Author: derevko-guest Date: 2009-06-13 18:54:46 +0000 (Sat, 13 Jun 2009) New Revision: 12119 Modified: data/CVE/list Log: - NFUs - CVE-2009-1904 fixed with ruby1.8 1.8.7.173-1 - CVE-2008-5515: added bug reference Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-06-13 15:09:16 UTC (rev 12118) +++ data/CVE/list 2009-06-13 18:54:46 UTC (rev 12119) @@ -3,13 +3,13 @@ [etch] - git-core <not-affected> (Vulnerable code not present) NOTE: http://git.kernel.org/?p=git/git.git;a=commitdiff;h=73bb33a9 CVE-2009-2031 (smbfs in Sun OpenSolaris snv_84 through snv_110, when default mount ...) - TODO: check + NOT-FOR-US: OpenSolaris CVE-2009-2030 (Unspecified vulnerability in the XML Digital Signature verification ...) - TODO: check + NOT-FOR-US: IBM OS/400 CVE-2009-2029 (Unspecified vulnerability in rpc.nisd in Sun Solaris 8 through 10, and ...) - TODO: check + NOT-FOR-US: Sun Solaris CVE-2009-2028 (Multiple unspecified vulnerabilities in Adobe Reader 7 and Acrobat 7 ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-XXXX [freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl] - kfreebsd-6 <removed> [lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported) @@ -307,7 +307,9 @@ CVE-2009-1905 (The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 ...) NOT-FOR-US: IBM DB2 CVE-2009-1904 (The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 ...) - TODO: check + - ruby1.8 1.8.7.173-1 (bug #532689) + - ruby1.9 <not-affected> + NOTE: http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/ CVE-2009-1903 (The PDF XSS protection feature in ModSecurity before 2.5.8 allows ...) - libapache-mod-security 2.5.9-1 CVE-2009-1902 (The multipart processor in ModSecurity before 2.5.9 allows remote ...) @@ -753,7 +755,7 @@ CVE-2009-1717 (Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 ...) NOT-FOR-US: Mac OS X CVE-2009-1716 (CFNetwork in Apple Safari before 4.0 on Windows does not properly ...) - TODO: check + NOT-FOR-US: CFNetwork in Apple CVE-2009-1715 (Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in ...) TODO: check CVE-2009-1714 (Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in ...) @@ -769,15 +771,15 @@ CVE-2009-1709 (Use-after-free vulnerability in the garbage-collection implementation ...) TODO: check CVE-2009-1708 (Apple Safari before 4.0 does not prevent calls to the open-help-anchor ...) - TODO: check + NOT-FOR-US: Apple Safari CVE-2009-1707 (Race condition in the Reset Safari implementation in Apple Safari ...) - TODO: check + NOT-FOR-US: Apple Safari CVE-2009-1706 (The Private Browsing feature in Apple Safari before 4.0 on Windows ...) - TODO: check + NOT-FOR-US: Apple Safari CVE-2009-1705 (CoreGraphics in Apple Safari before 4.0 on Windows does not properly ...) - TODO: check + NOT-FOR-US: Apple Safari CVE-2009-1704 (CFNetwork in Apple Safari before 4.0 misinterprets downloaded image ...) - TODO: check + NOT-FOR-US: Apple Safari CVE-2009-1703 (WebKit in Apple Safari before 4.0 does not prevent references to file: ...) TODO: check CVE-2009-1702 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) @@ -824,7 +826,7 @@ CVE-2009-1683 RESERVED CVE-2009-1682 (Apple Safari before 4.0 does not properly check for revoked Extended ...) - TODO: check + NOT-FOR-US: Apple Safari CVE-2009-1681 (WebKit in Apple Safari before 4.0 does not prevent web sites from ...) TODO: check CVE-2009-1680 @@ -1589,7 +1591,7 @@ CVE-2009-1421 RESERVED CVE-2009-1420 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...) - TODO: check + NOT-FOR-US: HP OpenView Network Node Manager CVE-2009-1419 (Unspecified vulnerability in HP Discovery & Dependency Mapping ...) NOT-FOR-US: HP Discovery & Dependency Mapping Inventory CVE-2009-1418 (Cross-site scripting (XSS) vulnerability in HP System Management ...) @@ -6449,7 +6451,7 @@ CVE-2009-0203 RESERVED CVE-2009-0202 (Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2009-0201 RESERVED CVE-2009-0200 @@ -7823,10 +7825,9 @@ - git-core 1:1.5.6-1 CVE-2008-5515 [Apache Tomcat information disclosure vulnerability] RESERVED - - tomcat5 <removed> - - tomcat5.5 <unfixed> - - tomcat6 <unfixed> - TODO: File bug + - tomcat5 <removed> (bug #532363) + - tomcat5.5 <unfixed> (bug #532366) + - tomcat6 6.0.20-1 (bug #532362) NOTE: http://tomcat.apache.org/security-6.html NOTE: http://tomcat.apache.org/security-5.html CVE-2008-5514 (Off-by-one error in the rfc822_output_char function in the ...)