[Secure-testing-commits] r13013 - in data: . CVE
Giuseppe Iuculano
derevko-guest at alioth.debian.org
Wed Oct 14 07:31:39 UTC 2009
Author: derevko-guest
Date: 2009-10-14 07:31:39 +0000 (Wed, 14 Oct 2009)
New Revision: 13013
Modified:
data/CVE/list
data/ospu-candidates.txt
data/spu-candidates.txt
Log:
- NFUs
- spu notifications
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-10-14 02:15:29 UTC (rev 13012)
+++ data/CVE/list 2009-10-14 07:31:39 UTC (rev 13013)
@@ -5,11 +5,11 @@
[etch] - python-django <not-affected> (introduced in 1.0)
[lenny] - python-django 1.0.2-1+lenny2
CVE-2009-3694 (Directory traversal vulnerability in config/config.php in ezRecipe-Zee ...)
- TODO: check
+ NOT-FOR-US: ezRecipe-Zee 91
CVE-2009-3693 (Directory traversal vulnerability in the Persits.XUpload.2 ActiveX ...)
- TODO: check
+ NOT-FOR-US: Persits.XUpload.2 ActiveX
CVE-2009-3691 (Multiple integer overflows in setnet32.exe 3.50.0.13752 in IBM ...)
- TODO: check
+ NOT-FOR-US: IBM Informix Client SDK
CVE-2009-3690
RESERVED
CVE-2009-3689
@@ -51,61 +51,61 @@
CVE-2009-3671
RESERVED
CVE-2009-3670 (Stack-based buffer overflow in KSP Sound Player 2009 R2 and R2.1 ...)
- TODO: check
+ NOT-FOR-US: KSP Sound Player
CVE-2009-3669 (SQL injection vulnerability in the foobla Suggestions ...)
- TODO: check
+ NOT-FOR-US: Joomla! component
CVE-2009-3668 (Cross-site scripting (XSS) vulnerability in ardguest.php in Ardguest ...)
- TODO: check
+ NOT-FOR-US: Ardguest 1.8
CVE-2009-3667 (SQL injection vulnerability in admin/index.php in AdsDX 3.05 allows ...)
- TODO: check
+ NOT-FOR-US: AdsDX
CVE-2009-3666 (Cross-site scripting (XSS) vulnerability in index.php in Nullam Blog ...)
- TODO: check
+ NOT-FOR-US: Nullam Blog
CVE-2009-3665 (Multiple SQL injection vulnerabilities in index.php in Nullam Blog ...)
- TODO: check
+ NOT-FOR-US: Nullam Blog
CVE-2009-3664 (Multiple directory traversal vulnerabilities in index.php in Nullam ...)
- TODO: check
+ NOT-FOR-US: Nullam Blog
CVE-2009-3663 (Format string vulnerability in the h_readrequest function in http.c in ...)
- TODO: check
+ NOT-FOR-US: httpdx
CVE-2009-3662 (FileCopa FTP Server 5.01 allows remote attackers to cause a denial of ...)
- TODO: check
+ NOT-FOR-US: FileCopa FTP Server
CVE-2009-3661 (Multiple SQL injection vulnerabilities in the DJ-Catalog ...)
- TODO: check
+ NOT-FOR-US: component for Joomla!
CVE-2009-3660 (PHP remote file inclusion vulnerability in libraries/database.php in ...)
- TODO: check
+ NOT-FOR-US: Efront
CVE-2009-3659 (SQL injection vulnerability in file/stats.php in BS Counter 2.5.3 ...)
- TODO: check
+ NOT-FOR-US: BS Counter
CVE-2009-3658 (Use-after-free vulnerability in the Sb.SuperBuddy.1 ActiveX control ...)
- TODO: check
+ NOT-FOR-US: Sb.SuperBuddy.1 ActiveX
CVE-2009-3657 (Session fixation vulnerability in Shared Sign-On 5.x and 6.x, a module ...)
- TODO: check
+ NOT-FOR-US: module for Drupal
CVE-2009-3656 (Cross-site request forgery (CSRF) vulnerability in Shared Sign-On 5.x ...)
- TODO: check
+ NOT-FOR-US: module for Drupal
CVE-2009-3655 (Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers ...)
- TODO: check
+ NOT-FOR-US: Rhino Software Serv-U
CVE-2009-3654 (Unspecified vulnerability in Boost before 6.x-1.03, a module for ...)
