[Secure-testing-commits] r15919 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Tue Jan 18 21:14:51 UTC 2011
Author: joeyh
Date: 2011-01-18 21:14:50 +0000 (Tue, 18 Jan 2011)
New Revision: 15919
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-01-18 02:18:16 UTC (rev 15918)
+++ data/CVE/list 2011-01-18 21:14:50 UTC (rev 15919)
@@ -1,3 +1,89 @@
+CVE-2011-0485 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do ...)
+ TODO: check
+CVE-2011-0484 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do ...)
+ TODO: check
+CVE-2011-0483 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do ...)
+ TODO: check
+CVE-2011-0482 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do ...)
+ TODO: check
+CVE-2011-0481 (Buffer overflow in Google Chrome before 8.0.552.237 and Chrome OS ...)
+ TODO: check
+CVE-2011-0480 (Multiple buffer overflows in the Vorbis decoder in Google Chrome ...)
+ TODO: check
+CVE-2011-0479 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do ...)
+ TODO: check
+CVE-2011-0478 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do ...)
+ TODO: check
+CVE-2011-0477 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do ...)
+ TODO: check
+CVE-2011-0476 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 ...)
+ TODO: check
+CVE-2011-0475 (Use-after-free vulnerability in Google Chrome before 8.0.552.237 and ...)
+ TODO: check
+CVE-2011-0474 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do ...)
+ TODO: check
+CVE-2011-0473 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do ...)
+ TODO: check
+CVE-2011-0472 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do ...)
+ TODO: check
+CVE-2011-0471 (The node-iteration implementation in Google Chrome before 8.0.552.237 ...)
+ TODO: check
+CVE-2011-0470 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do ...)
+ TODO: check
+CVE-2011-0469
+ RESERVED
+CVE-2011-0468
+ RESERVED
+CVE-2011-0467
+ RESERVED
+CVE-2011-0466
+ RESERVED
+CVE-2011-0465
+ RESERVED
+CVE-2011-0464
+ RESERVED
+CVE-2011-0463
+ RESERVED
+CVE-2011-0462
+ RESERVED
+CVE-2011-0461
+ RESERVED
+CVE-2011-0460
+ RESERVED
+CVE-2011-0459
+ RESERVED
+CVE-2011-0458
+ RESERVED
+CVE-2011-0457
+ RESERVED
+CVE-2011-0456
+ RESERVED
+CVE-2011-0455
+ RESERVED
+CVE-2011-0454
+ RESERVED
+CVE-2011-0453
+ RESERVED
+CVE-2011-0452
+ RESERVED
+CVE-2011-0451
+ RESERVED
+CVE-2011-0450
+ RESERVED
+CVE-2011-0449
+ RESERVED
+CVE-2011-0448
+ RESERVED
+CVE-2011-0447
+ RESERVED
+CVE-2011-0446
+ RESERVED
+CVE-2010-4695 (A certain Fedora patch for gif2png.c in gif2png 2.5.1 and 2.5.2, as ...)
+ TODO: check
+CVE-2010-4694 (Buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow ...)
+ TODO: check
+CVE-2008-7271 (Multiple cross-site scripting (XSS) vulnerabilities in the Help ...)
+ TODO: check
CVE-2011-0426
RESERVED
CVE-2011-0445 (The ASN.1 BER dissector in Wireshark 1.4.0 through 1.4.2 allows remote ...)
@@ -85,7 +171,7 @@
- phpgedview <removed>
CVE-2011-0404 (Stack-based buffer overflow in NetSupport Manager Agent for Linux ...)
NOT-FOR-US: NetSupport Manager Agent for Linux
-CVE-2011-0403 (Untrusted search path vulnerability in ImgBurn.exe in [VENDOR] ImgBurn ...)
+CVE-2011-0403 (Untrusted search path vulnerability in ImgBurn.exe in ImgBurn 2.4.0.0, ...)
NOT-FOR-US: ImgBurn
CVE-2011-0402 (dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted ...)
