[Secure-testing-commits] r13697 - in data: . CVE

Giuseppe Iuculano derevko-guest at alioth.debian.org
Sat Jan 2 15:01:12 UTC 2010 

Author: derevko-guest
Date: 2010-01-02 15:01:04 +0000 (Sat, 02 Jan 2010)
New Revision: 13697

Modified:
   data/CVE/list
   data/ospu-candidates.txt
   data/spu-candidates.txt
Log:
NFUs and ITPs
two minor network-manager issues



Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-01-02 09:30:05 UTC (rev 13696)
+++ data/CVE/list	2010-01-02 15:01:04 UTC (rev 13697)
@@ -8,35 +8,35 @@
 	TODO: check stable and oldstable (i.e. gaim)
 	NOTE: http://events.ccc.de/congress/2009/Fahrplan/attachments/1483_26c3_ipv4_fuckups.pdf
 CVE-2009-4458 (Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.2 ...)
-	TODO: check
+	- freepbx <itp> (bug #464926)
 CVE-2009-4457 (Multiple unspecified vulnerabilities in the Vsftpd Webmin module ...)
-	TODO: check
+	- webmin <itp> (bug #377948)
 CVE-2009-4456 (SQL injection vulnerability in news_detail.php in Green Desktiny ...)
-	TODO: check
+	NOT-FOR-US: Green Desktiny
 CVE-2009-4455 (The default configuration of Cisco ASA 5500 Series Adaptive Security ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2009-4454 (vccleaner in VideoCache 1.9.2 allows local users with Squid proxy user ...)
-	TODO: check
+	- videocache <itp> (bug #505329)
 CVE-2009-4453 (Insecure method vulnerability in SoftCab Sound Converter ActiveX ...)
-	TODO: check
+	NOT-FOR-US: SoftCab Sound Converter ActiveX
 CVE-2009-4452 (Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; ...)
-	TODO: check
+	NOT-FOR-US: Kaspersky Anti-Viru
 CVE-2009-4451 (Unrestricted file upload vulnerability in upper.php in kandalf upper ...)
-	TODO: check
+	NOT-FOR-US: kandalf upper
 CVE-2009-4450 (Multiple cross-site scripting (XSS) vulnerabilities in map.php in ...)
-	TODO: check
+	NOT-FOR-US: LiveZilla
 CVE-2009-4449 (Directory traversal vulnerability in MyBB (aka MyBulletinBoard) ...)
-	TODO: check
+	NOT-FOR-US: MyBB
 CVE-2009-4448 (inc/functions_time.php in MyBB (aka MyBulletinBoard) 1.4.10, and ...)
-	TODO: check
+	NOT-FOR-US: MyBB
 CVE-2009-4447 (Jax Guestbook 3.5.0 allows remote attackers to bypass authentication ...)
-	TODO: check
+	NOT-FOR-US: Jax Guestbook
 CVE-2009-4446 (Cross-site scripting (XSS) vulnerability in admin.php in ...)
-	TODO: check
+	NOT-FOR-US: phpInstantGallery
 CVE-2009-4445 (Microsoft Internet Information Services (IIS), when used in ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2009-4444 (Microsoft Internet Information Services (IIS) 5.x and 6.x uses only ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2009-4443 (Unspecified vulnerability in the psearch (aka persistent search) ...)
 	NOT-FOR-US: Sun Java System Directory Server Enterprise Edition
 CVE-2009-4442 (Directory Proxy Server (DPS) in Sun Java System Directory Server ...)
@@ -88,7 +88,7 @@
 CVE-2009-4421 (Directory traversal vulnerability in languages_cgi.php in Simple PHP ...)
 	NOT-FOR-US: Simple PHP Blog
 CVE-2009-4420 (Buffer overflow in the bd daemon in F5 Networks BIG-IP Application ...)
-	TODO: check
+	NOT-FOR-US: F5 Networks BIG-IP Application Security Manager (ASM) and Protocol Security Manager (PSM)
 CVE-2009-4419 (Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets in the ...)
 	NOT-FOR-US: Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets
 CVE-2009-4418 (The unserialize function in PHP 5.3.0 and earlier allows ...)
@@ -626,6 +626,10 @@
 	- xpat2 <unfixed> (unimportant; bug #560087)
 CVE-2009-4144 (NetworkManager (NM) 0.7.2 does not ensure that the configured ...)
 	- network-manager-applet <unfixed> (low; bug #560067)
+	- network-manager 0.6.5-1 (low)
+	[lenny] - network-manager-applet <no-dsa> (minor issue)
+	[etch] - network-manager <no-dsa> (minor issue)
+	NOTE: network-manager in lenny not affected, because it is in network-manager-applet
 CVE-2009-XXXX [unsafe xfs]
 	- xfs 1:1.0.8-6 (low; bug #521107)
 	[etch] - xfs <no-dsa> (minor issue)
@@ -929,8 +933,11 @@
 CVE-2009-4146 (The _rtld function in the Run-Time Link-Editor (rtld) in ...)
 	TODO: check
 CVE-2009-4145 (nm-connection-editor in NetworkManager (NM) 0.7.x exports connection ...)
-	- network-manager-applet <unfixed>
-	TODO: check
+	- network-manager-applet <unfixed> (low; bug #563371)
+	- network-manager 0.6.5-1 (low)
+	[lenny] - network-manager-applet <no-dsa> (minor issue)
+	[etch] - network-manager <no-dsa> (minor issue)
+	NOTE: network-manager in lenny not affected, because it is in network-manager-applet
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=546117
 CVE-2009-4143 (PHP before 5.2.12 does not properly handle session data, which has ...)
 	- php5 <unfixed> (low)

Modified: data/ospu-candidates.txt
===================================================================
--- data/ospu-candidates.txt	2010-01-02 09:30:05 UTC (rev 13696)
+++ data/ospu-candidates.txt	2010-01-02 15:01:04 UTC (rev 13697)
@@ -544,6 +544,16 @@
 
 --
 
+network-manager (CVE-2009-4144)
+#560067
+notified maintainer through initial bugreport
+
+CVE-2009-4145
+#563371
+notified maintainer through initial bugreport
+
+--
+
 nfs-utils (CVE-2008-4552)
 notified maintainer
 

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2010-01-02 09:30:05 UTC (rev 13696)
+++ data/spu-candidates.txt	2010-01-02 15:01:04 UTC (rev 13697)
@@ -239,6 +239,16 @@
 
 --
 
+network-manager-applet (CVE-2009-4144)
+#560067
+notified maintainer through initial bugreport
+
+CVE-2009-4145
+#563371
+notified maintainer through initial bugreport
+
+--
+
 ntop (CVE-2009-2732)
 #543312
 notified maintainer through initial bugreport

More information about the Secure-testing-commits mailing list