Giuseppe Iuculano
2009-Dec-21 18:09 UTC
[Secure-testing-commits] r13616 - in data: CVE DSA
Author: derevko-guest
Date: 2009-12-21 18:09:03 +0000 (Mon, 21 Dec 2009)
New Revision: 13616
Modified:
data/CVE/list
data/DSA/list
Log:
CVE-2009-4151 already fixed
phpldapadmin issue triage
moodle issues triage
CVE-2009-4077 and CVE-2009-4076 fixed in roundcube 0.3-1
NFU
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-12-21 17:47:22 UTC (rev 13615)
+++ data/CVE/list 2009-12-21 18:09:03 UTC (rev 13616)
@@ -9,8 +9,8 @@
CVE-2009-XXXX [Wireshark: IPMI dissector could crash on Windows]
- wireshark <not-affected> (Windows-specific)
CVE-2009-XXXX [phpldapadmin local file inclusion vuln]
- - phpldapadmin <unfixed>
- TODO: check
+ - phpldapadmin <unfixed> (medium; bug #561975)
+ NOTE: CVE id requested
NOTE: http://www.exploit-db.com/exploits/10410
CVE-2009-XXXX [php5 uksort() interruption memory corruption]
- php5 <unfixed> (low)
@@ -159,7 +159,7 @@
CVE-2010-0001
RESERVED
CVE-2009-4324 (Use-after-free vulnerability in the Doc.media.newPlayer method
in ...)
- TODO: check
+ NOT-FOR-US: Adobe Reader and Acrobat 8.0
CVE-2009-4323 (The installation for Zen Cart stores sensitive information and
...)
NOT-FOR-US: Zen Cart
CVE-2009-4322 (extras/ipn_test_return.php in Zen Cart allows remote attackers
to ...)
@@ -317,41 +317,32 @@
[etch] - php-net-ping 2.4.2-1+etch1
[lenny] - php-net-ping 2.4.2-1+lenny1
CVE-2009-4305 (SQL injection vulnerability in the SCORM module in Moodle 1.8
before ...)
- - moodle <unfixed> (bug #559531)
+ - moodle <unfixed> (medium; bug #559531)
NOTE: MSA-09-0031
- TODO: check
CVE-2009-4304 (Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not use a
random ...)
- moodle <unfixed> (bug #559531)
NOTE: MSA-09-0029
- TODO: check
CVE-2009-4303 (Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores (1)
password ...)
- moodle <unfixed> (bug #559531)
NOTE: MSA-09-0028
- TODO: check
CVE-2009-4302 (login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before
1.9.7 ...)
- moodle <unfixed> (bug #559531)
NOTE: MSA-09-0027
- TODO: check
CVE-2009-4301 (mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7,
when ...)
- moodle <unfixed> (bug #559531)
NOTE: MSA-09-0026
- TODO: check
CVE-2009-4300 (Multiple unspecified authentication plugins in Moodle 1.8 before
...)
- moodle <unfixed> (bug #559531)
NOTE: MSA-09-0025
- TODO: check
CVE-2009-4299 (mod/glossary/showentry.php in the Glossary module for Moodle 1.8
...)
- moodle <unfixed> (bug #559531)
NOTE: MSA-09-0024
- TODO: check
CVE-2009-4298 (The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9
before ...)
- moodle <unfixed> (bug #559531)
NOTE: MSA-09-0023
- TODO: check
CVE-2009-4297 (Multiple cross-site request forgery (CSRF) vulnerabilities in
Moodle ...)
- moodle <unfixed> (bug #559531)
NOTE: MSA-09-0022
- TODO: check
CVE-2009-XXXX [docutils insecure usage of temporary files]
- python-docutils 0.6-2 (low; bug #560755)
[etch] - python-docutils <not-affected> (vulnerable code introduced in
0.5)
@@ -587,9 +578,8 @@
CVE-2009-4152 (Cross-site scripting (XSS) vulnerability in the Collaboration
...)
NOT-FOR-US: IBM WebSphere
CVE-2009-4151 (Session fixation vulnerability in
html/Elements/SetupSessionCookie in ...)
- - request-tracker3.6 <unfixed>
- - request-tracker3.4 <removed>
- TODO: check
+ - request-tracker3.6 3.6.9-2 (low)
+ - request-tracker3.4 <removed>
CVE-2009-4150 (dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before
FP4, and ...)
NOT-FOR-US: IBM DB2
CVE-2009-4149 (Cross-site scripting (XSS) vulnerability in the web interface in
CA ...)
@@ -763,11 +753,9 @@
- redmine <unfixed>
TODO: check
CVE-2009-4077 (Cross-site request forgery (CSRF) vulnerability in Roundcube
Webmail ...)
- - roundcube <unfixed>
- TODO: check
+ - roundcube 0.3-1
CVE-2009-4076 (Cross-site request forgery (CSRF) vulnerability in Roundcube
Webmail ...)
- - roundcube <unfixed>
- TODO: check
+ - roundcube 0.3-1
CVE-2009-4075 (Unspecified vulnerability in the timeout mechanism in sshd in
Sun ...)
NOT-FOR-US: Sun Solaris
CVE-2009-4074 (The XSS Filter in Microsoft Internet Explorer 8 allows remote
...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2009-12-21 17:47:22 UTC (rev 13615)
+++ data/DSA/list 2009-12-21 18:09:03 UTC (rev 13616)
@@ -52,7 +52,7 @@
[etch] - gforge 4.5.14-22etch13
[lenny] - gforge 4.7~rc2-7lenny3
[03 Dec 2009] DSA-1944-1 request-tracker3.4 request-tracker3.6 - session hijack
vulnerability
- {CVE-2009-3585}
+ {CVE-2009-3585 CVE-2009-4151}
[etch] - request-tracker3.6 3.6.1-4+etch1
[etch] - request-tracker3.4 3.4.5-2+etch1
[lenny] - request-tracker3.6 3.6.7-5+lenny3