{DSA-2142-1}
@@ -272,8 +358,8 @@
RESERVED
CVE-2011-0311
RESERVED
-CVE-2011-0310
- RESERVED
+CVE-2011-0310 (Buffer overflow in IBM WebSphere MQ 7.0 before 7.0.1.4 allows remote ...)
+ TODO: check
CVE-2011-0309
RESERVED
CVE-2011-0308
@@ -462,8 +548,7 @@
RESERVED
- linux-2.6 2.6.32-30
[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.28)
-CVE-2010-4647 [eclipse: Help Content web application vulnerable to XSS]
- RESERVED
+CVE-2010-4647 (Multiple cross-site scripting (XSS) vulnerabilities in the Help ...)
- eclipse <unfixed>
CVE-2010-4646
RESERVED
@@ -584,28 +669,28 @@
RESERVED
CVE-2011-0272
RESERVED
-CVE-2011-0271
- RESERVED
-CVE-2011-0270
- RESERVED
-CVE-2011-0269
- RESERVED
-CVE-2011-0268
- RESERVED
-CVE-2011-0267
- RESERVED
-CVE-2011-0266
- RESERVED
-CVE-2011-0265
- RESERVED
-CVE-2011-0264
- RESERVED
-CVE-2011-0263
- RESERVED
-CVE-2011-0262
- RESERVED
-CVE-2011-0261
- RESERVED
+CVE-2011-0271 (The CGI scripts in HP OpenView Network Node Manager (OV NNM) 7.51 and ...)
+ TODO: check
+CVE-2011-0270 (Format string vulnerability in nnmRptConfig.exe in HP OpenView Network ...)
+ TODO: check
+CVE-2011-0269 (Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node ...)
+ TODO: check
+CVE-2011-0268 (Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node ...)
+ TODO: check
+CVE-2011-0267 (Multiple buffer overflows in nnmRptConfig.exe in HP OpenView Network ...)
+ TODO: check
+CVE-2011-0266 (Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node ...)
+ TODO: check
+CVE-2011-0265 (Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node ...)
+ TODO: check
+CVE-2011-0264 (Stack-based buffer overflow in ovutil.dll in HP OpenView Network Node ...)
+ TODO: check
+CVE-2011-0263 (Multiple stack-based buffer overflows in ovas.exe in the OVAS service ...)
+ TODO: check
+CVE-2011-0262 (Buffer overflow in the stringToSeconds function in ovutil.dll in ...)
+ TODO: check
+CVE-2011-0261 (Unspecified vulnerability in jovgraph.exe in jovgraph in HP OpenView ...)
+ TODO: check
CVE-2011-0260
RESERVED
CVE-2011-0259
@@ -1093,8 +1178,8 @@
RESERVED
CVE-2010-4567
RESERVED
-CVE-2010-4566
- RESERVED
+CVE-2010-4566 (Unspecified vulnerability in the NT4 authentication component in ...)
+ TODO: check
CVE-2010-4565 (The bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) ...)
- linux-2.6 <unfixed>
CVE-2010-4564
@@ -1240,8 +1325,8 @@
CVE-2010-4538 (Buffer overflow in the sect_enttec_dmx_da function in ...)
{DSA-2144-1}
- wireshark 1.2.11-6 (bug #608990)
-CVE-2010-4537
- RESERVED
+CVE-2010-4537 (Unspecified vulnerability in CrawlTrack before 3.2.7, when a public ...)
+ TODO: check
CVE-2010-4536 (Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used ...)
- wordpress 3.0.4+dfsg-1
- moodle <unfixed>
@@ -1272,15 +1357,13 @@
- ccid <unfixed> (unimportant; bug #607780)
NOTE: CVE requested, http://seclists.org/oss-sec/2010/q4/356
NOTE: Theoretical attack
-CVE-2010-4529
- RESERVED
+CVE-2010-4529 (Integer underflow in the irda_getsockopt function in ...)
- linux-2.6 2.6.32-30
CVE-2010-4528 (directconn.c in the MSN protocol plugin in libpurple 2.7.6 through ...)
