[Secure-testing-commits] r13058 - bin data/CVE doc
Giuseppe Iuculano
derevko-guest at alioth.debian.org
Wed Oct 21 18:43:24 UTC 2009
Author: derevko-guest
Date: 2009-10-21 18:43:24 +0000 (Wed, 21 Oct 2009)
New Revision: 13058
Modified:
bin/report-vuln
data/CVE/list
doc/narrative_introduction
Log:
NFUs
s/security-tracker.debian.net/security-tracker.debian.org
Modified: bin/report-vuln
===================================================================
--- bin/report-vuln 2009-10-21 18:28:20 UTC (rev 13057)
+++ bin/report-vuln 2009-10-21 18:43:24 UTC (rev 13058)
@@ -19,7 +19,7 @@
ret = ''
for cnt, id in enumerate(ids):
ret += '\n[' + str(cnt) + '] http://cve.mitre.org/cgi-bin/cvename.cgi?name=' + id + '\n'
- ret += ' http://security-tracker.debian.net/tracker/' + id
+ ret += ' http://security-tracker.debian.org/tracker/' + id
return ret
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-10-21 18:28:20 UTC (rev 13057)
+++ data/CVE/list 2009-10-21 18:43:24 UTC (rev 13058)
@@ -19,37 +19,37 @@
CVE-2009-3720
RESERVED
CVE-2009-3719 (Cross-site scripting (XSS) vulnerability in comment.asp in Battle Blog ...)
- TODO: check
+ NOT-FOR-US: Battle Blog
CVE-2009-3718 (SQL injection vulnerability in admin/authenticate.asp in Battle Blog ...)
- TODO: check
+ NOT-FOR-US: Battle Blog
CVE-2009-3717 (Heap-based buffer overflow in LucVil PatPlayer 3.9 allows remote ...)
- TODO: check
+ NOT-FOR-US: LucVil PatPlayer
CVE-2009-3716 (Unrestricted file upload vulnerability in admin.php in MCshoutbox 1.1 ...)
- TODO: check
+ NOT-FOR-US: MCshoutbox
CVE-2009-3715 (Multiple SQL injection vulnerabilities in scr_login.php in MCshoutbox ...)
- TODO: check
+ NOT-FOR-US: MCshoutbox
CVE-2009-3714 (Cross-site scripting (XSS) vulnerability in admin_login.php in ...)
- TODO: check
+ NOT-FOR-US: MCshoutbox
CVE-2009-3713 (SQL injection vulnerability in fichero.php in MorcegoCMS 1.7.6 and ...)
- TODO: check
+ NOT-FOR-US: MorcegoCMS
CVE-2009-3712 (Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote ...)
- TODO: check
+ NOT-FOR-US: Ebay Clone 2009
CVE-2009-3711 (Stack-based buffer overflow in the h_handlepeer function in http.cpp ...)
- TODO: check
+ NOT-FOR-US: httpdx
CVE-2009-3710 (RioRey RIOS 4.6.6 and 4.7.0 uses an undocumented, hard-coded username ...)
- TODO: check
+ NOT-FOR-US: RioRey RIOS
CVE-2009-3709 (Stack-based buffer overflow in the Meta Content Optimizer in Konae ...)
- TODO: check
+ NOT-FOR-US: Konae Technologies Alleycode HTML Editor
CVE-2009-3708 (Stack-based buffer overflow in the Meta Content Optimizer in Konae ...)
- TODO: check
+ NOT-FOR-US: Konae Technologies Alleycode HTML Editor
CVE-2009-3707 (VMware Authentication Daemon 1.0 in vmware-authd.exe 6.5.3.8888 in the ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2009-3706 (Unspecified vulnerability in the ZFS filesystem in Sun Solaris 10, and ...)
- TODO: check
+ NOT-FOR-US: ZFS filesystem in Sun Solaris
CVE-2009-3705 (PHP remote file inclusion vulnerability in debugger.php in Achievo ...)
- TODO: check
+ NOT-FOR-US: Achievo
CVE-2009-3704 (ZoIPer 2.22, and possibly other versions before 2.24 Library 5324, ...)
- TODO: check
+ NOT-FOR-US: ZoIPer
CVE-2009-3703
RESERVED
CVE-2009-3702
@@ -611,15 +611,15 @@
CVE-2009-3463
RESERVED
CVE-2009-3462 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2009-3461 (Unspecified vulnerability in Adobe Acrobat 9.x before 9.2 allows ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2009-3460 (Adobe Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2009-3459 (Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before ...)
NOT-FOR-US: Adobe Acrobat
CVE-2009-3458 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2009-3457 (Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) ...)
NOT-FOR-US: Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF)
CVE-2009-3456 (Google Chrome, possibly 3.0.195.21 and earlier, does not properly ...)
@@ -1008,9 +1008,9 @@
CVE-2009-3283 (Cross-site scripting (XSS) vulnerability in phpspot PHP BBS, PHP Image ...)
NOT-FOR-US: phpspot Products
CVE-2009-3282 (Integer overflow in the vmx86 kernel extension in VMware Fusion before ...)
- TODO: check
+ NOT-FOR-US: VMware Fusion
CVE-2009-3281 (The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 ...)
- TODO: check
+ NOT-FOR-US: VMware Fusion
CVE-2009-3280 (Integer signedness error in the find_ie function in ...)
