[Secure-testing-commits] r14500 - data/CVE

Raphael Geissert geissert at alioth.debian.org
Fri Apr 16 01:26:12 UTC 2010


Author: geissert
Date: 2010-04-16 01:26:11 +0000 (Fri, 16 Apr 2010)
New Revision: 14500

Modified:
   data/CVE/list
Log:
NFUs, one clamav issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-04-16 00:56:54 UTC (rev 14499)
+++ data/CVE/list	2010-04-16 01:26:11 UTC (rev 14500)
@@ -2527,9 +2527,9 @@
 CVE-2010-0488 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2010-0487 (The Authenticode Signature verification functionality in cabview.dll ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2010-0486 (The WinVerifyTrust function in Authenticode Signature Verification ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2010-0485
 	RESERVED
 CVE-2010-0484
@@ -2537,19 +2537,19 @@
 CVE-2010-0483 (vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2010-0482 (The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2010-0481 (The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2010-0480 (Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2010-0479 (Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2010-0478 (Stack-based buffer overflow in nsum.exe in the Windows Media Unicast ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2010-0477 (The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2010-0476 (The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2010-0475
 	RESERVED
 CVE-2010-0474
@@ -3262,11 +3262,11 @@
 CVE-2010-0271 (hald in Sun OpenSolaris snv_51 through snv_130 does not have the ...)
 	NOT-FOR-US: hald in Sun OpenSolaris
 CVE-2010-0270 (The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2010-0269 (The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2010-0268 (Unspecified vulnerability in the Windows Media Player ActiveX control ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2010-0267 (Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly handle ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2010-0266
@@ -3290,11 +3290,11 @@
 CVE-2010-0257 (Microsoft Office Excel 2002 SP3 does not properly parse the Excel file ...)
 	NOT-FOR-US: Microsoft Office
 CVE-2010-0256 (Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Office
 CVE-2010-0255 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2010-0254 (Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Office
 CVE-2010-0253
 	RESERVED
 CVE-2010-0252 (The Microsoft Data Analyzer ActiveX control (aka the Office Excel ...)
@@ -3326,15 +3326,15 @@
 CVE-2010-0239 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and ...)
 	NOT-FOR-US: Microsoft Windows Vista Gold
 CVE-2010-0238 (Unspecified vulnerability in registry-key validation in the kernel in ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2010-0237 (The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2010-0236 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2010-0235 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2010-0234 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2010-0233 (Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2010-0232 (The kernel in Microsoft Windows NT 3.1 through Windows 7, including ...)
@@ -3429,35 +3429,35 @@
 	TODO: check freeimage, tuxonice-userui
 	NOTE: http://www.kb.cert.org/vuls/id/576029
 CVE-2010-0204 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2010-0203 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2010-0202 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2010-0201 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2010-0200
 	REJECTED
 CVE-2010-0199 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2010-0198 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2010-0197 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2010-0196 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2010-0195 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2010-0194 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2010-0193 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2010-0192 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2010-0191 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2010-0190 (Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat ...)
-	TODO: check
+	NOT-FOR-US: Adobe Reader
 CVE-2010-0189 (A certain ActiveX control in NOS Microsystems getPlus Download Manager ...)
 	NOT-FOR-US: Adobe Download Manager
 CVE-2010-0188 (Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 ...)
@@ -3807,6 +3807,8 @@
 CVE-2010-0099
 	RESERVED
 CVE-2010-0098 (ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z ...)
+	- clamav 0.96+dfsg-1
+	[lenny] - clamav <no-dsa> (no longer supported)
 	TODO: check
 CVE-2010-0097 (ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before ...)
 	- bind9 1:9.7.0.dfsg-1
@@ -4229,7 +4231,7 @@
 	- sun-java6 <unfixed>
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2010-0086 (Unspecified vulnerability in the Portal component in Oracle Fusion ...)
-	TODO: check
+	NOT-FOR-US: Oracle Fusion Middleware
 CVE-2010-0085 (Unspecified vulnerability in the Java Runtime Environment component in ...)
 	- openjdk-6 <undetermined>
 	- sun-java6 6.19-1
@@ -4261,7 +4263,7 @@
 CVE-2010-0074 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
 	NOT-FOR-US: BEA Product Suite
 CVE-2010-0073 (Unspecified vulnerability in the WebLogic Server in Oracle WebLogic ...)
-	TODO: check
+	NOT-FOR-US: Oracle WebLogic Server
 CVE-2010-0072 (Unspecified vulnerability in the Oracle Secure Backup component in ...)
 	NOT-FOR-US: Oracle Secure Backup
 CVE-2010-0071 (Unspecified vulnerability in the Listener component in Oracle Database ...)
@@ -4544,9 +4546,9 @@
 CVE-2010-0026 (The Hyper-V server implementation in Microsoft Windows Server 2008 ...)
 	NOT-FOR-US: Microsoft Windows Server
 CVE-2010-0025 (The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2010-0024 (The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2010-0023 (The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2010-0022 (The SMB implementation in the Server service in Microsoft Windows 2000 ...)
@@ -6280,7 +6282,7 @@
 CVE-2009-3733 (Directory traversal vulnerability in VMware Server 1.x before 1.0.10 ...)
 	- vmware-package <removed>
 CVE-2009-3732 (Format string vulnerability in vmware-vmrc.exe build 158248 in VMware ...)
-	TODO: check
+	NOT-FOR-US: VMware
 CVE-2009-3731 (Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help ...)
 	NOT-FOR-US: WebWorks Help
 CVE-2009-3730 (Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help ...)
@@ -13222,9 +13224,9 @@
 CVE-2009-1566 (Integer overflow in Roxio Easy Media Creator 9.0.136, and Roxio ...)
 	NOT-FOR-US: Roxio Easy Media Creator
 CVE-2009-1565 (vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 ...)
-	TODO: check
+	NOT-FOR-US: VMware Movie Decoder
 CVE-2009-1564 (Heap-based buffer overflow in vmnc.dll in the VMnc media codec in ...)
-	TODO: check
+	TODO: VMware products
 CVE-2009-1563
 	REJECTED
 	NOTE: Tracked as CVE-2009-0689
@@ -25669,7 +25671,7 @@
 CVE-2008-3280
 	RESERVED
 CVE-2008-3279 (Untrusted search path vulnerability in libbrlttybba.so in brltty 3.7.2 ...)
-	TODO: check
+	- brltty <not-affected> (RedHat-specific)
 CVE-2008-3278
 	RESERVED
 CVE-2008-3277




More information about the Secure-testing-commits mailing list