- pidgin 2.7.9-1 (bug #608331; medium)
[squeeze] - pidgin <not-affected> (Vulnerable code not present)
[lenny] - pidgin <not-affected> (Vulnerable code not present)
-CVE-2010-4527
- RESERVED
+CVE-2010-4527 (The load_mixer_volumes function in sound/oss/soundcard.c in the OSS ...)
- linux-2.6 <unfixed>
CVE-2010-4526 (Race condition in the Linux kernel 2.6.11-rc2 through 2.6.33 allows ...)
- linux-2.6 2.6.32-30
@@ -1354,7 +1437,8 @@
NOT-FOR-US: Aigaion
CVE-2010-4502 (Integer overflow in KmxSbx.sys 6.2.0.22 in CA Internet Security Suite ...)
NOT-FOR-US: CA Internet Security Suite
-CVE-2010-4501 (IO::Socket::SSL Perl module 1.35, when verify_mode is not VERIFY_NONE, ...)
+CVE-2010-4501
+ REJECTED
NOTE: Dupe of CVE-2010-4334
CVE-2010-4500 (Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY ...)
NOT-FOR-US: MRCGIGUY FreeTicket
@@ -1649,13 +1733,11 @@
NOT-FOR-US: Apache archiva
CVE-2008-7270 (OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is ...)
- openssl 0.9.8k-1
-CVE-2010-4334 [IO::Socket::SSL verify peer mode ignored if no cert supplied]
- RESERVED
+CVE-2010-4334 (IO::Socket::SSL Perl module 1.35, when verify_mode is not VERIFY_NONE, ...)
- libio-socket-ssl-perl 1.35-1 (bug #606058)
[squeeze] - libio-socket-ssl-perl 1.33-1+squeeze1
[lenny] - libio-socket-ssl-perl <not-affected> (Vulnerable code not present)
-CVE-2010-4335 [cakephp controller/component/security.php unsafe unserialize]
- RESERVED
+CVE-2010-4335 (The _validatePost function in libs/controller/components/security.php ...)
- cakephp 1.3.2-1.1 (bug #606386)
[lenny] - cakephp <not-affected>
NOTE: https://github.com/cakephp/cakephp/commit/e431e86aa4301ced4273dc7919b59362cbb353cb
@@ -1663,8 +1745,7 @@
{DSA-2133-1}
- collectd 4.10.1-2.1 (bug #605092; low)
[squeeze] - collectd 4.10.1-1+squeeze2
-CVE-2010-4337 [gnash: insecure temp files handling in configure script]
- RESERVED
+CVE-2010-4337 (The configure script in gnash 0.8.8 allows local users to overwrite ...)
- gnash <unfixed> (unimportant; bug #605419)
CVE-2006-7243 [php and NUL handling on file ops]
RESERVED
@@ -1766,8 +1847,7 @@
CVE-2010-4338 [ocrodjvu insecure temp files handling]
RESERVED
- ocrodjvu 0.4.6-2 (low; bug #598134)
-CVE-2010-4339 [hypermail XSS]
- RESERVED
+CVE-2010-4339 (Cross-site scripting (XSS) vulnerability in Hypermail 2.2.0 allows ...)
- hypermail <removed> (low; bug #598743)
CVE-2010-4366 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: Chameleon Social Networking
@@ -2530,12 +2610,10 @@
- ghostscript <unfixed> (unimportant)
CVE-2010-4053 (Stack-based buffer overflow in an unspecified logging function in ...)
NOT-FOR-US: IBM Informix Dynamic Server
-CVE-2010-4052 [regcomp stack exhausion]
- RESERVED
+CVE-2010-4052 (Stack consumption vulnerability in the regcomp implementation in the ...)
- glibc <removed>
- eglibc <unfixed>
-CVE-2010-4051 [regcomp stack exhausion]
- RESERVED
+CVE-2010-4051 (The regcomp implementation in the GNU C Library (aka glibc or libc6) ...)
- glibc <removed>
- eglibc <unfixed>
CVE-2010-XXXX [XSS vulnerability discovered -plugin-globalsearch]
@@ -2843,10 +2921,10 @@
RESERVED
CVE-2010-3926 (Multiple cross-site scripting (XSS) vulnerabilities in Shop.cgi in ...)
