Author: derevko-guest Date: 2009-08-01 09:31:32 +0000 (Sat, 01 Aug 2009) New Revision: 12458 Modified: data/CVE/list Log: asterisk and firebird DoS Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-08-01 07:20:15 UTC (rev 12457) +++ data/CVE/list 2009-08-01 09:31:32 UTC (rev 12458) @@ -5,7 +5,10 @@ NOTE: asked maintainer to check whether openssl affected TODO: determine whether web browsers are also individually vulnerable (i.e. nss) or if a fix in just openssl is sufficient CVE-2009-2651 (main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote ...) - TODO: check + - asterisk <unfixed> (low; bug #539473) + [etch] - asterisk <not-affected> (Vulnerable code not present) + [lenny] - asterisk <not-affected> (Vulnerable code not present) + [squeeze] - asterisk <not-affected> (Vulnerable code not present) CVE-2009-2650 (Heap-based buffer overflow in Sorcerer Software MultiMedia Jukebox 4.0 ...) NOT-FOR-US: Sorcerer Software MultiMedia Jukebox CVE-2009-2649 (The IATA (ata) driver in FreeBSD 6.0 and 8.0, when read access to /dev ...) @@ -80,7 +83,8 @@ CVE-2009-2623 RESERVED CVE-2009-2620 (src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before ...) - TODO: check + - firebird2.0 <unfixed> (low; bug #539477) + - firebird2.1 <unfixed> (low; bug #539478) CVE-2009-2619 (SQL injection vulnerability in login.asp in DataCheck Solutions ...) NOT-FOR-US: DataCheck Solutions V-SpacePal CVE-2009-2618 (SQL injection vulnerability in the Surveys (aka NS-Polls) module in ...)