Author: geissert Date: 2009-12-26 04:10:51 +0000 (Sat, 26 Dec 2009) New Revision: 13648 Modified: data/CVE/list Log: fast-process some issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-12-26 01:55:34 UTC (rev 13647) +++ data/CVE/list 2009-12-26 04:10:51 UTC (rev 13648) @@ -9,20 +9,25 @@ CVE-2009-4419 (Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets in the ...) TODO: check CVE-2009-4418 (The unserialize function in PHP 5.3.0 and earlier allows ...) - TODO: check + - php5 <unfixed> (low) CVE-2009-4417 (The shutdown function in the Zend_Log_Writer_Mail class in Zend ...) - TODO: check + NOTE: the CVE talks about the Zend Framework, but the culprit + NOTE: is actually piwik + TODO: discuss it on oss-sec CVE-2009-4416 (Cross-site scripting (XSS) vulnerability in login.php in phpGroupWare ...) + - phpgroupware <unfixed> TODO: check CVE-2009-4415 (Multiple directory traversal vulnerabilities in phpGroupWare ...) + - phpgroupware <unfixed> TODO: check CVE-2009-4414 (SQL injection vulnerability in phpgwapi /inc/class.auth_sql.inc.php in ...) + - phpgroupware <unfixed> TODO: check -CVE-2009-4413 (The httpClientDiscardBody function in client.c in Polipo 0.9.8, ...) - TODO: check CVE-2009-4412 (Unrestricted file upload vulnerability in Serendipity before 1.5 ...) + - serendipity <unfixed> TODO: check CVE-2009-4411 (The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when ...) + - acl <unfixed> (bug #499076) TODO: check CVE-2009-4409 (The (1) CHAP and (2) MS-CHAP-V2 authentication capabilities in the PPP ...) TODO: check @@ -33,6 +38,7 @@ CVE-2009-4406 (Cross-site scripting (XSS) vulnerability in Forms/login1 in American ...) TODO: check CVE-2009-4405 (Multiple unspecified vulnerabilities in Trac before 0.11.6 have ...) + - trac <unfixed> TODO: check CVE-2009-4404 (Unspecified vulnerability in t-prot (TOFU Protection) before 2.8 ...) TODO: check @@ -263,8 +269,9 @@ NOT-FOR-US: IBM DB2 CVE-2009-4325 (The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before ...) NOT-FOR-US: IBM DB2 -CVE-2009-XXXX [apache2: potential disclosure of private php files] - - apache2 <unfixed> (low; bug #562006) +CVE-2009-XXXX [libapache2-mod-php5: potential disclosure of private php files] + - php5 5.2.11.dfsg.1-2 (low; bug #562006) + NOTE: not sure if it should be treated as an issue, probably not CVE-2009-XXXX [Wireshark: Daintree SNA buffer overflow] - wireshark 1.2.5-1 [lenny] - wireshark <not-affected> (Only affects Wireshark 1.2.x) @@ -700,7 +707,7 @@ [lenny] - xfig <no-dsa> (Minor issue) [etch] - xfig <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=543905 -CVE-2009-XXXX [polipo crash/DoS via overly-large content-length header] +CVE-2009-4413 [polipo crash/DoS via overly-large content-length header] - polipo <unfixed> (medium; bug #560779) CVE-2009-4224 (Multiple PHP remote file inclusion vulnerabilities in SweetRice 0.5.4, ...) NOT-FOR-US: SweetRice