NOT-FOR-US: SGX-SP Final
-CVE-2010-3925
- RESERVED
-CVE-2010-3924
- RESERVED
+CVE-2010-3925 (Contents-Mall before 15 does not properly handle passwords, which ...)
+ TODO: check
+CVE-2010-3924 (SQL injection vulnerability in Aimluck Aipo before 5.1.0.1 allows ...)
+ TODO: check
CVE-2010-3923 (Untrusted search path vulnerability in AttacheCase before 2.70 allows ...)
NOT-FOR-US: AttacheCase
CVE-2010-3922 (SQL injection vulnerability in Movable Type 4.x before 4.35 and 5.x ...)
@@ -3071,43 +3149,35 @@
CVE-2010-4237
RESERVED
- mercurial 1.6.4-1 (low; bug #598841)
-CVE-2010-3840
- RESERVED
+CVE-2010-3840 (The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL ...)
{DSA-2143-1}
- mysql-5.1 5.1.49-3 (bug #599937)
- mysql-dfsg-5.0 <removed>
-CVE-2010-3839
- RESERVED
+CVE-2010-3839 (MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote ...)
- mysql-5.1 5.1.49-3 (bug #599937)
- mysql-dfsg-5.0 <removed>
[lenny] - mysql-dfsg-5.0 <not-affected> (vulnerable code not present)
-CVE-2010-3838
- RESERVED
+CVE-2010-3838 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 ...)
{DSA-2143-1}
- mysql-5.1 5.1.49-3 (bug #599937)
- mysql-dfsg-5.0 <removed>
-CVE-2010-3837
- RESERVED
+CVE-2010-3837 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 ...)
{DSA-2143-1}
- mysql-5.1 5.1.49-3 (bug #599937)
- mysql-dfsg-5.0 <removed>
-CVE-2010-3836
- RESERVED
+CVE-2010-3836 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 ...)
{DSA-2143-1}
- mysql-5.1 5.1.49-3 (bug #599937)
- mysql-dfsg-5.0 <removed>
-CVE-2010-3835
- RESERVED
+CVE-2010-3835 (MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote ...)
{DSA-2143-1}
- mysql-5.1 5.1.49-3 (bug #599937)
- mysql-dfsg-5.0 <removed>
-CVE-2010-3834
- RESERVED
+CVE-2010-3834 (Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before ...)
{DSA-2143-1}
- mysql-5.1 5.1.49-3 (bug #599937)
- mysql-dfsg-5.0 <removed>
-CVE-2010-3833
- RESERVED
+CVE-2010-3833 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does ...)
{DSA-2143-1}
- mysql-5.1 5.1.49-3 (bug #599937)
- mysql-dfsg-5.0 <removed>
@@ -3556,41 +3626,40 @@
{DSA-2113-1}
- drupal6 6.18-1 (low; bug #592716)
CVE-2010-4340 [libcloud doesn't verify SSL certificate]
- RESERVED
- libcloud <unfixed> (low; bug #598463)
CVE-2010-3688 (Directory traversal vulnerability in ADMIN/login.php in NetArtMEDIA ...)
NOT-FOR-US: NetArtMEDIA WebSiteAdmin
CVE-2010-3684 (The FTP authentication module in Synology Disk Station 2.x logs ...)
NOT-FOR-US: Synology Disk Station
-CVE-2010-3683 (MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a ...)
+CVE-2010-3683 (Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet ...)
- mysql-5.1 5.1.49-1 (bug #598580)
- mysql-dfsg-5.0 <removed>
[lenny] - mysql-dfsg-5.0 <not-affected> (vulnerable code not present)
-CVE-2010-3682 (MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote ...)
+CVE-2010-3682 (Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote ...)
{DSA-2143-1}
- mysql-5.1 5.1.49-1 (bug #598580)
- mysql-dfsg-5.0 <removed>
-CVE-2010-3681 (MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote ...)
+CVE-2010-3681 (Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote ...)
{DSA-2143-1}
- mysql-5.1 5.1.49-1 (bug #598580)
- mysql-dfsg-5.0 <removed>
-CVE-2010-3680 (MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a ...)
