thr3ads.net - Secure testing commits - [Secure-testing-commits] r12237

If this information is useful, please help other people find it:
Share via:

Giuseppe Iuculano

2009-Jul-01 06:41 UTC

[Secure-testing-commits] r12237 - data/CVE

Author: derevko-guest
Date: 2009-07-01 06:41:41 +0000 (Wed, 01 Jul 2009)
New Revision: 12237

Modified:
   data/CVE/list
Log:
- NFUs
- stardict issue got a CVE id
- CVE-2009-1888 and CVE-2009-1886 fixed in unstable


Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-06-30 21:14:25 UTC (rev 12236)
+++ data/CVE/list	2009-07-01 06:41:41 UTC (rev 12237)
@@ -3,25 +3,25 @@
 CVE-2009-2264
 	RESERVED
 CVE-2009-2263 (Directory traversal vulnerability in index.php in Awesome PHP
Mega ...)
-	TODO: check
+	NOT-FOR-US: Mega File Manager
 CVE-2009-2262 (PHP remote file inclusion vulnerability in install/di.php in
...)
-	TODO: check
+	NOT-FOR-US: AjaxPortal
 CVE-2009-2261 (PeaZIP 2.6.1, 2.5.1, and earlier on Windows allows user-assisted
...)
-	TODO: check
+	NOT-FOR-US: PeaZIP
 CVE-2009-2260 (stardict 3.0.1, when Enable Net Dict is configured, sends the
contents ...)
-	TODO: check
+	- stardict (low; bug #534731)
 CVE-2009-2259 (Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x
allow ...)
-	TODO: check
+	NOT-FOR-US: PHP Address Book
 CVE-2009-2258 (Directory traversal vulnerability in cgi-bin/webcm in the ...)
-	TODO: check
+	NOT-FOR-US: Netgear DG632
 CVE-2009-2257 (The administrative web interface on the Netgear DG632 with
firmware ...)
-	TODO: check
+	NOT-FOR-US: Netgear DG632
 CVE-2009-2256 (The administrative web interface on the Netgear DG632 with
firmware ...)
-	TODO: check
+	NOT-FOR-US: Netgear DG632
 CVE-2009-2255 (Zen Cart 1.3.8a, 1.3.8, and earlier does not require
administrative ...)
-	TODO: check
+	NOT-FOR-US: Zen Cart
 CVE-2009-2254 (Zen Cart 1.3.8a, 1.3.8, and earlier does not require
administrative ...)
-	TODO: check
+	NOT-FOR-US: Zen Cart
 CVE-2009-2253
 	RESERVED
 CVE-2009-2252
@@ -879,14 +879,15 @@
 	RESERVED
 CVE-2009-1888 (The acl_group_override function in smbd/posix_acls.c in smbd in
Samba ...)
 	{DSA-1823-1}
-	- samba <unfixed>
+	- samba 2:3.3.6-1 (low)
 	[etch] - samba <not-affected> (Vulnerable code not present)
+	NOTE: Successful exploitation requires that "dos filemode" is set to
"yes" in smb.conf.
 CVE-2009-1887 (agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat
Enterprise ...)
 	- net-snmp <not-affected> (Vulnerable code not present)
 	NOTE: Red Hat incorrect fix for CVE-2008-4309. Checked code in oldstable and
stable.
 CVE-2009-1886 (Multiple format string vulnerabilities in client/client.c in
smbclient ...)
 	{DSA-1823-1}
-	- samba 2:3.3.0
+	- samba 2:3.3.6-1
 	[etch] - samba <not-affected> (Vulnerable code not present)
 CVE-2009-1885
 	RESERVED

Secure testing commits - Jul 2009 - r12237 - data/CVE

[Secure-testing-commits] r12237 - data/CVE