[Secure-testing-commits] r15088 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Sun Aug 1 04:22:38 UTC 2010 

Author: jmm-guest
Date: 2010-08-01 04:22:33 +0000 (Sun, 01 Aug 2010)
New Revision: 15088

Modified:
   data/CVE/list
Log:
- NFUs
- new ghostscript issue (already fixed in sid)
- kernel fix pending
- new minor gv issue
- not-so-new ghostscript issue unfixed in sid, working
  on a patch right now
- cacti unimportant
- new clvm issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-08-01 01:25:32 UTC (rev 15087)
+++ data/CVE/list	2010-08-01 04:22:33 UTC (rev 15088)
@@ -666,13 +666,13 @@
 CVE-2009-4929 (admin/manage_users.php in TotalCalendar 2.4 does not require ...)
 	NOT-FOR-US: TotalCalendar 
 CVE-2009-4928 (PHP remote file inclusion vulnerability in config.php in TotalCalendar ...)
-	TODO: check
+	NOT-FOR-US: TotalCalendar 
 CVE-2009-4927 (WB News 2.1.2 allows remote attackers to bypass authentication and ...)
-	TODO: check
+	NOT-FOR-US: WB News
 CVE-2009-4926 (Multiple cross-site scripting (XSS) vulnerabilities in Online Contact ...)
-	TODO: check
+	NOT-FOR-US: Online Contact Manager
 CVE-2009-4925 (Multiple SQL injection vulnerabilities in Portale e-commerce Creasito ...)
-	TODO: check
+	NOT-FOR-US: Portale e-commerce Creasito
 CVE-2010-2652 (Google Chrome before 5.0.375.99 does not properly implement modal ...)
 	- webkit <not-affected> (chromium specific issue)
 	- chromium-browser 5.0.375.99~r51029-1
@@ -749,21 +749,21 @@
 CVE-2010-2628
 	RESERVED
 CVE-2010-2627 (Multiple directory traversal vulnerabilities in the Refractor 2 ...)
-	TODO: check
+	NOT-FOR-US: Refractor 2
 CVE-2010-2626 (index.pl in Miyabi CGI Tools SEO Links 1.02 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Miyabi CGI Tools SEO Links
 CVE-2010-2625 (Unspecified vulnerability in the Client Service for DPM in Hitachi ...)
-	TODO: check
+	NOT-FOR-US: Hitachi ServerConductor
 CVE-2010-2624 (Multiple SQL injection vulnerabilities in iScripts EasySnaps 2.0 allow ...)
-	TODO: check
+	NOT-FOR-US: iScripts EasySnaps
 CVE-2010-2623 (SQL injection vulnerability in pages.php in Internet DM Specialist Bed ...)
-	TODO: check
+	NOT-FOR-US: Internet DM Specialist Bed and Breakfast
 CVE-2010-2622 (SQL injection vulnerability in the Joomanager component, possibly ...)
-	TODO: check
+	NOT-FOR-US: Joomanager
 CVE-2010-2621 (The QSslSocketBackendPrivate::transmit function in ...)
 	- qt4-x11 <unfixed> (bug #587711)
 CVE-2010-2620 (Open&amp;Compact FTP Server (Open-FTPD) 1.2 and earlier allows remote ...)
-	TODO: check
+	NOT-FOR-US: Open&Compact FTP Server
 CVE-2010-2619 (Citrix XenServer 5.0 Update 2 and earlier, and 5.5 Update 1 and ...)
 	NOT-FOR-US: Citrix XenServer (it's based on Xen, likely a duplicate of an existing Xen issue)
 CVE-2009-4924 (Dan Pascu python-cjson 1.0.5 does not properly handle a ['/'] argument ...)
@@ -981,14 +981,15 @@
 	- freetype 2.4.0-1
 CVE-2010-2526
 	RESERVED
+	- clvm <unfixed> (bug filed)
 CVE-2010-2525
 	RESERVED
 CVE-2010-2524
 	RESERVED
 CVE-2010-2523 (Multiple buffer overflows in ha.c in the mipv6 daemon in UMIP 0.4 ...)
-	TODO: check
+	NOT-FOR-US: UMIP
 CVE-2010-2522 (The mipv6 daemon in UMIP 0.4 does not verify that netlink messages ...)
-	TODO: check
+	NOT-FOR-US: UMIP
 CVE-2010-2521
 	RESERVED
 CVE-2010-2520 [freetype]
@@ -1559,7 +1560,7 @@
 CVE-2009-4898
 	RESERVED
 CVE-2009-4897 (Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier ...)
-	TODO: check
+	- ghostscript 8.70~dfsg-1
 CVE-2009-4896
 	RESERVED
 	{DSA-2073-1}
@@ -1756,8 +1757,7 @@
 	- tomcat6 6.0.28-1 (bug #588813)
 CVE-2010-2226 [xfs SWAPEXT ioctl permissions bypass]
 	RESERVED
-	- linux-2.6 <unfixed>
-	NOTE: https://bugzilla.redhat.com/CVE-2010-2226
+	- linux-2.6 2.6.32-19
 CVE-2010-2225 (Use-after-free vulnerability in the SplObjectStorage unserializer in ...)
 	- php5 <unfixed>
 	NOTE: some vectors mitigated by suhosin patch, but more info is needed
@@ -2196,9 +2196,10 @@
 CVE-2010-2057
 	RESERVED
 CVE-2010-2056 (GNU gv before 3.7.0 allows local users to overwrite arbitrary files ...)
-	TODO: check
+	- gv 1:3.7.1-1 (low)
+	[lenny] - gv <no-dsa> (Minor issue)
 CVE-2010-2055 (Ghostscript 8.71 and earlier reads initialization files from the ...)
-	TODO: check
+	- ghostscript <unfixed>
 CVE-2010-2054 (Integer overflow in httpAdapter.c in httpAdapter in SBLIM SFCB 1.3.4 ...)
 	NOT-FOR-US: SBLIM SFCB
 CVE-2010-2053 (emesenelib/ProfileManager.py in emesene before 1.6.2 allows local ...)
@@ -9577,12 +9578,9 @@
 CVE-2009-4047 (Multiple cross-site scripting (XSS) vulnerabilities in PHD Help Desk ...)
 	NOT-FOR-US: PHD Help Desk
 CVE-2009-4112 (Cacti 0.8.7e and earlier allows remote authenticated administrators to ...)
-	- cacti <unfixed> (low; bug #561339)
-	[etch] - cacti <no-dsa> (Minor issue, workaround explained in DSA)
-	[lenny] - cacti <no-dsa> (Minor issue, workaround explained in DSA)
+	- cacti <unfixed> (unimportant; bug #561339)
 	NOTE: 4B0E1566.1070509 at moritz-naumann.com in bugtraq
-	NOTE: low or maybe even unimportant as one requires admin access
-	NOTE: to cacti, upstream will implement a whitelist
+	NOTE: as one requires admin access to cacti, upstream will implement a whitelist
 CVE-2009-4032 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e ...)
 	{DSA-1954-1}
 	- cacti 0.8.7e-1.1 (low; bug #561338)

More information about the Secure-testing-commits mailing list