+CVE-2010-3680 (Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to ...)
{DSA-2143-1}
- mysql-5.1 5.1.49-1 (bug #598580)
- mysql-dfsg-5.0 <removed>
-CVE-2010-3679 (MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a ...)
+CVE-2010-3679 (Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to ...)
- mysql-5.1 5.1.49-1 (bug #598580)
- mysql-dfsg-5.0 <removed>
[lenny] - mysql-dfsg-5.0 <not-affected> (vulnerable code not present)
-CVE-2010-3678 (MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a ...)
+CVE-2010-3678 (Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to ...)
- mysql-5.1 5.1.49-1 (bug #598580)
- mysql-dfsg-5.0 <removed>
[lenny] - mysql-dfsg-5.0 <not-affected> (vulnerable code not present)
-CVE-2010-3677 (MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote ...)
+CVE-2010-3677 (Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote ...)
{DSA-2143-1}
- mysql-5.1 5.1.49-1 (bug #598580)
- mysql-dfsg-5.0 <removed>
-CVE-2010-3676 (storage/innobase/dict/dict0crea.c in mysqld in MySQL 5.1 before 5.1.49 ...)
+CVE-2010-3676 (storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before ...)
- mysql-5.1 5.1.49-1 (bug #598580)
- mysql-dfsg-5.0 <removed>
[lenny] - mysql-dfsg-5.0 <not-affected> (vulnerable code not present)
@@ -5217,8 +5286,7 @@
CVE-2010-3087 (LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote ...)
- tiff 3.9.4-5 (bug #600188)
[lenny] - tiff <not-affected> (Vulnerable code not present)
-CVE-2010-3086
- RESERVED
+CVE-2010-3086 (include/asm-x86/futex.h in the Linux kernel before 2.6.25 does not ...)
- linux-2.6 2.6.25-1
CVE-2010-3085 (The network-play implementation in Mednafen before 0.8.D might allow ...)
- mednafen 0.8.D-1 (unimportant)
@@ -12173,6 +12241,7 @@
- linux-2.6 2.6.12-1
- linux-2.6.24 <not-affected> (fixed before 2.6.24)
CVE-2009-5050 [konversation DoS]
+ RESERVED
- konversation 1.2.3-1 (low)
[lenny] - konversation <not-affected> (Doesn't affect the combination of kdelibs/QT in Lenny)
NOTE: http://bugs.kde.org/show_bug.cgi?id=219985
@@ -13999,8 +14068,8 @@
NOT-FOR-US: Mini CMS
CVE-2009-4539 (Cross-site scripting (XSS) vulnerability in main.php in SQLiteManager ...)
NOT-FOR-US: SQLiteManager
-CVE-2010-0115
- RESERVED
+CVE-2010-0115 (SQL injection vulnerability in login.php in the GUI management console ...)
+ TODO: check
CVE-2010-0114 (fw_charts.php in the reporting module in the Manager (aka SEPM) ...)
NOT-FOR-US: Symantec Endpoint Protection
CVE-2010-0113 (The Symantec Norton Mobile Security application 1.0 Beta for Android ...)
@@ -14964,8 +15033,7 @@
[lenny] - gnome-screensaver <not-affected> (vulnerable code introduced in 2.28)
NOTE: the code in etch's version is more different but it seems to be affected
NOTE: http://git.gnome.org/browse/gnome-screensaver/commit/?id=284c9924969a49dbf2d5fae1d680d3310c4df4a3
-CVE-2009-5018 [gif2png multiple buffer overflows parsing CLI arguments]
- RESERVED
+CVE-2009-5018 (Stack-based buffer overflow in gif2png.c in gif2png 2.5.3 and earlier ...)
