-01 04:19:30 UTC (rev 12913)
+++ data/DSA/list 2009-10-02 08:07:14 UTC (rev 12914)
@@ -3,11 +3,13 @@
[etch] - horde3 3.1.3-4etch6
[lenny] - horde3 3.2.2+debian0-2+lenny1
[28 Sep 2009] DSA-1896-1 opensaml shibboleth-sp - potential code execution
+ {CVE-2009-3474 CVE-2009-3475 CVE-2009-3476}
[etch] - opensaml 1.1a-2+etch1
[etch] - shibboleth-sp 1.3f.dfsg1-2+etch1
[lenny] - opensaml 1.1.1-2+lenny1
[lenny] - shibboleth-sp 1.3.1.dfsg1-3+lenny1
[24 Sep 2009] DSA-1895-1 xmltooling - potential code execution
+ {CVE-2009-3474 CVE-2009-3475 CVE-2009-3476}
[lenny] - xmltooling 1.0-2+lenny1
[24 Sep 2009] DSA-1894-1 newt - arbitrary code execution
{CVE-2009-2905}
More information about the Secure-testing-commits
mailing list