[Secure-testing-commits] r13778 - data/CVE

Giuseppe Iuculano derevko-guest at alioth.debian.org
Sun Jan 10 13:43:17 UTC 2010 

Author: derevko-guest
Date: 2010-01-10 13:43:17 +0000 (Sun, 10 Jan 2010)
New Revision: 13778

Modified:
   data/CVE/list
Log:
- CVE-2009-4565: sendmail does not properly handle a '\0' character
- sarg issues
- NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-01-10 13:11:25 UTC (rev 13777)
+++ data/CVE/list	2010-01-10 13:43:17 UTC (rev 13778)
@@ -257,11 +257,11 @@
 CVE-2009-4560 (SQL injection vulnerability in profile.php in WebLeague 2.2.0 allows ...)
 	NOT-FOR-US: WebLeague
 CVE-2009-4559 (Cross-site scripting (XSS) vulnerability in the Submitted By module ...)
-	TODO: check
+	NOT-FOR-US: module for Drupal
 CVE-2009-4558 (The Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before ...)
-	TODO: check
+	NOT-FOR-US: module for Drupal
 CVE-2009-4557 (Cross-site scripting (XSS) vulnerability in the Image Assist module ...)
-	TODO: check
+	NOT-FOR-US: module for Drupal
 CVE-2009-4556 (Quick Heal AntiVirus Plus 2009 10.00 SP1 and Quick Heal Total Security ...)
 	NOT-FOR-US: Quick Heal products
 CVE-2009-4555 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
@@ -279,25 +279,25 @@
 CVE-2009-4549 (Stack-based buffer overflow in A2 Media Player Pro 2.51 allows remote ...)
 	NOT-FOR-US: A2 Media Player Pro
 CVE-2009-4548 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt Helpdesk ...)
-	TODO: check
+	NOT-FOR-US: ViArt Helpdesk
 CVE-2009-4547 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt CMS 3.x ...)
-	TODO: check
+	NOT-FOR-US: ViArt CMS
 CVE-2009-4546 (globepersonnel_login.asp in Logoshows BBS 2.0 allows remote attackers ...)
-	TODO: check
+	NOT-FOR-US: Logoshows BBS
 CVE-2009-4545 (Logoshows BBS 2.0 stores sensitive information under the web root with ...)
-	TODO: check
+	NOT-FOR-US: Logoshows BBS
 CVE-2009-4544 (Cross-site scripting (XSS) vulnerability in kbase/kbase.php in ...)
-	TODO: check
+	NOT-FOR-US: Cromosoft Technologies Facil Helpdesk
 CVE-2009-4543 (PHP remote file inclusion vulnerability in index.php in Cromosoft ...)
-	TODO: check
+	NOT-FOR-US: Cromosoft Technologies Facil Helpdesk
 CVE-2009-4542 (Cross-site scripting (XSS) vulnerability in newticket.php in IsolSoft ...)
-	TODO: check
+	NOT-FOR-US: IsolSoft Support Center
 CVE-2009-4541 (Multiple PHP remote file inclusion vulnerabilities in IsolSoft Support ...)
-	TODO: check
+	NOT-FOR-US: IsolSoft Support Center
 CVE-2009-4540 (SQL injection vulnerability in page.php in Mini CMS 1.0.1 allows ...)
-	TODO: check
+	NOT-FOR-US: Mini CMS
 CVE-2009-4539 (Cross-site scripting (XSS) vulnerability in main.php in SQLiteManager ...)
-	TODO: check
+	NOT-FOR-US: SQLiteManager
 CVE-2010-XXXX [nis users shadow password leakage]
 	- eglibc 2.10.2-4 (medium; bug #560333)
 	- glibc <removed> (medium)
@@ -468,6 +468,7 @@
 CVE-2009-4481 (Unspecified vulnerability in radiusd in FreeRADIUS 1.1.7 allows remote ...)
 	- freeradius <unfixed>
 	TODO: check
+	NOTE: this disclosure has no actionable information
 CVE-2009-4480 (Buffer overflow in the web service in AzeoTech DAQFactory 5.77 might ...)
 	NOT-FOR-US: AzeoTech DAQFactory
 CVE-2009-4479 (LDAP3A.exe in MailSite 8.0.4 allows remote attackers to cause a denial ...)
@@ -513,14 +514,11 @@
 CVE-2009-4459 (Redmine 0.8.7 and earlier uses the title tag before defining the ...)
 	- redmine <unfixed> (bug #563940)
 CVE-2008-7250 (Cross-site scripting (XSS) vulnerability in Squid Analysis Report ...)
-	- sarg <unfixed>
-	TODO: check
+	- sarg 2.2.5-1 (low)
 CVE-2008-7249 (Buffer overflow in Squid Analysis Report Generator (Sarg) 2.2.3.1, and ...)
-	- sarg <unfixed>
-	TODO: check
+	- sarg 2.2.4-1 (medium)
 CVE-2009-4565 (sendmail before 8.14.4 does not properly handle a '\0' character in a ...)
-	- sendmail <unfixed>
-	TODO: check
+	- sendmail <unfixed> (medium; bug #564581)
 	NOTE: http://www.sendmail.org/releases/8.14.4
 CVE-2009-4458 (Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.2 ...)
 	- freepbx <itp> (bug #464926)
@@ -2640,7 +2638,7 @@
 CVE-2009-3735
 	RESERVED
 CVE-2009-3734 (Unspecified vulnerability in the management console in the S2 Security ...)
-	TODO: check
+	NOT-FOR-US: S2 Security Linear eMerge Access Control System
 CVE-2009-XXXX [mandos 0600 file being included in initrd]
 	- mandos 1.0.13-1 (bug #551907)
 CVE-2009-3733 (Directory traversal vulnerability in VMware Server 1.x before 1.0.10 ...)
@@ -2648,7 +2646,7 @@
 CVE-2009-3732
 	RESERVED
 CVE-2009-3731 (Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help ...)
-	TODO: check
+	NOT-FOR-US: WebWorks Help
 CVE-2009-3730 (Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help ...)
 	NOT-FOR-US: ReqWeb
 CVE-2009-3729 (Unspecified vulnerability in the TrueType font parsing functionality ...)

More information about the Secure-testing-commits mailing list