[Secure-testing-commits] r13025 - data/CVE
Raphael Geissert
geissert at alioth.debian.org
Thu Oct 15 23:17:21 UTC 2009
Author: geissert
Date: 2009-10-15 23:17:21 +0000 (Thu, 15 Oct 2009)
New Revision: 13025
Modified:
data/CVE/list
Log:
Two openoffice.org, one amsn and one kvirc issues to be verified
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-10-15 21:51:42 UTC (rev 13024)
+++ data/CVE/list 2009-10-15 23:17:21 UTC (rev 13025)
@@ -1,5 +1,5 @@
CVE-2009-3699 (Stack-based buffer overflow in libcsa.a (aka the calendar daemon ...)
- TODO: check
+ NOT-FOR-US: IBM AIX
CVE-2009-3698 (An unspecified function in the Dalvik API in Android 1.5 and earlier ...)
NOT-FOR-US: Dalvik API in Android
CVE-2009-3697 [phpMyAdmin XSS/SQL inj PMASA-2009-6]
@@ -544,7 +544,7 @@
CVE-2009-3460
RESERVED
CVE-2009-3459 (Unspecified vulnerability in Adobe Reader and Acrobat 9.1.3 and ...)
- TODO: check
+ NOT-FOR-US: Adobe Acrobat
CVE-2009-3458
RESERVED
CVE-2009-3457 (Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) ...)
@@ -1047,6 +1047,7 @@
CVE-2009-3240 (Cross-site scripting (XSS) vulnerability in the Happy Linux XF-Section ...)
NOT-FOR-US: module for XOOPS
CVE-2009-3239 (Buffer overflow in the EMF parser implementation in OpenOffice.org ...)
+ - openoffice.org <unfixed>
TODO: check
CVE-2009-3238 (The get_random_int function in drivers/char/random.c in the Linux ...)
TODO: check
@@ -1364,7 +1365,7 @@
CVE-2009-3127
RESERVED
CVE-2009-3126 (Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-3162 (Cross-site scripting (XSS) vulnerability in Multi Website 1.5 allows ...)
NOT-FOR-US: Multi Website
CVE-2009-3161 (The server in IBM WebSphere MQ 7.0.0.1, 7.0.0.2, and 7.0.1.0 allows ...)
@@ -1793,9 +1794,9 @@
CVE-2009-3031
RESERVED
CVE-2009-3030 (Cross-site scripting (XSS) vulnerability in Symantec ...)
- TODO: check
+ NOT-FOR-US: Symantec SecurityExpressions Audit and Compliance Server
CVE-2009-3029 (Cross-site scripting (XSS) vulnerability in the console in Symantec ...)
- TODO: check
+ NOT-FOR-US: Symantec SecurityExpressions Audit and Compliance Server
CVE-2009-3028
RESERVED
CVE-2009-3027
@@ -2106,6 +2107,7 @@
CVE-2008-7071 (SQL injection vulnerability in authenticate.php in Chipmunk Topsites ...)
NOT-FOR-US: Chipmunk Topsites
CVE-2008-7070 (Argument injection vulnerability in the URI handler in KVIrc 3.4.2 ...)
+ - kvirc <unfixed>
TODO: check
CVE-2008-7069 (All Club CMS (ACCMS) 0.0.2 and earlier stores sensitive information ...)
NOT-FOR-US: All Club CMS (ACCMS)
@@ -2354,9 +2356,9 @@
CVE-2009-2899
RESERVED
CVE-2009-2898 (Cross-site scripting (XSS) vulnerability in the Alerts list feature in ...)
- TODO: check
+ NOT-FOR-US: SpringSource Hyperic HQ
CVE-2009-2897 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: SpringSource Hyperic HQ
CVE-2009-2896 (Buffer overflow in KMplayer 2.9.4.1433 and earlier allows remote ...)
NOT-FOR-US: KMPlayer: http://www.kmplayer.com
CVE-2009-2895 (SQL injection vulnerability in rss.php in Ultimate Regnow Affiliate ...)
@@ -3177,7 +3179,7 @@
CVE-2009-2685
RESERVED
CVE-2009-2684 (Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and ...)
- TODO: check
+ NOT-FOR-US: Embedded Web Server in HP printers
CVE-2009-2683 (Unspecified vulnerability in the Sender module in HP Remote Graphics ...)
NOT-FOR-US: HP Remote Graphics
CVE-2009-2682 (Unspecified vulnerability in Role-Based Access Control (RBAC) in HP ...)
@@ -3663,23 +3665,23 @@
CVE-2009-2533 (rmserver in RealNetworks Helix Server and Helix Mobile Server before ...)
