Author: nion Date: 2009-05-05 14:11:37 +0000 (Tue, 05 May 2009) New Revision: 11791 Modified: data/CVE/list Log: - NFUs - new libmodplug issue (CVE-2009-1438), also present in gst-plugins-bad0.10 as it embeds libmodplug Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-05-05 13:14:46 UTC (rev 11790) +++ data/CVE/list 2009-05-05 14:11:37 UTC (rev 11791) @@ -4,41 +4,41 @@ [etch] - file <not-affected> (Vulnerable code not present) NOTE: code introduced in 5.xx series CVE-2009-1512 (Static code injection vulnerability in X-Forum 0.6.2 allows remote ...) - TODO: check + NOT-FOR-US: X-Forum CVE-2009-1511 (GDI+ in Microsoft Windows XP SP3 allows remote attackers to cause a ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2009-1510 (Multiple directory traversal vulnerabilities in KoschtIT Image Gallery ...) - TODO: check + NOT-FOR-US: KoschtIT Image Gallery CVE-2009-1509 (SQL injection vulnerability in ajaxp_backend.php in MyioSoft ...) - TODO: check + NOT-FOR-US: MyioSoft AjaxPortal CVE-2009-1508 (SQL injection vulnerability in the xforum_validateUser function in ...) - TODO: check + NOT-FOR-US: X-Forum CVE-2009-1507 (The Node Access User Reference module 5.x before 5.x-2.0-beta4 and 6.x ...) - TODO: check + NOT-FOR-US: Node Access User Reference module for Drupal CVE-2009-1506 (SQL injection vulnerability in classes/Xp.php in eLitius 1.0 allows ...) - TODO: check + NOT-FOR-US: eLitius CVE-2009-1505 (SQL injection vulnerability in News Page 5.x before 5.x-1.2 module, a ...) - TODO: check + NOT-FOR-US: News Page module for Drupal CVE-2009-1504 (Absolute Form Processor XE 1.5 allows remote attackers to bypass ...) - TODO: check + NOT-FOR-US: Absolute Form Processor XE CVE-2009-1503 (Multiple SQL injection vulnerabilities in login.php in Tiger Document ...) - TODO: check + NOT-FOR-US: Tiger Document Management System CVE-2009-1502 (Directory traversal vulnerability in plugin.php in S-Cms 1.1 Stable ...) - TODO: check + NOT-FOR-US: S-Cms CVE-2009-1501 (Cross-site scripting (XSS) vulnerability in the Exif module 5.x-1.x ...) - TODO: check + NOT-FOR-US: EXIF module for Drupal CVE-2009-1500 (SQL injection vulnerability in index.php in ProjectCMS 1.0 Beta allows ...) - TODO: check + NOT-FOR-US: ProjectCMS CVE-2009-1499 (SQL injection vulnerability in the MailTo (aka com_mailto) component ...) - TODO: check + NOT-FOR-US: com_mailto component for Joomla! CVE-2009-1498 (Directory traversal vulnerability in inc/profilemain.php in Game Maker ...) - TODO: check + NOT-FOR-US: Game Maker 2k Internet Discussion Boards CVE-2009-1497 (Stack-based buffer overflow in srt2smi.exe in Gretech Online Movie ...) - TODO: check + NOT-FOR-US: GOM Player CVE-2009-1496 (Directory traversal vulnerability in the Cmi Marketplace ...) - TODO: check + NOT-FOR-US: com_cmimarketplace component for Joomla! CVE-2009-1495 (Web File Explorer 3.1 stores sensitive information under the web root ...) - TODO: check + NOT-FOR-US: Web File Explorer CVE-2008-6787 (SQL injection vulnerability in administrator/index.php in Lizardware ...) TODO: check CVE-2008-6786 (Multiple directory traversal vulnerabilities in geekigeeki.py in ...) @@ -229,7 +229,8 @@ - linux-2.6 <unfixed> - linux-2.6.24 <removed> CVE-2009-1438 (Integer overflow in the CSoundFile::ReadMed function ...) - TODO: check + - libmodplug <unfixed> (low; bug #526657; bug #527076) + - gst-plugins-bad0.10 <unfixed> (low; bug #527075) CVE-2009-1437 (Stack-based buffer overflow in PortableApps CoolPlayer Portable (aka ...) NOT-FOR-US: CoolPlayer CVE-2009-1436 (The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and ...)