nion at alioth.debian.org
2009-Mar-10 15:22 UTC
[Secure-testing-commits] r11369 - in data: CVE DTSA
Author: nion Date: 2009-03-10 15:22:14 +0000 (Tue, 10 Mar 2009) New Revision: 11369 Modified: data/CVE/list data/DTSA/list Log: - add typo3 cve ids - NFUs - new squid issue (CVE-2009-0801) - CVE-2008-6176 fixed in drupal5,6/5.12-1,6.6-1 - CVE-2008-6170 fixed in drupal6 6.9-1 - CVE-2009-{0578, 0365} fixed in network-manager-applet/network-manager 0.7.0.99-1 Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-03-10 15:02:36 UTC (rev 11368) +++ data/CVE/list 2009-03-10 15:22:14 UTC (rev 11369) @@ -31,7 +31,7 @@ CVE-2008-6414 (SQL injection vulnerability in detail.php in AJ Auction Pro Platinum ...) NOT-FOR-US: AJ Auction Pro Platinum CVE-2008-6413 (Cross-site scripting (XSS) vulnerability in the Answers module ...) - TODO: check + NOT-FOR-US: Answers module for Drupal CVE-2008-6412 (Unspecified vulnerability in Vignette Content Management 7.3.0.5, ...) NOT-FOR-US: Vignette Content Management CVE-2008-6411 (Explay CMS 2.1 and earlier allows remote attackers to bypass ...) @@ -67,13 +67,13 @@ CVE-2009-0819 (sql/item_xmlfunc.cc in MySQL before 5.1.32 allows remote authenticated ...) - mysql-dfsg-5.0 <not-affected> (Vulnerable code introduced in 5.1.5) CVE-2009-0818 (Cross-site scripting (XSS) vulnerability in the ...) - TODO: check + NOT-FOR-US: Taxonomy Theme module for Drupal CVE-2009-0817 (Cross-site scripting (XSS) vulnerability in the Protected Node module ...) - TODO: check + NOT-FOR-US: Protected Node module for Drupal CVE-2009-0816 (Cross-site scripting (XSS) vulnerability in the backend user interface ...) - TODO: check + - typo3-src 4.2.6-1 (low; bug #514713) CVE-2009-0815 (The jumpUrl mechanism in class.tslib_fe.php in TYPO3 4.0 before ...) - TODO: check + - typo3-src 4.2.6-1 (medium; bug #514713) CVE-2009-0814 (Cross-site scripting (XSS) vulnerability in Widgets.aspx in Blogsa 1.0 ...) NOT-FOR-US: Blogsa CVE-2009-0813 (Insecure method vulnerability in the ImeraIEPlugin ActiveX control ...) @@ -102,7 +102,9 @@ CVE-2009-0802 (Qbik WinGate, when transparent interception mode is enabled, uses the ...) NOT-FOR-US: Qbik WinGate CVE-2009-0801 (Squid, when transparent interception mode is enabled, uses the HTTP ...) - TODO: check + - squid <unfixed> (low) + - squid3 <unfixed> (low) + TODO: report bug CVE-2009-0800 RESERVED CVE-2009-0799 @@ -910,7 +912,8 @@ CVE-2008-6177 (Multiple directory traversal vulnerabilities in LightBlog 9.8, when ...) NOT-FOR-US: LightBlog CVE-2008-6176 (bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the ...) - TODO: check + - drupal5 5.12-1 (low; bug #519114) + - drupal6 6.6-1 (low; bug #519115) CVE-2008-6175 (SilverSHielD 1.0.2.34 allows remote attackers to cause a denial of ...) NOT-FOR-US: SilverSHielD CVE-2008-6174 (Cross-site scripting (XSS) vulnerability in admin/postlister/index.php ...) @@ -920,9 +923,10 @@ CVE-2008-6172 (Directory traversal vulnerability in captcha/captcha_image.php in the ...) NOT-FOR-US: Joomla! CVE-2008-6171 (Drupal 5.x before 5.12 and 6.x before 6.6, when the server is ...) - TODO: check + TODO: check back with mitre + NOTE: looks like a dupe of CVE-2008-6176 CVE-2008-6170 (Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.12 and ...) - TODO: check + - drupal6 6.9-1 (low) CVE-2008-6169 (Cross-site request forgery (CSRF) vulnerability in the Localization ...) NOT-FOR-US: Localization modules for Drupal CVE-2008-6168 (Cross-site scripting (XSS) vulnerability in search.php in miniPortail ...) @@ -1126,7 +1130,7 @@ CVE-2009-0579 RESERVED CVE-2009-0578 (network-manager-applet in Ubuntu 8.10 does not properly verify ...) - TODO: check + - network-manager-applet 0.7.0.99-1 (medium) CVE-2009-0577 (Integer overflow in the WriteProlog function in texttops in CUPS ...) NOT-FOR-US: RedHat specific, because they had a problem applying the fix for CVE-2008-3640 CVE-2009-0576 (Unspecified vulnerability in Sun Java System Directory Server 5.2 p6 ...) @@ -1455,9 +1459,6 @@ NOT-FOR-US: BMForum CVE-2009-0489 (The DBus configuration file for Wicd before 1.5.9 allows arbitrary ...) - wicd 1.5.9-1 -CVE-2009-XXXX [typo3 information disclosure & xss] - - typo3-src 4.2.6-1 (medium; bug #514713) - [lenny] - typo3-src 4.2.5-1+lenny1 CVE-2009-0479 (Multiple SQL injection vulnerabilities in admin/admin_login.php in ...) NOT-FOR-US: Online Grades CVE-2009-0477 (Unspecified vulnerability in the process (aka proc) filesystem in Sun ...) @@ -1906,7 +1907,8 @@ RESERVED - wesnoth 1:1.4.7-4 CVE-2009-0365 (The dbus request handler in (1) network-manager-applet and (2) ...) - TODO: check + - network-manager-applet 0.7.0.99-1 (medium) + - network-manager 0.7.0.99-1 (medium) CVE-2009-0364 RESERVED CVE-2009-0363 (Multiple buffer overflows in (a) BarnOwl before 1.0.5 and (b) owl ...) @@ -2515,7 +2517,7 @@ CVE-2009-0187 (Stack-based buffer overflow in Orbit Downloader 2.8.2 and 2.8.3, and ...) NOT-FOR-US: Orbit Downloader CVE-2009-0186 (Integer overflow in libsndfile 1.0.18, as used in Winamp and other ...) - TODO: check + - libsndfile 1.0.19-1 (medium) CVE-2009-0185 RESERVED CVE-2009-0184 (Multiple buffer overflows in the torrent parsing implementation in ...) Modified: data/DTSA/list ==================================================================--- data/DTSA/list 2009-03-10 15:02:36 UTC (rev 11368) +++ data/DTSA/list 2009-03-10 15:22:14 UTC (rev 11369) @@ -576,6 +576,7 @@ {CVE-2009-0490} [lenny] - audacity 1.3.5-2+lenny1 [February 10th, 2009] DTSA-193-1 typo3 - several vulnerabilities + {CVE-2009-0816 CVE-2009-0815} [lenny] - typo3-src 4.2.5-1+lenny1 [February 11th, 2009] DTSA-194-1 samizdat - cross-site scripting {CVE-2009-0359}