thr3ads.net - Secure testing commits - [Secure-testing-commits] r10668

If this information is useful, please help other people find it:
Share via:

nion at alioth.debian.org

2008-Dec-09 23:06 UTC

[Secure-testing-commits] r10668 - data/CVE

Author: nion
Date: 2008-12-09 23:06:12 +0000 (Tue, 09 Dec 2008)
New Revision: 10668

Modified:
   data/CVE/list
Log:
NFUs
tor cveified
CVE-2008-539{6,7} fixed in tor 0.2.0.32-1


Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-12-09 21:25:43 UTC (rev 10667)
+++ data/CVE/list	2008-12-09 23:06:12 UTC (rev 10668)
@@ -1,29 +1,29 @@
 CVE-2008-5409 (Unspecified vulnerability in the pdf.xmd module in (1)
BitDefender ...)
-	TODO: check
+	NOT-FOR-US: itDefender Free Edition and Antivirus Standard, BullGuard Internet
Security and Software602 Groupware Server
 CVE-2008-5408 (Buffer overflow in the data management protocol in Symantec
Backup ...)
-	TODO: check
+	NOT-FOR-US: Symantec Backup Exec
 CVE-2008-5407 (Multiple unspecified vulnerabilities in the Backup Exec
remote-agent ...)
-	TODO: check
+	NOT-FOR-US: Symantec Backup Exec
 CVE-2008-5406 (Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and
iTunes ...)
-	TODO: check
+	NOT-FOR-US: Apple QuickTime Player and iTunes
 CVE-2008-5405 (Stack-based buffer overflow in the RDP protocol password decoder
in ...)
-	TODO: check
+	NOT-FOR-US: Cain & Abel
 CVE-2008-5404 (Insecure method vulnerability in the FlexCell.Grid ActiveX
control in ...)
-	TODO: check
+	NOT-FOR-US: FlexCell
 CVE-2008-5403 (Heap-based buffer overflow in the XML parser in the AIM plugin
in ...)
-	TODO: check
+	NOT-FOR-US: Trillian
 CVE-2008-5402 (Double free vulnerability in the XML parser in Trillian before
...)
-	TODO: check
+	NOT-FOR-US: Trillian
 CVE-2008-5401 (Stack-based buffer overflow in the image tooltip implementation
in ...)
-	TODO: check
+	NOT-FOR-US: Trillian
 CVE-2008-5400 (Multiple cross-site request forgery (CSRF) vulnerabilities in
mvnForum ...)
-	TODO: check
+	NOT-FOR-US: mvnForum
 CVE-2008-5399 (Cross-site scripting (XSS) vulnerability in the listonlineusers
(aka ...)
-	TODO: check
+	NOT-FOR-US: mvnForum
 CVE-2008-5398 (Tor before 0.2.0.32 does not properly process the ...)
-	TODO: check
+	- tor 0.2.0.32-1
 CVE-2008-5397 (Tor before 0.2.0.32 does not properly process the (1) User and
(2) ...)
-	TODO: check
+	- tor 0.2.0.32-1 (bug #505178)
 CVE-2008-5396 (Array index error in the (1) torisa.c and (2) dahdi/tor2.c
drivers in ...)
 	TODO: check
 CVE-2008-5395 (The parisc_show_stack function in arch/parisc/kernel/traps.c in
the ...)
@@ -934,8 +934,6 @@
 CVE-2008-5101 (Buffer overflow in the BMP reader in OptiPNG 0.6 and 0.6.1
allows ...)
 	- optipng 0.6.1.1-1 (bug #505399)
 	[etch] - optipng <not-affected> (Vulnerable code not present referring
to upstream)
-CVE-2008-XXXX [tor: changing user does not clear supplementary group entries]
-	- tor 0.2.0.32-1 (bug #505178)
 CVE-2008-5035 (The Resource Monitoring and Control (RMC) daemon in IBM Hardware
...)
 	NOT-FOR-US: IBM Hardware Management Console
 CVE-2008-5026 (Microsoft SharePoint uses URLs with the same hostname and port
number ...)

Secure testing commits - Dec 2008 - r10668 - data/CVE

[Secure-testing-commits] r10668 - data/CVE