- gif2png 2.5.2-1 (low; bug #550978)
[etch] - gif2png <no-dsa> (minor issue)
[lenny] - gif2png <no-dsa> (minor issue)
@@ -15058,6 +15126,7 @@
- moodle 1.8.2.dfsg-6 (bug #559531)
NOTE: MSA-09-0022
CVE-2009-5042 [docutils insecure usage of temporary files]
+ RESERVED
- python-docutils 0.6-2 (low; bug #560755)
[etch] - python-docutils <not-affected> (vulnerable code introduced in 0.5)
[lenny] - python-docutils 0.5-2+lenny1
@@ -16343,22 +16412,27 @@
- gs-gpl <removed> (unimportant)
- xpdf <unfixed> (unimportant)
CVE-2009-5045 [multiple vulnerabilities in jetty]
+ RESERVED
- jetty <unfixed> (unimportant; bug #553644)
NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
NOTE: The affected apps are not shipped in the package, see #553644
CVE-2009-5046 [multiple vulnerabilities in jetty]
+ RESERVED
- jetty <unfixed> (unimportant; bug #553644)
NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
NOTE: The affected apps are not shipped in the package, see #553644
CVE-2009-5047 [multiple vulnerabilities in jetty]
+ RESERVED
- jetty <unfixed> (unimportant; bug #553644)
NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
NOTE: The affected apps are not shipped in the package, see #553644
CVE-2009-5048 [multiple vulnerabilities in jetty]
+ RESERVED
- jetty <unfixed> (unimportant; bug #553644)
NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
NOTE: The affected apps are not shipped in the package, see #553644
CVE-2009-5049 [multiple vulnerabilities in jetty]
+ RESERVED
- jetty <unfixed> (unimportant; bug #553644)
NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
NOTE: The affected apps are not shipped in the package, see #553644
@@ -17289,6 +17363,7 @@
NOTE: A user must have access to a guest hard drive image in order to boot it,
NOTE: so he can simply mount the drive and remove the password option.
CVE-2009-5041 [buffer overflow in overkill]
+ RESERVED
- overkill 0.16-14.1 (bug #549310; low)
[lenny] - overkill <no-dsa> (Minor issue)
[etch] - overkill <no-dsa> (Minor issue)
@@ -19490,6 +19565,7 @@
[etch] - backuppc <not-affected> (No configuration GUI)
[lenny] - backuppc 3.1.0-4lenny2
CVE-2009-5043 [burn: Insecure escaping of file names]
+ RESERVED
- burn 0.4.5-1 (low; bug #542329)
[lenny] - burn 0.4.3-2.1+lenny1
[etch] - burn <no-dsa> (Minor issue)
@@ -20188,6 +20264,7 @@
[lenny] - groff <not-affected> (pdfroff not yet present)
NOTE: requested CVE ids
CVE-2009-5044 [groff: uses insecure temp files]
+ RESERVED
- groff 1.20.1-5 (low; bug #538330)
[etch] - groff <not-affected> (pdfroff not yet present)
[lenny] - groff <not-affected> (pdfroff not yet present)
@@ -28137,8 +28214,10 @@
CVE-2002-2427 (The security handler in GoAhead WebServer before 2.1.1 allows remote ...)
NOT-FOR-US: GoAhead WebServer
CVE-2008-7272 [iceweasel-firegpg: Passphrase and Cleartext Recovery]
+ RESERVED
- iceweasel-firegpg <removed> (bug #514386)
CVE-2008-7273 [iceweasel-firegpg: Passphrase and Cleartext Recovery]
+ RESERVED
- iceweasel-firegpg <removed> (bug #514386)
CVE-2009-0431 (SQL injection vulnerability in Default.asp in LinksPro Standard ...)
NOT-FOR-US: LinksPro
@@ -45557,7 +45636,7 @@
[etch] - wordpress <no-dsa> (Minor issue)
NOTE: if untrusted people are allowed to read the database they could still
NOTE: crack the hash with more work, so maybe this is unimportant?
-CVE-2007-6012 (SQL injection vulnerability in SearchR.asp in DocuSafe 4.1.0 allows ...)
+CVE-2007-6012 (SQL injection vulnerability in SearchR.asp in DocuSafe 4.1.0 and 4.1.2 ...)
NOT-FOR-US: DocuSafe
CVE-2004-2757 (Cross-site scripting (XSS) vulnerability in the failed login page in ...)
NOT-FOR-US: Novell iChain
More information about the Secure-testing-commits
mailing list