- linux-2.6 2.6.31-1 (medium)
- linux-2.6.24 <not-affected> (vulnerable code not present)
@@ -2009,7 +2009,7 @@
CVE-2008-7107 (easdrv.sys in ESET Smart Security 3.0.667.0 allows local users to ...)
NOT-FOR-US: ESET Smart Security
CVE-2009-2999 (The com.android.phone process in Android 1.5 CRBxx allows remote ...)
- TODO: check
+ NOT-FOR-US: Android
CVE-2009-XXXX [serveez: buffer overflow in header parser]
- serveez <removed> (low)
[lenny] - serveez <no-dsa> (Fringe package, mostly unused)
@@ -2017,45 +2017,45 @@
[etch] - serveez <no-dsa> (Fringe package, mostly unused)
TODO: next point release [etch] - serveez 0.1.5-2+etch1
CVE-2009-2998 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2009-2997 (Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2009-2996 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2009-2995 (Integer overflow in Adobe Acrobat 7.x before 7.1.4, 8.x before 8.1.7, ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2009-2994 (Buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2009-2993 (The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2009-2992 (An unspecified ActiveX control in Adobe Reader and Acrobat 9.x before ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2009-2991 (Unspecified vulnerability in the Mozilla plug-in in Adobe Reader and ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2009-2990 (Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2009-2989 (Integer overflow in Adobe Acrobat 9.x before 9.2, 8.x before 8.1.7, ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2009-2988 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2009-2987 (Unspecified vulnerability in an ActiveX control in Adobe Reader and ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2009-2986 (Multiple heap-based buffer overflows in Adobe Reader and Acrobat 7.x ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2009-2985 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2009-2984 (Unspecified vulnerability in the image decoder in Adobe Acrobat 9.x ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2009-2983 (Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2009-2982 (An unspecified certificate in Adobe Reader and Acrobat 9.x before 9.2, ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2009-2981 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2009-2980 (Integer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2009-2979 (Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and ...)
- TODO: check
+ NOT-FOR-US: Adobe
CVE-2009-2978 (SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and ...)
NOT-FOR-US: SugarCRM
CVE-2009-2977 (The Cisco Security Monitoring, Analysis and Response System (CS-MARS) ...)
@@ -2099,7 +2099,7 @@
CVE-2009-2971
RESERVED
CVE-2009-2970 (Stack-based buffer overflow in the GetUiDllVersion function in an ...)
- TODO: check
+ NOT-FOR-US: UiTV UiPlayer
CVE-2009-2969
RESERVED
CVE-2009-2968 (Directory traversal vulnerability in a support component in the web ...)
@@ -2485,6 +2485,7 @@
- backuppc 3.1.0-8 (low; bug #542218)
[etch] - backuppc <not-affected> (No configuration GUI)
[lenny] - backuppc <no-dsa> (Requires access)
+ TODO: next point release: [lenny] - backuppc 3.1.0-4lenny2
CVE-2009-XXXX [burn: Insecure escaping of file names]
- burn 0.4.5-1 (low; bug #542329)
[lenny] - burn 0.4.3-2.1+lenny1
@@ -2502,7 +2503,7 @@
CVE-2009-2875
RESERVED
CVE-2009-2874 (The TimesTenD process in Cisco Unified Presence 1.x, 6.x before ...)
- TODO: check
+ NOT-FOR-US: Cisco Unified Presence
CVE-2009-2873 (Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco ...)
NOT-FOR-US: Cisco IOS
CVE-2009-2872 (Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco ...)
@@ -3003,9 +3004,9 @@
CVE-2009-2735 (SQL injection vulnerability in admin.php in sun-jester OpenNews 1.0, ...)
NOT-FOR-US: OpenNews
CVE-2009-2734 (SQL injection vulnerability in the get_employee function in ...)
- TODO: check
+ NOT-FOR-US: Achievo
CVE-2009-2733 (Multiple cross-site scripting (XSS) vulnerabilities in Achievo before ...)
- TODO: check
+ NOT-FOR-US: Achievo
CVE-2009-2732 (The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier ...)
- ntop 3:3.3-12 (low; bug #543312)
[lenny] - ntop <no-dsa> (Minor issue)
@@ -45392,7 +45393,7 @@
CVE-2006-6405 (BitDefender Mail Protection for SMB 2.0 allows remote attackers to ...)
NOT-FOR-US: BitDefender
CVE-2006-6404 (Innovation Data Processing FDR allows remote attackers to cause a ...)
- TODO: check
+ NOT-FOR-US: Innovation Data Processing's FDR Backup
CVE-2006-6403 (mystats.php in MyStats 1.0.8 and earlier allows remote attackers to ...)
NOT-FOR-US: MyStats
CVE-2006-6402 (SQL injection vulnerability in mystats.php in MyStats 1.0.8 and ...)
Modified: doc/narrative_introduction
===================================================================
--- doc/narrative_introduction 2009-10-21 18:28:20 UTC (rev 13057)
+++ doc/narrative_introduction 2009-10-21 18:43:24 UTC (rev 13058)
@@ -413,7 +413,7 @@
compared against madison to determine what has been fixed and what is
still waiting, this results in this website:
-http://security-tracker.debian.net/
+http://security-tracker.debian.org/
It incorporates package lists and parses distribution lists and can
thus be used to
More information about the Secure-testing-commits
mailing list