[Secure-testing-commits] r13040 - in data: . CVE DSA

Mon Oct 19 17:26:56 UTC 2009

Author: jmm-guest
Date: 2009-10-19 17:26:55 +0000 (Mon, 19 Oct 2009)
New Revision: 13040

Modified:
   data/CVE/list
   data/DSA/list
   data/ospu-candidates.txt
   data/spu-candidates.txt
Log:
- xmp no-dsa
- new pidgin issue
- rejected cleaups


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2009-10-18 09:14:46 UTC (rev 13039)
+++ data/CVE/list	2009-10-19 17:26:55 UTC (rev 13040)
@@ -176,8 +176,10 @@
 	RESERVED
 CVE-2009-3616
 	RESERVED
-CVE-2009-3615
+CVE-2009-3615 [pidgin ICQ DoS]
 	RESERVED
+	- pidgin 2.6.3-1
+	NOTE: http://pidgin.im/news/security/?id=41
 CVE-2009-3614 [oping suid 0 arbitrary file disclosure]
 	RESERVED
 	- liboping 1.3.3-1 (low; bug #548684)
@@ -1248,9 +1250,13 @@
 CVE-2008-7217 (Microsoft Office 2008 for Mac, when running on Macintosh systems that ...)
 	NOT-FOR-US: Microsoft Office
 CVE-2007-6732 (Multiple buffer overflows in the dtt_load function in ...)
-	- xmp 2.6.1-1 (medium; bug #546730)
+	- xmp 2.6.1-1 (low; bug #546730)
+	[etch] - xmp <no-dsa> (Minor issue, fringe app/formats)
+	[lenny] - xmp <no-dsa> (Minor issue, fringe app/formats)
 CVE-2007-6731 (Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers ...)
-	- xmp 2.6.1-1 (medium; bug #546730)
+	- xmp 2.6.1-1 (low; bug #546730)
+	[etch] - xmp <no-dsa> (Minor issue, fringe app/formats)
+	[lenny] - xmp <no-dsa> (Minor issue, fringe app/formats)
 CVE-2009-3182 (Unrestricted file upload vulnerability in ...)
 	NOT-FOR-US: Anantasoft Gazelle CMS
 CVE-2009-3181 (Directory traversal vulnerability in Anantasoft Gazelle CMS 1.0 allows ...)
@@ -2485,7 +2491,6 @@
 	NOT-FOR-US: NASA Common Data Format
 CVE-2009-2845
 	REJECTED
-	NOT-FOR-US: duplicate of CVE-2009-2768
 CVE-2008-7015 (Unreal engine 3, as used in Unreal Tournament 3 1.3, Frontlines: Fuel ...)
 	NOT-FOR-US: Unreal Tournament
 CVE-2008-7014 (fhttpd 0.4.2 allows remote attackers to cause a denial of service ...)
@@ -4282,7 +4287,6 @@
 	NOT-FOR-US: IBM Tivoli
 CVE-2009-2315
 	REJECTED
-	NOT-FOR-US: Apple iPhone OS
 CVE-2009-2314 (Race condition in the Sun Lightweight Availability Collection Tool 3.0 ...)
 	NOT-FOR-US: Lightweight Availability Collection Tool
 CVE-2007-6728 (Cross-site scripting (XSS) vulnerability in XMB 1.5 allows remote ...)
@@ -6027,7 +6031,6 @@
 	NOT-FOR-US: Bitweaver
 CVE-2009-1676
 	REJECTED
-	NOT-FOR-US: IIS
 CVE-2009-1675 (Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows ...)
 	NOT-FOR-US: ElectraSoft 32bit FTP
 CVE-2009-1674 (Stack-based buffer overflow in Microchip MPLAB IDE 8.30 allows ...)
@@ -7554,7 +7557,6 @@
 	NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
 CVE-2008-6628
 	REJECTED
-	NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
 CVE-2008-6627 (SQL injection vulnerability in getin.php in WEBBDOMAIN WebShop 1.2, ...)
 	NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