NOT-FOR-US: RealNetworks Helix Server and Helix Mobile Server
CVE-2009-2532 (Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows Vista
CVE-2009-2531 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2530 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2529 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2528 (GDI+ in Microsoft Office XP SP3 does not properly handle malformed ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office XP
CVE-2009-2527 (Heap-based buffer overflow in Microsoft Windows Media Player 6.4 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows Media Player
CVE-2009-2526 (Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows Vista
CVE-2009-2525 (Microsoft Windows Media Runtime, as used in DirectShow WMA Voice ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows Media Runtime
CVE-2009-2524 (Integer underflow in the NTLM authentication feature in the Local ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows XP
CVE-2009-2523
RESERVED
CVE-2009-2522
@@ -3691,13 +3693,13 @@
CVE-2009-2519 (The DHTML Editing Component ActiveX control in Microsoft Windows 2000 ...)
NOT-FOR-US: Microsoft Windows
CVE-2009-2518 (Integer overflow in GDI+ in Microsoft Office XP SP3 allows remote ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office XP
CVE-2009-2517 (The kernel in Microsoft Windows Server 2003 SP2 does not properly ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows Server 2003
CVE-2009-2516 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows 2000
CVE-2009-2515 (Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows 2000
CVE-2009-2514
RESERVED
CVE-2009-2513
@@ -3705,35 +3707,35 @@
CVE-2009-2512
RESERVED
CVE-2009-2511 (Integer overflow in the CryptoAPI component in Microsoft Windows 2000 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows 2000
CVE-2009-2510 (The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows 2000
CVE-2009-2509
RESERVED
CVE-2009-2508
RESERVED
CVE-2009-2507 (A certain ActiveX control in the Indexing Service in Microsoft Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2009-2506
RESERVED
CVE-2009-2505
RESERVED
CVE-2009-2504 (Multiple integer overflows in unspecified APIs in GDI+ in Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft products
CVE-2009-2503 (GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, ...)
- TODO: check
+ NOT-FOR-US: Microsoft products
CVE-2009-2502 (Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft products
CVE-2009-2501 (Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 ...)
- TODO: check
+ NOT-FOR-US: Microsoft products
CVE-2009-2500 (Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft products
CVE-2009-2499 (Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft ...)
NOT-FOR-US: Microsoft Windows Media Format Runtime
CVE-2009-2498 (Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows ...)
NOT-FOR-US: Microsoft Windows Media Format Runtime
CVE-2009-2497 (The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 ...)
- TODO: check
+ NOT-FOR-US: Microsoft products
CVE-2009-2496 (Heap-based buffer overflow in the Office Web Components ActiveX ...)
NOT-FOR-US: Microsoft Office XP
CVE-2009-2495 (The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 ...)
@@ -4767,6 +4769,7 @@
CVE-2008-6833 (Directory traversal vulnerability in commsrss.php in fuzzylime (cms) ...)
NOT-FOR-US: fuzzylime
CVE-2009-2140 (Multiple heap-based buffer overflows in ...)
+ - openoffice.org <unfixed>
TODO: check
CVE-2009-2139 (Heap-based buffer overflow in svtools/source/filter.vcl/wmf/enhwmf.cxx ...)
{DSA-1880-1}
@@ -6364,7 +6367,7 @@
NOTE: fixed over a year ago in debian; but fedora finally got around to addressing the issue recently
NOTE: FEDORA-2009-3639 (http://lwn.net/Articles/331605)
CVE-2009-1547 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-1546 (Integer overflow in Avifil32.dll in the Windows Media file handling ...)
NOT-FOR-US: Microsoft Windows
CVE-2009-1545 (Unspecified vulnerability in Avifil32.dll in the Windows Media file ...)
@@ -10321,7 +10324,7 @@
CVE-2009-0556 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and ...)
NOT-FOR-US: Microsoft Office
CVE-2009-0555 (Microsoft Windows Media Runtime, as used in DirectShow WMA Voice ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2009-0554 (Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-0553 (Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, ...)
@@ -12057,9 +12060,9 @@
CVE-2009-0092
RESERVED
CVE-2009-0091 (Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly ...)
- TODO: check
+ NOT-FOR-US: Microsoft .NET Framework
CVE-2009-0090 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not ...)
- TODO: check
+ NOT-FOR-US: Microsoft .NET Framework
CVE-2009-0089 (Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP ...)
NOT-FOR-US: Microsoft Windows
CVE-2009-0088 (The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft ...)
@@ -38295,8 +38298,8 @@
CVE-2007-2196 (** DISPUTED ** ...)
NOT-FOR-US: Jambook module for Mambo and Joomla
CVE-2007-2195 (aMSN (aka Alvaro's Messenger) 0.96 and earlier allows remote attackers ...)
+ - amsn <unfixed>
TODO: check
- NOTE: package amsn
CVE-2007-2194 (Stack-based buffer overflow in XnView 1.90.3 allows user-assisted ...)
NOT-FOR-US: XnView
CVE-2007-2193 (Stack-based buffer overflow in the ID_X.apl plugin in ACDSee 9.0 Build ...)
More information about the Secure-testing-commits
mailing list