[Secure-testing-commits] r14275 - in data: CVE DSA

Tue Mar 16 02:49:48 UTC 2010

Author: gilbert-guest
Date: 2010-03-16 02:49:48 +0000 (Tue, 16 Mar 2010)
New Revision: 14275

Modified:
   data/CVE/list
   data/DSA/list
Log:
NFUs; new webkit issues; DSA-2017-1; possible unimportant pubsub issue

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2010-03-16 02:37:53 UTC (rev 14274)
+++ data/CVE/list	2010-03-16 02:49:48 UTC (rev 14275)
@@ -39,7 +39,7 @@
 CVE-2010-0947 (Cross-site scripting (XSS) vulnerability in post.aspx in Max Network ...)
 	NOT-FOR-US: BBSMAX
 CVE-2009-4697 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
-	TODO: check
+	NOT-FOR-US: RadNICS Gold 5
 CVE-2009-4696 (SQL injection vulnerability in index.php in RadNICS Gold 5 allows ...)
 	NOT-FOR-US: RadNICS Gold 5
 CVE-2009-4695 (SQL injection vulnerability in index.php in RadScripts RadLance Gold ...)
@@ -1529,7 +1529,7 @@
 	NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=f98bfbd78c37c5946cc53089da32a5f741efdeb7
 CVE-2010-0409 (Buffer overflow in the GMIME_UUENCODE_LEN macro in ...)
 	- gmime2.2 <unfixed> (bug #568291)
-	- gmime2.4 <unfixed> (bug #568291)
+	- gmime2.4 <unfixed> (bug #573877)
 CVE-2010-0408 (The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp ...)
 	- apache2 2.2.15-1 (low)
 	[lenny] - apache2 <no-dsa> (minor issue)
@@ -2401,11 +2401,11 @@
 CVE-2010-0125
 	RESERVED
 CVE-2010-0124 (Employee Timeclock Software 0.99 places the database password on the ...)
-	TODO: check
+	NOT-FOR-US: Employee Timeclock Software
 CVE-2010-0123 (The database backup implementation in Employee Timeclock Software 0.99 ...)
-	TODO: check
+	NOT-FOR-US: Employee Timeclock Software
 CVE-2010-0122 (Multiple SQL injection vulnerabilities in Employee Timeclock Software ...)
-	TODO: check
+	NOT-FOR-US: Employee Timeclock Software
 CVE-2010-0121
 	RESERVED
 CVE-2010-0120
@@ -3161,35 +3161,65 @@
 	- xar <unfixed> (bug #572556)
 	[lenny] - xar <no-dsa> (Minor issue)
 CVE-2010-0054 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 ...)
-	TODO: check
+	- webkit <undetermined> (bug #574064)
+	- kde4libs <undetermined>
+	- kdelibs <undetermined>
+	- qt4-x11 <undetermined>
 CVE-2010-0053 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 ...)
-	TODO: check
+	- webkit <undetermined> (bug #574064)
+	- kde4libs <undetermined>
+	- kdelibs <undetermined>
+	- qt4-x11 <undetermined>
 CVE-2010-0052 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 ...)
-	TODO: check
+	- webkit <undetermined> (bug #574064)
+	- kde4libs <undetermined>
+	- kdelibs <undetermined>
+	- qt4-x11 <undetermined>
 CVE-2010-0051 (WebKit in Apple Safari before 4.0.5 does not properly validate the ...)
-	TODO: check
+	- webkit <undetermined> (bug #574064)
+	- kde4libs <undetermined>
+	- kdelibs <undetermined>
+	- qt4-x11 <undetermined>
 CVE-2010-0050 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 ...)
-	TODO: check
+	- webkit <undetermined> (bug #574064)
+	- kde4libs <undetermined>
+	- kdelibs <undetermined>
+	- qt4-x11 <undetermined>
 CVE-2010-0049 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 ...)
-	TODO: check
+	- webkit <undetermined> (bug #574064)
+	- kde4libs <undetermined>
+	- kdelibs <undetermined>
+	- qt4-x11 <undetermined>
 CVE-2010-0048 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 ...)
-	TODO: check
+	- webkit <undetermined> (bug #574064)
+	- kde4libs <undetermined>
+	- kdelibs <undetermined>
+	- qt4-x11 <undetermined>
 CVE-2010-0047 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 ...)
-	TODO: check
+	- webkit <undetermined> (bug #574064)
+	- kde4libs <undetermined>
+	- kdelibs <undetermined>
+	- qt4-x11 <undetermined>
 CVE-2010-0046 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple ...)
-	TODO: check
+	- webkit <undetermined> (bug #574064)
+	- kde4libs <undetermined>
+	- kdelibs <undetermined>
+	- qt4-x11 <undetermined>
 CVE-2010-0045 (Apple Safari before 4.0.5 on Windows does not properly validate ...)
-	TODO: check
+	NOT-FOR-US: Apple Safari
 CVE-2010-0044 (PubSub in Apple Safari before 4.0.5 does not properly implement use of ...)
-	TODO: check
+	- libipc-pubsub-perl <undetermined> (unimportant; bug #574066)
+	- libpoe-component-pubsub-perl <undetermined> (unimportant; bug #574067)
+	NOTE: not enough info in apple report to check, but poor cookie handling
+	NOTE: isn't important enough to worry about
 CVE-2010-0043 (ImageIO in Apple Safari before 4.0.5 on Windows allows remote ...)
-	TODO: check
+	NOT-FOR-US: Apple Safari
 CVE-2010-0042 (ImageIO in Apple Safari before 4.0.5 on Windows does not ensure that ...)
-	TODO: check
+	NOT-FOR-US: Apple Safari
 CVE-2010-0041 (ImageIO in Apple Safari before 4.0.5 on Windows does not ensure that ...)
-	TODO: check
+	NOT-FOR-US: Apple Safari
 CVE-2010-0040 (Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows ...)
-	TODO: check
+	NOT-FOR-US: Apple Safari
 CVE-2010-0039
 	RESERVED
 CVE-2010-0038 (Recovery Mode in Apple iPhone OS 1.0 through 3.1.2, and iPhone OS for ...)
@@ -4160,7 +4190,7 @@
 CVE-2009-4002 (Heap-based buffer overflow in Adobe Shockwave Player before 11.5.6.606 ...)
 	NOT-FOR-US: Adobe Shockwave Player
 CVE-2009-4001 (Integer overflow in XnView before 1.97.2 might allow remote attackers ...)
-	TODO: check
+	NOT-FOR-US: XnView
 CVE-2009-4000 (Directory traversal vulnerability in goform/formExportDataLogs in HP ...)
 	NOT-FOR-US: HP Power Manager
 CVE-2009-3999 (Stack-based buffer overflow in goform/formExportDataLogs in HP Power ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2010-03-16 02:37:53 UTC (rev 14274)
+++ data/DSA/list	2010-03-16 02:49:48 UTC (rev 14275)
@@ -1,3 +1,5 @@
+[15 Mar 2010] DSA-2017-1 pulseaudio - insecure temporary directory
+	[lenny] - pulseaudio 0.9.10-3+lenny2
 [15 Mar 2010] DSA-2015-1 drbd8 linux-modules-extra-2.6 - privilege escalation
 	{CVE-2009-3725}
 	[lenny] - drbd8 2:8.0.14-2+lenny1


