Author: derevko-guest Date: 2009-12-15 21:24:38 +0000 (Tue, 15 Dec 2009) New Revision: 13563 Modified: data/CVE/list Log: - NFUs - CVE-2009-0689 fixed in kde4libs 4:4.3.4-1 Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-12-15 21:14:19 UTC (rev 13562) +++ data/CVE/list 2009-12-15 21:24:38 UTC (rev 13563) @@ -71,35 +71,35 @@ CVE-2009-4324 (Unspecified vulnerability in Adobe Reader and Acrobat 9.2 and earlier ...) TODO: check CVE-2009-4323 (The installation for Zen Cart stores sensitive information and ...) - TODO: check + NOT-FOR-US: Zen Cart CVE-2009-4322 (extras/ipn_test_return.php in Zen Cart allows remote attackers to ...) - TODO: check + NOT-FOR-US: Zen Cart CVE-2009-4321 (extras/curltest.php in Zen Cart 1.3.8 and 1.3.8a, and possibly other ...) - TODO: check + NOT-FOR-US: Zen Cart CVE-2009-4320 (Cross-site scripting (XSS) vulnerability in searchform.php in The Next ...) - TODO: check + NOT-FOR-US: The Next Generation of Genealogy Sitebuilding CVE-2009-4319 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: eoCMS CVE-2009-4318 (Cross-site scripting (XSS) vulnerability in index.php in Real Estate ...) - TODO: check + NOT-FOR-US: Real Estate Manager CVE-2009-4317 (Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez ...) - TODO: check + NOT-FOR-US: ScriptsEz CVE-2009-4316 (Cross-site scripting (XSS) vulnerability in searchresults_main.php in ...) - TODO: check + NOT-FOR-US: ZeeLyrics CVE-2009-4315 (Directory traversal vulnerability in admin/ajaxsave.php in Nuggetz CMS ...) - TODO: check + NOT-FOR-US: Nuggetz CMS CVE-2009-4314 (Sun Ray Server Software 4.1 on Solaris 10, when Automatic Multi-Group ...) - TODO: check + NOT-FOR-US: Sun Ray Server Software CVE-2009-4313 (ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2009-4312 (Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2009-4311 (Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2009-4310 (Stack-based buffer overflow in the Intel Indeo41 codec for Windows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2009-4309 (Heap-based buffer overflow in the Intel Indeo41 codec for Windows ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2009-4308 (The ext4_decode_error function in fs/ext4/super.c in the ext4 ...) - linux-2.6 2.6.32-1 (medium) [etch] - linux-2.6 <not-affected> (ext4 introduced in 2.6.19) @@ -378,7 +378,7 @@ CVE-2009-4211 (The U.S. Defense Information Systems Agency (DISA) Security Readiness ...) NOT-FOR-US: U.S. Defense Information Systems Agency (DISA) Security Readiness Review (SRR) script CVE-2009-4210 (The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2009-4209 (Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php ...) NOT-FOR-US: moziloCMS CVE-2009-4208 (SQL injection vulnerability in the os_news module in Open-school (OS) ...) @@ -462,25 +462,25 @@ CVE-2009-4168 (Cross-site scripting (XSS) vulnerability in tagcloud.swf in the ...) NOT-FOR-US: WP-Cumulus Plug-in 1.20 for WordPress CVE-2009-4167 (Unspecified vulnerability in the Automatic Base Tags for RealUrl ...) - TODO: check + NOT-FOR-US: TYPO3 extension CVE-2009-4166 (SQL injection vulnerability in the Trips (mchtrips) extension 2.0.0 ...) - TODO: check + NOT-FOR-US: TYPO3 extension CVE-2009-4165 (SQL injection vulnerability in the simple Glossar (simple_glossar) ...) - TODO: check + NOT-FOR-US: TYPO3 extension CVE-2009-4164 (Cross-site scripting (XSS) vulnerability in the simple Glossar ...) - TODO: check + NOT-FOR-US: TYPO3 extension CVE-2009-4163 (SQL injection vulnerability in the TW Productfinder (tw_productfinder) ...) - TODO: check + NOT-FOR-US: TYPO3 extension CVE-2009-4162 (Unspecified vulnerability in the DB Integration (wfqbe) extension ...) - TODO: check + NOT-FOR-US: TYPO3 extension CVE-2009-4161 (Cross-site scripting (XSS) vulnerability in the [AN] Search it! ...) - TODO: check + NOT-FOR-US: TYPO3 extension CVE-2009-4160 (Unspecified vulnerability in the Simple download-system with counter ...) - TODO: check + NOT-FOR-US: TYPO3 extension CVE-2009-4159 (Cross-site scripting (XSS) vulnerability in the newsletter ...) - TODO: check + NOT-FOR-US: TYPO3 extension CVE-2009-4158 (SQL injection vulnerability in the Calendar Base (cal) extension ...) - TODO: check + NOT-FOR-US: TYPO3 extension CVE-2009-4157 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: Joomla CVE-2009-4156 (PHP remote file inclusion vulnerability in modules/pms/index.php in ...) @@ -11827,7 +11827,7 @@ - nspr 4.8-2 [etch] - nspr <no-dsa> (Mozilla packages from oldstable no longer covered by security support) - kdelibs <unfixed> (medium; bug #559265) - - kde4libs <unfixed> (medium; bug #559266) + - kde4libs 4:4.3.4-1 (medium; bug #559266) TODO: check and merge with 2009-1563? TODO: Someone posted a long list of dtoa embedded to debian-devel some time ago NOTE: CVE-2009-1563 will be marked REJECTED by MITRE.