[Secure-testing-commits] r14426 - data/CVE

Raphael Geissert geissert at alioth.debian.org
Wed Apr 7 17:51:15 UTC 2010 

Author: geissert
Date: 2010-04-07 17:51:15 +0000 (Wed, 07 Apr 2010)
New Revision: 14426

Modified:
   data/CVE/list
Log:
embedded copies TODOs; there are probably more


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-04-07 17:43:57 UTC (rev 14425)
+++ data/CVE/list	2010-04-07 17:51:15 UTC (rev 14426)
@@ -3128,6 +3128,7 @@
 CVE-2010-0205 (The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before ...)
 	- libpng 1.2.43-1 (low; bug #572308)
 	[lenny] - libpng <no-dsa> (Minor issue)
+	TODO: check freeimage, tuxonice-userui
 	NOTE: http://www.kb.cert.org/vuls/id/576029
 CVE-2010-0204
 	RESERVED
@@ -3619,10 +3620,8 @@
 	{DSA-1997-1}
 	- mysql-dfsg-5.0 <removed> (medium)
 	- mysql-dfsg-5.1 5.1.41-4 (medium)
-	TODO: check yassl and other packages embedding it
 	NOTE: http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html
 	NOTE: http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1
-	NOTE: maintainer working on updates
 CVE-2009-4483 (Unspecified vulnerability in LDAP3A.exe in MailSite 8.0.4 allows ...)
 	NOT-FOR-US: MailSite
 CVE-2009-4482 (Buffer overflow in MediaServer.exe in TVersity 1.6 allows remote ...)
@@ -10644,6 +10643,7 @@
 CVE-2009-2347 (Multiple integer overflows in inter-color spaces conversion tools in ...)
 	{DSA-1835-1}
 	- tiff 3.8.2-13
+	TODO: check freeimage
 CVE-2009-2346 (The IAX2 protocol implementation in Asterisk Open Source 1.2.x before ...)
 	- asterisk 1:1.6.2.0~dfsg~beta3-1 (bug #539473)
 	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
@@ -10831,6 +10831,7 @@
 CVE-2009-2285 (Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 ...)
 	{DSA-1835-1}
 	- tiff 3.8.2-12 (low; bug #534137)
+	TODO: check freeimage
 	NOTE: this doesn't allow code execution, only a crash.
 CVE-2009-2283 (Multiple cross-site scripting (XSS) vulnerabilities in the help jsp ...)
 	NOT-FOR-US: Sun Java Web Console in Solaris 
@@ -11491,6 +11492,7 @@
 	[etch] - libpng <no-dsa> (Minor issue, only exploitable in rare setups)
 	[lenny] - libpng <no-dsa> (Minor issue, only exploitable in rare setups)
 	- xulrunner <not-affected> (xulrunner dynamically linked against libpng; embeded code copy not used)
+	TODO: check freeimage, tuxonice-userui
 CVE-2009-2041 (Cross-site scripting (XSS) vulnerability in A51 D.O.O. activeCollab ...)
 	NOT-FOR-US: activeCollab
 CVE-2009-2040 (admin/options.php in Grestul 1.2 does not properly restrict access, ...)
@@ -12326,12 +12328,15 @@
 CVE-2009-1722 (Heap-based buffer overflow in the compression implementation in ...)
 	{DSA-1842-1}
 	- openexr 1.6.1-1 (medium; bug #540424)
+	TODO: check freeimage
 CVE-2009-1721 (The decompression implementation in the Imf::hufUncompress function in ...)
 	{DSA-1842-1}
 	- openexr 1.6.1-4.1 (medium; bug #540424)
+	TODO: check freeimage
 CVE-2009-1720 (Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow ...)
 	{DSA-1842-1}
 	- openexr 1.6.1-4.1 (medium; bug #540424)
+	TODO: check freeimage
 CVE-2009-1719 (The Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X ...)
 	NOT-FOR-US: Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X
 CVE-2009-1718 (WebKit in Apple Safari before 4.0 allows user-assisted remote ...)
@@ -16555,6 +16560,7 @@
 CVE-2008-6218 (Memory leak in the png_handle_tEXt function in pngrutil.c in libpng ...)
 	{DSA-1750-1}
 	- libpng 1.2.33-1
+	TODO: check freeimage, tuxonice-userui
 CVE-2008-6217 (Cross-site scripting (XSS) vulnerability in index.php in Extrakt ...)
 	NOT-FOR-US: Extrakt Framework
 CVE-2008-6216 (SQL injection vulnerability in cadena_ofertas_ext.php in Venalsur ...)
@@ -18571,6 +18577,7 @@
 CVE-2008-5907 (The png_check_keyword function in pngwutil.c in libpng before 1.0.42, ...)
 	{DSA-1750-1}
 	- libpng 1.2.35-1 (bug #512665)
+	TODO: check freeimage, tuxonice-userui
 	NOTE: Only an issues when using libpng to create out-of-spec images
 CVE-2008-5906 (Eval injection vulnerability in the web interface plugin in KTorrent ...)
 	- ktorrent2.2 2.2.8.dfsg.1-1 (bug #504178)
@@ -19462,6 +19469,7 @@
 	- icedove 2.0.0.22-1 (bug #535124)
 	[squeeze] - icedove 2.0.0.22-0lenny1
 	- libpng 1.2.35-1 (bug #516256)
+	TODO: check freeimage, tuxonice-userui
 CVE-2009-0039 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...)
 	- geronimo <itp> (bug #481869)
 CVE-2009-0038 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
@@ -27605,6 +27613,7 @@
 CVE-2008-2327 (Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, ...)
 	{DSA-1632-1 DTSA-160-1}
 	- tiff 3.8.2-11 (medium)
+	TODO: check freeimage
 CVE-2008-2326 (mDNSResponder in the Bonjour Namespace Provider in Apple Bonjour for ...)
 	NOT-FOR-US: Apple Bonjour for Windows
 CVE-2008-2325 (QuickLook in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers ...)

More information about the Secure-testing-commits mailing list