- TODO: check
+ NOT-FOR-US: module for Drupal
CVE-2009-3653 (Cross-site scripting (XSS) vulnerability in the additional links ...)
- TODO: check
+ NOT-FOR-US: module for Drupal
CVE-2009-3652 (Cross-site scripting (XSS) vulnerability in Organic Groups (OG) ...)
- TODO: check
+ NOT-FOR-US: module for Drupal
CVE-2009-3651 (Cross-site scripting (XSS) vulnerability in the "Monitor browsers' ...)
- TODO: check
+ NOT-FOR-US: module for Drupal
CVE-2009-3650 (Cross-site scripting (XSS) vulnerability in Dex 5.x-1.0 and earlier ...)
- TODO: check
+ NOT-FOR-US: module for Drupal
CVE-2009-3649 (Cross-site scripting (XSS) vulnerability in forums/index.php in Power ...)
- TODO: check
+ NOT-FOR-US: PBBoard
CVE-2009-3648 (Cross-site scripting (XSS) vulnerability in Service Links 6.x-1.0, a ...)
- TODO: check
+ NOT-FOR-US: module for Drupal
CVE-2009-3647 (Cross-site scripting (XSS) vulnerability in emaullinks.php in YABSoft ...)
- TODO: check
+ NOT-FOR-US: YABSoft Mega File Hosting Script (aka MFH or MFHS)
CVE-2009-3646 (InterVations NaviCOPA Web Server 3.01 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: NaviCOPA Web Server
CVE-2009-3645 (SQL injection vulnerability in the JoomlaCache CB Resume Builder ...)
- TODO: check
+ NOT-FOR-US: JoomlaCache
CVE-2009-3644 (SQL injection vulnerability in the Soundset (com_soundset) component ...)
- TODO: check
+ NOT-FOR-US: Joomla component
CVE-2009-3643 (Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote attackers to ...)
- TODO: check
+ NOT-FOR-US: Dxmsoft XM Easy Personal FTP Server
CVE-2009-3642 (Multiple SQL injection vulnerabilities in the Call Logging feature in ...)
TODO: check
CVE-2009-3641
@@ -4667,6 +4667,7 @@
CVE-2009-2175 (Stack-based buffer overflow in the flattenIncrementally function in ...)
- xcftools 1.0.7-1 (low; bug #533361)
[etch] - xcftools <no-dsa> (Minor issue)
+ TODO: next point update: [etch] - xcftools 1.0.4-1+etch1
[lenny] - xcftools 1.0.4-1+lenny1
CVE-2009-2174 (GUPnP 0.12.7 allows remote attackers to cause a denial of service ...)
- gupnp 0.12.6-3.1 (low; bug #534594)
Modified: data/ospu-candidates.txt
===================================================================
--- data/ospu-candidates.txt 2009-10-14 02:15:29 UTC (rev 13012)
+++ data/ospu-candidates.txt 2009-10-14 07:31:39 UTC (rev 13013)
@@ -562,6 +562,7 @@
owl (CVE-2009-0363)
#515118
+notified maintainer
--
@@ -621,6 +622,7 @@
rails (CVE-2009-3086)
bug #545063
+notified maintainer
--
@@ -866,11 +868,17 @@
--
-xerces-c (CVE-2009-1885)
-#540297
+xerces-c2 (CVE-2009-1885)
+#541986
+notified maintainer
--
+xerces27 (CVE-2009-1885)
+notified maintainer
+
+--
+
xfce4 (CVE-2007-6351 CVE-2007-6352)
notified maintainer
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2009-10-14 02:15:29 UTC (rev 13012)
+++ data/spu-candidates.txt 2009-10-14 07:31:39 UTC (rev 13013)
@@ -100,6 +100,7 @@
kde4libs (CVE-2009-2702)
#546218
+notified maintainer
--
@@ -244,6 +245,7 @@
owl (CVE-2009-0363)
#515118
+notified maintainer
--
@@ -257,6 +259,7 @@
#535790
http://developer.pidgin.im/ticket/9483
http://developer.pidgin.im/viewmtn/revision/info/9bac0a540156fb1848eedd61c8630737dee752c7
+notified maintainer
--
@@ -268,6 +271,7 @@
rails (CVE-2009-3086)
bug #545063
+notified maintainer
--
@@ -330,9 +334,11 @@
--
-xerces-c (CVE-2009-1885)
-#540297
+xerces-c2 (CVE-2009-1885)
+#541986
+notified maintainer
+
--
xfig
More information about the Secure-testing-commits
mailing list