[Secure-testing-commits] r14744 - in data: . CVE

Tue May 25 03:38:35 UTC 2010

Author: gilbert-guest
Date: 2010-05-25 03:38:24 +0000 (Tue, 25 May 2010)
New Revision: 14744

Modified:
   data/CVE/list
   data/embedded-code-copies
Log:
NFUs; koffice xpdf embed fixed; new wicd issue

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2010-05-24 21:15:09 UTC (rev 14743)
+++ data/CVE/list	2010-05-25 03:38:24 UTC (rev 14744)
@@ -1,9 +1,9 @@
 CVE-2010-2011 (Microsoft Dynamics GP uses a substitution cipher to encrypt the system ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Dynamics GP
 CVE-2010-2010 (Multiple cross-site scripting (XSS) vulnerabilities in the Chaos Tool ...)
-	TODO: check
+	NOT-FOR-US: CTools module for Drupal
 CVE-2010-2009 (Stack-based buffer overflow in the media library in BS.Global ...)
-	TODO: check
+	NOT-FOR-US: BS.Global BS.Player
 CVE-2010-2008
 	RESERVED
 CVE-2010-2007 (Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS ...)
@@ -410,6 +410,9 @@
 CVE-2010-XXXX [serendipity xinha issue]
 	- serendipity 1.5.3-1
 	[lenny] - serendipity <not-affected> (Only affects >= 1.4)
+CVE-2010-XXXX [wicd changes permissions of resolv.conf]
+	- wicd 1.7.0+ds1-3 (low; bug #582798)
+	TODO: check lenny
 CVE-2010-1849
 	RESERVED
 CVE-2010-1848
@@ -1110,11 +1113,11 @@
 CVE-2010-1549 (Unspecified vulnerability in the Agent in HP LoadRunner before 9.50 ...)
 	NOT-FOR-US: HP LoadRunner
 CVE-2010-1548 (The auto-complete functionality in the Chaos Tool Suite (aka CTools) ...)
-	TODO: check
+	NOT-FOR-US: CTools module for Drupal
 CVE-2010-1547 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
-	TODO: check
+	NOT-FOR-US: CTools module for Drupal
 CVE-2010-1546 (Multiple eval injection vulnerabilities in the import functionality in ...)
-	TODO: check
+	NOT-FOR-US: CTools module for Drupal
 CVE-2010-1545
 	RESERVED
 CVE-2010-1544 (micro_httpd on the RCA DCM425 cable modem allows remote attackers to ...)
@@ -4059,9 +4062,9 @@
 CVE-2010-0540
 	RESERVED
 CVE-2010-0539 (Integer signedness error in the window drawing implementation in Apple ...)
-	TODO: check
+	NOT-FOR-US: Apple Java
 CVE-2010-0538 (Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X ...)
-	TODO: check
+	NOT-FOR-US: Apple Java
 CVE-2010-0537 (DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly ...)
 	NOT-FOR-US: Apple DesktopServices
 CVE-2010-0536 (Apple QuickTime before 7.6.6 on Windows allows remote attackers to ...)

Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies	2010-05-24 21:15:09 UTC (rev 14743)
+++ data/embedded-code-copies	2010-05-25 03:38:24 UTC (rev 14744)
@@ -34,14 +34,12 @@
 	- kdegraphics 4:4.2.2-1 (embed; bug #436164)
 	- texlive-base 3.0-12 (embed)
 	- texlive-bin 2007-1 (embed)
-	NOTE: links to poppler
-	- koffice <unfixed> (embed; bug #436163)
+	- koffice 1:2.0.0-1 (embed; bug #436163)
 	- libextractor 0.5.12-1 (embed)
 	NOTE: libextractor is using its own pdf decoder now
 	- ipe <unfixed> (embed)
 	NOTE: embeds small parts with renamed source files: ipestdfonts.cpp, ipefonts.cpp, ipedct.cpp
 	- ruby-gnome2 <unknown> (embed)
-	NOTE: copy only present in source but links to poppler
 	- pdfedit <unfixed> (embed; bug #510794)
 	- swftools <removed> (embed; bug #551293)
 	- poppler <unfixable> (fork)


