Author: derevko-guest
Date: 2009-06-05 22:31:21 +0000 (Fri, 05 Jun 2009)
New Revision: 12054
Modified:
data/CVE/list
Log:
- NFUs
- gst-plugins-good0.10 cveified
- CVE-2009-138{6,7}: openssl DoS
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-06-05 21:14:15 UTC (rev 12053)
+++ data/CVE/list 2009-06-05 22:31:21 UTC (rev 12054)
@@ -1,5 +1,5 @@
CVE-2009-1932 (Multiple integer overflows in the (1) user_info_callback, (2)
...)
- TODO: check
+ - gst-plugins-good0.10 0.10.15-2 (bug #531631)
CVE-2009-1931
RESERVED
CVE-2009-1930
@@ -31,31 +31,31 @@
CVE-2009-1917
RESERVED
CVE-2009-1916 (dig.php in GScripts.net DNS Tools allows remote attackers to
execute ...)
- TODO: check
+ NOT-FOR-US: GScripts.net DNS Tools
CVE-2009-1915 (Stack-based buffer overflow in the URL Search Hook
(ICQToolBar.dll) in ...)
- TODO: check
+ NOT-FOR-US: ICQ
CVE-2009-1914 (The pci_register_iommu_region function in ...)
TODO: check
CVE-2009-1913 (SQL injection vulnerability in manager.php in LuxBum 0.5.5, when
...)
- TODO: check
+ NOT-FOR-US: LuxBum
CVE-2009-1912 (Directory traversal vulnerability in src/func/language.php in
webSPELL ...)
- TODO: check
+ NOT-FOR-US: webSPELL
CVE-2009-1911 (Directory traversal vulnerability in .include/init.php (aka ...)
- TODO: check
+ NOT-FOR-US: QuiXplorer
CVE-2009-1910 (SQL injection vulnerability in index.php in RTWebalbum 1.0.462
allows ...)
- TODO: check
+ NOT-FOR-US: RTWebalbum
CVE-2009-1909 (SQL injection vulnerability in Skip 1.0.2 and earlier, and
1.1RC2 and ...)
- TODO: check
+ NOT-FOR-US: Skip
CVE-2009-1908 (Cross-site scripting (XSS) vulnerability in Skip 1.0.2 and
earlier, ...)
- TODO: check
+ NOT-FOR-US: Skip
CVE-2009-1907 (Cross-site scripting (XSS) vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Claroline
CVE-2008-6824 (The management interface on the A-LINK WL54AP3 and WL54AP2
access ...)
- TODO: check
+ NOT-FOR-US: A-LINK WL54AP3 and WL54AP2 access points
CVE-2008-6823 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
- TODO: check
+ NOT-FOR-US: A-LINK WL54AP3 and WL54AP2 access points
CVE-2008-6822 (Unrestricted file upload vulnerability in uploadp.php in New
Earth ...)
- TODO: check
+ NOT-FOR-US: NEPT Image Uploader
CVE-2009-1906 (The DRDA Services component in IBM DB2 9.1 before FP7 and 9.5
before ...)
NOT-FOR-US: IBM DB2
CVE-2009-1905 (The Common Code Infrastructure component in IBM DB2 8 before
FP17, 9.1 ...)
@@ -217,8 +217,6 @@
NOT-FOR-US: Historic issues in proprietary Java
CVE-2003-1572 (Sun Java Media Framework (JMF) 2.1.1 through 2.1.1c allows
unsigned ...)
NOT-FOR-US: Historic issues in proprietary Java
-CVE-2009-XXXX [GStreamer Good Plug-ins PNG Processing Integer Overflow]
- - gst-plugins-good0.10 0.10.15-2 (bug #531631)
CVE-2009-XXXX [strongSwan Two Denial of Service Vulnerabilities]
- strongswan <unfixed> (medium; bug #531612)
[etch] - strongswan <not-affected> (Vulnerable code not present, IKEv2
was introduced in 4.3)
@@ -1380,9 +1378,11 @@
CVE-2009-1388
RESERVED
CVE-2009-1387 (The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c
in ...)
- TODO: check
+ - openssl <unfixed> (low; bug #532037)
+ - openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
CVE-2009-1386 (ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to
cause ...)
- TODO: check
+ - openssl 0.9.8k-1 (low; bug #532037)
+ - openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
CVE-2009-1385 (Integer underflow in the e1000_clean_rx_irq function in ...)
TODO: check
CVE-2009-1384 (pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise
Linux ...)