nion at alioth.debian.org
2009-Apr-03 15:27 UTC
[Secure-testing-commits] r11548 - data/CVE
Author: nion
Date: 2009-04-03 15:27:18 +0000 (Fri, 03 Apr 2009)
New Revision: 11548
Modified:
data/CVE/list
Log:
- NFUs
- CVE-2009-117{6,7},CVE-2009-08[39-43] fixed in mapserver 5.2.2-1
- new krb5 issue (CVE-2009-0845)
- new lcms issues (CVE-2009-0733/CVE-2009-0723)
- two new ghostscript issues (CVE-2009-058{3,4})
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-04-03 13:38:13 UTC (rev 11547)
+++ data/CVE/list 2009-04-03 15:27:18 UTC (rev 11548)
@@ -109,9 +109,9 @@
CVE-2009-1178 (Unspecified vulnerability in the server in IBM Tivoli Storage
Manager ...)
NOT-FOR-US: Tivoli
CVE-2009-1177 (Multiple stack-based buffer overflows in maptemplate.c in
mapserv in ...)
- TODO: check
+ - mapserver 5.2.2-1 (medium)
CVE-2009-1176 (mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x
before ...)
- TODO: check
+ - mapserver 5.2.2-1 (low)
CVE-2008-6572 (SQL injection vulnerability in search_results.php in ABK-Soft
...)
NOT-FOR-US: ABK-Soft AbleDating
CVE-2008-6571 (Multiple cross-site scripting (XSS) vulnerabilities in LinPHA
before ...)
@@ -1086,19 +1086,22 @@
CVE-2009-0846
RESERVED
CVE-2009-0845 (The spnego_gss_accept_sec_context function in ...)
- TODO: check
+ - krb5 <unfixed>
+ NOTE: maintainer in contact with the security team
CVE-2009-0844
RESERVED
CVE-2009-0843 (The msLoadQuery function in mapserv in MapServer 4.x before
4.10.4 and ...)
- TODO: check
+ - mapserver 5.2.2-1 (unimportant)
+ NOTE: this can only probe for files that are not present, useless when not
+ NOTE: in combination with another attack
CVE-2009-0842 (mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2
allows ...)
- TODO: check
+ - mapserver 5.2.2-1 (low)
CVE-2009-0841 (Directory traversal vulnerability in mapserv.c in mapserv in
MapServer ...)
- TODO: check
+ - mapserver 5.2.2-1 (low)
CVE-2009-0840 (Heap-based buffer underflow in the readPostBody function in
cgiutil.c ...)
- TODO: check
+ - mapserver 5.2.2-1 (medium)
CVE-2009-0839 (Stack-based buffer overflow in mapserv.c in mapserv in MapServer
4.x ...)
- TODO: check
+ - mapserver 5.2.2-1 (medium)
CVE-2009-0838 (The crypto pseudo device driver in Sun Solaris 10, and
OpenSolaris ...)
NOT-FOR-US: Solaris
CVE-2009-0837 (Stack-based buffer overflow in Foxit Reader 3.0 before Build
1506, ...)
@@ -1703,7 +1706,7 @@
NOT-FOR-US: MultimediaPlayer.exe
CVE-2009-0733 (Multiple stack-based buffer overflows in the ReadSetOfCurves
function ...)
{DSA-1745-1}
- TODO: check
+ - lcms <unfixed>
CVE-2009-0732 (Downloadcenter 2.1 stores common.h under the web root with ...)
NOT-FOR-US: Downloadcenter
CVE-2009-0731 (Directory traversal vulnerability in pages/play.php in Free
Arcade ...)
@@ -1724,7 +1727,7 @@
RESERVED
CVE-2009-0723 (Multiple integer overflows in LittleCMS (aka lcms or liblcms)
before ...)
{DSA-1745-1}
- TODO: check
+ - lcms <unfixed>
CVE-2009-0722 (Directory traversal vulnerability in admin.php in Potato News
1.0.0 ...)
NOT-FOR-US: Potato News
CVE-2009-0721
@@ -1798,7 +1801,7 @@
CVE-2009-0687
RESERVED
CVE-2009-0686 (The TrendMicro Activity Monitor Module (tmactmon.sys)
2.52.0.1002 in ...)
- TODO: check
+ NOT-FOR-US: Trend Micro Internet Pro
CVE-2009-0685
RESERVED
CVE-2009-0684
@@ -2195,29 +2198,29 @@
CVE-2009-0638
RESERVED
CVE-2009-0637 (The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based
CLI ...)
- TODO: check
+ NOT-FOR-US: Cisco IOS
CVE-2009-0636 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when
SIP ...)
- TODO: check
+ NOT-FOR-US: Cisco IOS
CVE-2009-0635 (Memory leak in the Cisco Tunneling Control Protocol (cTCP) ...)
- TODO: check
+ NOT-FOR-US: Cisco IOS
CVE-2009-0634 (Multiple unspecified vulnerabilities in the home agent (HA) ...)
- TODO: check
+ NOT-FOR-US: Cisco IOS
CVE-2009-0633 (Multiple unspecified vulnerabilities in the (1) Mobile IP NAT
...)
- TODO: check
+ NOT-FOR-US: Cisco IOS
CVE-2009-0632 (The IP Phone Personal Address Book (PAB) Synchronizer feature in
Cisco ...)
NOT-FOR-US: Cisco Unified Communications Manager
CVE-2009-0631 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when
...)
- TODO: check
+ NOT-FOR-US: Cisco IOS
CVE-2009-0630 (The (1) Cisco Unified Communications Manager Express; (2) SIP
Gateway ...)
- TODO: check
+ NOT-FOR-US: Cisco IOS
CVE-2009-0629 (The (1) Airline Product Set (aka ALPS), (2) Serial Tunnel Code
(aka ...)
- TODO: check
+ NOT-FOR-US: Cisco IOS
CVE-2009-0628 (Memory leak in the SSLVPN feature in Cisco IOS 12.3 through 12.4
...)
- TODO: check
+ NOT-FOR-US: Cisco IOS
CVE-2009-0627
RESERVED
CVE-2009-0626 (The SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote
...)
- TODO: check
+ NOT-FOR-US: Cisco IOS
CVE-2009-0625 (Unspecified vulnerability in Cisco ACE Application Control
Engine ...)
NOT-FOR-US: Cisco
CVE-2009-0624 (Unspecified vulnerability in the SNMPv2c implementation in Cisco
ACE ...)
@@ -2346,10 +2349,12 @@
- libsoup 2.2.105-4 (medium; bug #520039)
CVE-2009-0584 (icc.c in the International Color Consortium (ICC) Format library
(aka ...)
{DSA-1746-1}
- TODO: check
+ - ghostscript <unfixed> (medium; bug #522416)
+ - gs-gpl <removed>
CVE-2009-0583 (Multiple integer overflows in icc.c in the International Color
...)
{DSA-1746-1}
- TODO: check
+ - ghostscript <unfixed> (medium; bug #522416)
+ - gs-gpl <removed>
CVE-2009-0582 (The ntlm_challenge function in the NTLM SASL authentication
mechanism ...)
TODO: check
CVE-2009-0581 (Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2,
as ...)