 CVE-2008-6626 (SQL injection vulnerability in getin.php in WEBBDOMAIN Quiz 1.02 and ...)
@@ -10055,7 +10057,6 @@
 	NOT-FOR-US: LightBlog
 CVE-2008-6176
 	REJECTED
-	NOTE: dupe of CVE-2008-6171
 CVE-2008-6175 (SilverSHielD 1.0.2.34 allows remote attackers to cause a denial of ...)
 	NOT-FOR-US: SilverSHielD
 CVE-2008-6174 (Cross-site scripting (XSS) vulnerability in admin/postlister/index.php ...)
@@ -10830,7 +10831,6 @@
 	NOT-FOR-US: HP HP-UX
 CVE-2008-6067
 	REJECTED
-	NOT-FOR-US: E-Shop Shopping Cart
 CVE-2008-6066 (Multiple PHP remote file inclusion vulnerabilities in Meet#Web 0.8 ...)
 	NOT-FOR-US: Meet#Web
 CVE-2008-6065 (Oracle Database Server 10.1, 10.2, and 11g grants directory WRITE ...)
@@ -10867,8 +10867,6 @@
 	NOT-FOR-US: Tech Articles
 CVE-2008-6049
 	REJECTED
-	- tinymce <not-affected> (Vulnerable code not present)
-	NOTE: no idea what this is about tinymce doesn't ship any php code
 CVE-2008-6048 (Multiple cross-site request forgery (CSRF) vulnerabilities in TangoCMS ...)
 	NOT-FOR-US: TangoCMS
 CVE-2008-6047 (Cross-site scripting (XSS) vulnerability in ADbNewsSender before 1.5.2 ...)
@@ -12931,9 +12929,6 @@
 	NOT-FOR-US: Apple QuickTime
 CVE-2008-5622
 	REJECTED
-	{DSA-1723-1}
-	- phpmyadmin 4:2.11.8.1-5
-	NOTE: is a duplicate of CVE-2008-5621, contacted mitre
 CVE-2008-5621 (Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x ...)
 	{DSA-1723-1}
 	- phpmyadmin 4:2.11.8.1-5
@@ -19059,7 +19054,6 @@
 	NOT-FOR-US: Xerox CentreWare Web
 CVE-2008-3120
 	REJECTED
-	NOT-FOR-US: Dokeos
 CVE-2008-3119 (SQL injection vulnerability in index.php in DreamPics Builder allows ...)
 	NOT-FOR-US: DreamPics Builder
 CVE-2008-3118 (SQL injection vulnerability in play.php in PHPmotion 2.0 and earlier ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2009-10-18 09:14:46 UTC (rev 13039)
+++ data/DSA/list	2009-10-19 17:26:55 UTC (rev 13040)
@@ -742,7 +742,7 @@
 	{CVE-2008-5153 CVE-2009-0500 CVE-2009-0502 CVE-2008-6125}
 	[etch] - moodle 1.6.3-2+etch2
 [11 Feb 2009] DSA-1723-1 phpmyadmin - arbitrary code execution
-	{CVE-2008-5621 CVE-2008-5622}
+	{CVE-2008-5621}
 	[etch] - phpmyadmin 4:2.9.1.1-10
 [11 Feb 2009] DSA-1722-1 libpam-heimdal - local privilege
 	{CVE-2009-0361}

Modified: data/ospu-candidates.txt
===================================================================
--- data/ospu-candidates.txt	2009-10-18 09:14:46 UTC (rev 13039)
+++ data/ospu-candidates.txt	2009-10-19 17:26:55 UTC (rev 13040)
@@ -902,6 +902,11 @@
 
 --
 
+xmp (CVE-2007-6731, CVE-2007-6732)
+#546730
+
+--
+
 xscreensaver (no CVE)
 #539699
 notified maintainer

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2009-10-18 09:14:46 UTC (rev 13039)
+++ data/spu-candidates.txt	2009-10-19 17:26:55 UTC (rev 13040)
@@ -353,5 +353,10 @@
 
 --
 
+xmp (CVE-2007-6731, CVE-2007-6732)
+#546730
+
+--
+
 ziproxy (CVE-2009-0804)
 #521051


