[Secure-testing-commits] r13796 - data/CVE

Wed Jan 13 05:13:20 UTC 2010

Author: geissert
Date: 2010-01-13 05:13:13 +0000 (Wed, 13 Jan 2010)
New Revision: 13796

Modified:
   data/CVE/list
Log:
new acidbase and pidgin issues, mediawiki CVEified, NFUs


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2010-01-13 04:46:35 UTC (rev 13795)
+++ data/CVE/list	2010-01-13 05:13:13 UTC (rev 13796)
@@ -1,11 +1,12 @@
 CVE-2010-0277 (slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and ...)
+	- pidgin <unfixed>
 	TODO: check
 CVE-2010-0276 (IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for ...)
-	TODO: check
+	NOT-FOR-US: IBM Lotus iNotes
 CVE-2010-0275 (Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) ...)
-	TODO: check
+	NOT-FOR-US: IBM Lotus iNotes
 CVE-2010-0274 (Unspecified vulnerability in the Edit Contact scene in Ultra-light ...)
-	TODO: check
+	NOT-FOR-US: IBM Lotus iNotes
 CVE-2010-0273 (Unspecified vulnerability in Sun Java System Web Server 7.0 Update 6 ...)
 	TODO: check
 CVE-2010-0272 (Heap-based buffer overflow in Sun Java System Web Server 7.0 Update 6 ...)
@@ -95,43 +96,45 @@
 CVE-2010-0230
 	RESERVED
 CVE-2010-0229 (Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash ...)
-	TODO: check
+	NOT-FOR-US: Verbatim Corporate Secure
 CVE-2010-0228 (Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash ...)
-	TODO: check
+	NOT-FOR-US: Verbatim Corporate Secure
 CVE-2010-0227 (Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash ...)
-	TODO: check
+	NOT-FOR-US: Verbatim Corporate Secure
 CVE-2010-0226 (SanDisk Cruzer Enterprise USB flash drives do not prevent password ...)
-	TODO: check
+	NOT-FOR-US: SanDisk Cruzer Enterprise USB flash drives
 CVE-2010-0225 (SanDisk Cruzer Enterprise USB flash drives use a fixed 256-bit key for ...)
-	TODO: check
+	NOT-FOR-US: SanDisk Cruzer Enterprise USB flash drives
 CVE-2010-0224 (SanDisk Cruzer Enterprise USB flash drives validate passwords with a ...)
-	TODO: check
+	NOT-FOR-US: SanDisk Cruzer Enterprise USB flash drives
 CVE-2010-0223 (Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy ...)
-	TODO: check
+	NOT-FOR-US: Kingston USB flash drives
 CVE-2010-0222 (Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy ...)
-	TODO: check
+	NOT-FOR-US: Kingston USB flash drives
 CVE-2010-0221 (Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy ...)
-	TODO: check
+	NOT-FOR-US: Kingston USB flash drives
 CVE-2010-0220 (The nsObserverList::FillObserverArray function in ...)
 	TODO: check
 CVE-2009-4594 (Unspecified vulnerability in IBM Lotus iNotes (aka Domino Web Access ...)
-	TODO: check
+	NOT-FOR-US: IBM Lotus iNotes
 CVE-2009-4593 (The bftpdutmp_log function in bftpdutmp.c in Bftpd before 2.4 does not ...)
-	TODO: check
+	NOT-FOR-US: Bftpd
 CVE-2009-4592 (Unspecified vulnerability in base_local_rules.php in Basic Analysis ...)
+	- acidbase 1.4.4-1
 	TODO: check
 CVE-2009-4591 (SQL injection vulnerability in Basic Analysis and Security Engine ...)
+	- acidbase 1.4.4-1
 	TODO: check
 CVE-2009-4590 (Cross-site scripting (XSS) vulnerability in base_local_rules.php in ...)
+	- acidbase 1.4.4-1
 	TODO: check
-CVE-2009-4589 (Cross-site scripting (XSS) vulnerability in the Special:Block ...)
-	TODO: check
 CVE-2009-4588 (Heap-based buffer overflow in the WindsPlayerIE.View.1 ActiveX control ...)
-	TODO: check
+	NOT-FOR-US: AwingSoft Awakening
 CVE-2009-4587 (Cherokee Web Server 0.5.4 allows remote attackers to cause a denial of ...)
 	TODO: check
+	NOTE: looks like a windows-specific issue
 CVE-2009-4586 (Multiple cross-site scripting (XSS) vulnerabilities in index.html in ...)
-	TODO: check
+	NOT-FOR-US: Wowd client
 CVE-2010-0219
 	RESERVED
 CVE-2010-0218
@@ -7075,7 +7078,7 @@
 	- movabletype-opensource 4.2.6.1-1 (low; bug #537935) 
 	[lenny] - movabletype-opensource <no-dsa> (Minor information disclosure)
 	TODO: next point update: [lenny] - movabletype-opensource 4.2.3-1+lenny1
-CVE-2009-XXXX [mediawiki: XSS via specialblock]
+CVE-2009-4589 [mediawiki: XSS via specialblock]
 	- mediawiki 1:1.15.0-1.1 (low; bug #537634)
 	- mediawiki1.7 <removed>
 	[etch] - mediawiki <not-affected> (metapackage)


