Author: gilbert-guest Date: 2010-04-05 02:00:51 +0000 (Mon, 05 Apr 2010) New Revision: 14401 Modified: data/CVE/list Log: NFUs; libesmtp issue was under the wrong cve Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-04-05 01:21:09 UTC (rev 14400) +++ data/CVE/list 2010-04-05 02:00:51 UTC (rev 14401) @@ -47,11 +47,11 @@ - chromium <itp> (bug #520324) NOTE: chrome-specific sandboxing issue CVE-2010-1227 (Cross-site scripting (XSS) vulnerability in Sun Java System ...) - TODO: check + NOT-FOR-US: Sun Java System Communication Express CVE-2010-1226 (The HTTP client functionality in Apple iPhone OS 3.1 on the iPhone 2G ...) NOT-FOR-US: Apple iPhone CVE-2010-1225 (The memory-management implementation in the Virtual Machine Monitor ...) - TODO: check + NOT-FOR-US: Microsoft Virtual PC CVE-2010-1224 (main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x ...) TODO: check CVE-2010-1223 @@ -65,15 +65,15 @@ CVE-2010-XXXX [interchange potential HTTP response splitting vulnerability] - interchange 5.7.6-1 CVE-2010-1219 (Directory traversal vulnerability in the JA News (com_janews) ...) - TODO: check + NOT-FOR-US: com_janews component for Joomla! CVE-2010-XXXX [opendchub] - opendchub <unfixed> (bug #576308) CVE-2010-1218 (Cross-site scripting (XSS) vulnerability in the mm_forum extension ...) - TODO: check + NOT-FOR-US: mm_forum extension for TYPO3 CVE-2010-1217 (Directory traversal vulnerability in the JE Form Creator ...) - TODO: check + NOT-FOR-US: com_jeformcr component for Joomla! CVE-2010-1216 (PHP remote file inclusion vulnerability in templates/template.php in ...) - TODO: check + NOT-FOR-US: notsoPureEdit CVE-2010-1215 RESERVED CVE-2010-1214 @@ -115,9 +115,10 @@ CVE-2010-1196 RESERVED CVE-2010-1194 (The match_component function in smtp-tls.c in libESMTP 1.0.3.r1, and ...) - TODO: check + - libesmtp <undetermined> + NOTE: http://www.openwall.com/lists/oss-security/2010/03/30/10 CVE-2010-1191 (Sahana disaster management system 0.6.2.2, and possibly other ...) - NOT-FOR-US: Sahana + - sahana <itp> (bug #497414) CVE-2010-1186 RESERVED CVE-2009-4763 (Unspecified vulnerability in the ClickHeat plugin, as used in ...) @@ -226,27 +227,27 @@ CVE-2010-1138 RESERVED CVE-2010-1137 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware ...) - TODO: check + NOT-FOR-US: VMware Server CVE-2009-4762 (MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs ...) TODO: check CVE-2009-4761 (Stack-based buffer overflow in Mini-stream RM Downloader allows remote ...) - TODO: check + NOT-FOR-US: Mini-stream RM Downloader CVE-2009-4760 (Winn ASP Guestbook 1.01 Beta stores sensitive information under the ...) - TODO: check + NOT-FOR-US: Winn ASP Guestbook CVE-2009-4759 (Buffer overflow in BrotherSoft BMXPlay 0.4.4b allows remote attackers ...) - TODO: check + NOT-FOR-US: BrotherSoft BMXPlay CVE-2009-4758 (Stack-based buffer overflow in dicas Mpegable Player 2.12 allows ...) - TODO: check + NOT-FOR-US: Mpegable Player CVE-2009-4757 (Stack-based buffer overflow in BrotherSoft EW-MusicPlayer 0.8 allows ...) - TODO: check + NOT-FOR-US: BrotherSoft EW-MusicPlayer CVE-2009-4756 (Stack-based buffer overflow in TraktorBeatport.exe 1.0.0.283 in ...) - TODO: check + NOT-FOR-US: Beatport Player CVE-2009-4755 (Multiple stack-based buffer overflows in Mercury Audio Player 1.21 ...) - TODO: check + NOT-FOR-US: Mercury Audio Player CVE-2009-4754 (Stack-based buffer overflow in Mercury Audio Player 1.21 allows remote ...) - TODO: check + NOT-FOR-US: Mercury Audio Player CVE-2009-4753 (Multiple buffer overflows in the FTP server on the Addonics NAS ...) - TODO: check + NOT-FOR-US: Addonics NAS Adapter NASU2FW41 CVE-2010-1136 (The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 ...) TODO: check CVE-2010-1135 (The user_logout function in TikiWiki CMS/Groupware 4.x before 4.2 does ...) @@ -264,43 +265,43 @@ CVE-2010-1128 (The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not ...) TODO: check CVE-2010-1127 (Microsoft Internet Explorer 6 and 7 does not initialize certain data ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2010-1126 (The JavaScript implementation in WebKit allows remote attackers to ...) TODO: check CVE-2010-1125 (The JavaScript implementation in Mozilla Firefox 3.x allows remote ...) TODO: check CVE-2010-1124 (bos.rte.libc 5.3.9.4 on IBM AIX 5.3 does not properly support reading ...) - TODO: check + NOT-FOR-US: IBM AIX CVE-2010-1123 (Chip Salzenberg Deliver does not properly associate a lockfile with ...) - TODO: check + - deliver <removed> CVE-2009-4752 (PHP remote file inclusion vulnerability in anzeiger/start.php in ...) - TODO: check + NOT-FOR-US: Swinger Club Portal CVE-2009-4751 (SQL injection vulnerability in anzeiger/start.php in Swinger Club ...) - TODO: check + NOT-FOR-US: Swinger Club Portal CVE-2009-4750 (PHP remote file inclusion vulnerability in home.php in Top Paidmailer ...) - TODO: check + NOT-FOR-US: Top Paidmailer CVE-2009-4749 (Multiple SQL injection vulnerabilities in PHP Live! 3.2.1 and 3.2.2 ...) - TODO: check + NOT-FOR-US: PHP Live! CVE-2009-4748 (SQL injection vulnerability in mycategoryorder.php in the My Category ...) - TODO: check + NOT-FOR-US: My Category Order plugin for wordpress CVE-2009-4747 (PHP remote file inclusion vulnerability in ...) - TODO: check + NOT-FOR-US: All In One Control Panel (AIOCP) CVE-2009-4746 (Cross-site scripting (XSS) vulnerability in index.php in Dreamlevels ...) - TODO: check + NOT-FOR-US: Dreamlevels DreamPoll CVE-2009-4745 (Multiple SQL injection vulnerabilities in index.php in Dreamlevels ...) - TODO: check + NOT-FOR-US: Dreamlevels DreamPoll CVE-2009-4744 (Cross-site scripting (XSS) vulnerability in the Contact module in ...) - TODO: check + NOT-FOR-US: Exponent CMS CVE-2009-4743 (Multiple cross-site scripting (XSS) vulnerabilities in ...) - TODO: check + NOT-FOR-US: AfterLogic WebMail CVE-2009-4742 (Multiple SQL injection vulnerabilities in Docebo 3.6.0.3 allow remote ...) - TODO: check + NOT-FOR-US: Docebo CVE-2009-4741 (Unspecified vulnerability in the Extras Manager before 2.0.0.67 in ...) - TODO: check + NOT-FOR-US: Skype CVE-2009-4740 (Directory traversal vulnerability in the Webesse E-Card (ws_ecard) ...) - TODO: check + NOT-FOR-US: ws_ecard extension for typo3 CVE-2009-4739 (PHP remote file inclusion vulnerability in index.php in SkaDate Dating ...) - TODO: check + NOT-FOR-US: SkaDate Dating CVE-2010-XXXX [freeciv lua] - freeciv <unfixed> (low) [lenny] - freeciv <no-dsa> (Minor issue) @@ -497,9 +498,9 @@ CVE-2010-1032 RESERVED CVE-2010-1031 (Unspecified vulnerability in HP Insight Control for Linux (aka ...) - TODO: check + NOT-FOR-US: HP Insight Control CVE-2010-1030 (Unspecified vulnerability in HP-UX B.11.31, with AudFilter rules ...) - TODO: check + NOT-FOR-US: HP-UX CVE-2010-1029 (Stack consumption vulnerability in the WebCore::CSSSelector function ...) TODO: check CVE-2010-1027 (SQL injection vulnerability in the Meet Travelmates (travelmate) ...) @@ -602,9 +603,9 @@ CVE-2010-0990 RESERVED CVE-2010-0989 (Directory traversal vulnerability in delete.php in Pulse CMS before ...) - TODO: check + NOT-FOR-US: Pulse CMS CVE-2010-0988 (Multiple unspecified vulnerabilities in Pulse CMS before 1.2.3 allow ...) - TODO: check + NOT-FOR-US: Pulse CMS CVE-2010-0987 RESERVED CVE-2010-0986 @@ -1202,9 +1203,7 @@ - libesmtp <unfixed> (bug #572960) NOTE: http://www.openwall.com/lists/oss-security/2010/03/03/6 CVE-2010-1193 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware Server ...) - - libesmtp <undetermined> - NOTE: http://www.openwall.com/lists/oss-security/2010/03/30/10 - TODO: check + NOT-FOR-US: VMware Server CVE-2010-XXXX [argyll unsafe udev rules] - argyll <not-affected> (issue with redhat-specific changes to the package) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=560050 @@ -1255,11 +1254,11 @@ CVE-2010-0808 RESERVED CVE-2010-0807 (Microsoft Internet Explorer 7 does not properly handle objects in ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0806 (Use-after-free vulnerability in the Peer Objects component (aka ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0805 (The Tabular Data Control (TDC) ActiveX control in Microsoft Internet ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0804 (Cross-site scripting (XSS) vulnerability in index.php in iBoutique 4.0 ...) NOT-FOR-US: iBoutique CVE-2010-0803 (SQL injection vulnerability in the jVideoDirect (com_jvideodirect) ...) @@ -1339,11 +1338,11 @@ CVE-2010-0771 RESERVED CVE-2010-0770 (IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before ...) - TODO: check + NOT-FOR-US: IBM WebSphere Application Server CVE-2010-0769 (IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before ...) - TODO: check + NOT-FOR-US: IBM WebSphere Application Server CVE-2010-0768 (Cross-site scripting (XSS) vulnerability in the Administration Console ...) - TODO: check + NOT-FOR-US: IBM WebSphere Application Server CVE-2010-0767 RESERVED CVE-2010-0766 (Integer overflow in the Swap4 function in valet4.dll in Luxology Modo ...) @@ -1548,7 +1547,7 @@ CVE-2010-0687 RESERVED CVE-2010-0686 (WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, ...) - TODO: check + NOT-FOR-US: VMware Server CVE-2010-0685 (The design of the dialplan functionality in Asterisk Open Source ...) - asterisk <unfixed> [lenny] - asterisk <no-dsa> (Unfixable design issue, best practice docs need to be followed) @@ -2034,105 +2033,105 @@ CVE-2010-0538 RESERVED CVE-2010-0537 (DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly ...) - TODO: check + NOT-FOR-US: Apple DesktopServices CVE-2010-0536 (Apple QuickTime before 7.6.6 on Windows allows remote attackers to ...) - TODO: check + NOT-FOR-US: Apple QuickTime CVE-2010-0535 (Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is ...) TODO: check CVE-2010-0534 (Wiki Server in Apple Mac OS X 10.6 before 10.6.3 does not enforce the ...) - TODO: check + NOT-FOR-US: Apple Wiki Server CVE-2010-0533 (Directory traversal vulnerability in AFP Server in Apple Mac OS X ...) - TODO: check + NOT-FOR-US: Apple AFP Server CVE-2010-0532 (Race condition in the installation package in Apple iTunes before 9.1 ...) - TODO: check + NOT-FOR-US: Apple itunes CVE-2010-0531 (Apple iTunes before 9.1 allows remote attackers to cause a denial of ...) - TODO: check + NOT-FOR-US: Apple iTunes CVE-2010-0530 RESERVED CVE-2010-0529 (Heap-based buffer overflow in Apple QuickTime before 7.6.6 on Windows ...) - TODO: check + NOT-FOR-US: Apple QuickTime CVE-2010-0528 (Apple QuickTime before 7.6.6 on Windows allows remote attackers to ...) - TODO: check + NOT-FOR-US: Apple Quicktime CVE-2010-0527 (Integer overflow in Apple QuickTime before 7.6.6 on Windows allows ...) - TODO: check + NOT-FOR-US: Apple QuickTime CVE-2010-0526 (Heap-based buffer overflow in QuickTime in Apple Mac OS X before ...) - TODO: check + NOT-FOR-US: Apple QuickTime CVE-2010-0525 (Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key ...) - TODO: check + NOT-FOR-US: Apple Mail CVE-2010-0524 (The default configuration of the FreeRADIUS server in Apple Mac OS X ...) TODO: check CVE-2010-0523 (Wiki Server in Apple Mac OS X 10.5.8 does not restrict the file types ...) - TODO: check + NOT-FOR-US: Apple Wiki Server CVE-2010-0522 (Server Admin in Apple Mac OS X Server 10.5.8 does not properly ...) - TODO: check + NOT-FOR-US: Apple Server Admin CVE-2010-0521 (Server Admin in Apple Mac OS X Server before 10.6.3 does not properly ...) - TODO: check + NOT-FOR-US: Apple Server Admin CVE-2010-0520 (Heap-based buffer overflow in QuickTime in Apple Mac OS X before ...) - TODO: check + NOT-FOR-US: Apple QuickTime CVE-2010-0519 (Integer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows ...) - TODO: check + NOT-FOR-US: Apple QuickTime CVE-2010-0518 (QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Apple QuickTime CVE-2010-0517 (Heap-based buffer overflow in QuickTime in Apple Mac OS X before ...) - TODO: check + NOT-FOR-US: Apple QuickTime CVE-2010-0516 (Heap-based buffer overflow in QuickTime in Apple Mac OS X before ...) - TODO: check + NOT-FOR-US: Apple QuickTime CVE-2010-0515 (QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Apple QuickTime CVE-2010-0514 (Heap-based buffer overflow in QuickTime in Apple Mac OS X before ...) - TODO: check + NOT-FOR-US: Apple QuickTime CVE-2010-0513 (Stack-based buffer overflow in PS Normalizer in Apple Mac OS X before ...) - TODO: check + NOT-FOR-US: Apple PS Normalizer CVE-2010-0512 (The Accounts Preferences implementation in Apple Mac OS X 10.6 before ...) - TODO: check + NOT-FOR-US: Apple Accounts Preferences CVE-2010-0511 (Podcast Producer in Apple Mac OS X 10.6 before 10.6.3 deletes the ...) - TODO: check + NOT-FOR-US: Apple Podcast Producer CVE-2010-0510 (Password Server in Apple Mac OS X Server before 10.6.3 does not ...) - TODO: check + NOT-FOR-US: Apple Password Server CVE-2010-0509 (SFLServer in OS Services in Apple Mac OS X before 10.6.3 allows local ...) - TODO: check + NOT-FOR-US: Apple SFLServer CVE-2010-0508 (Mail in Apple Mac OS X before 10.6.3 does not disable the filter rules ...) - TODO: check + NOT-FOR-US: Apple Mail CVE-2010-0507 (Buffer overflow in Image RAW in Apple Mac OS X before 10.6.3 allows ...) - TODO: check + NOT-FOR-US: Apple Image RAW CVE-2010-0506 (Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 allows remote ...) - TODO: check + NOT-FOR-US: Apple Image RAW CVE-2010-0505 (Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.3 ...) - TODO: check + NOT-FOR-US: Apple ImageIO CVE-2010-0504 (Multiple stack-based buffer overflows in iChat Server in Apple Mac OS ...) - TODO: check + NOT-FOR-US: Apple iChat CVE-2010-0503 (Use-after-free vulnerability in iChat Server in Apple Mac OS X Server ...) - TODO: check + NOT-FOR-US: Apple iChat CVE-2010-0502 (iChat Server in Apple Mac OS X Server before 10.6.3, when group chat ...) - TODO: check + NOT-FOR-US: Apple iChat CVE-2010-0501 (Directory traversal vulnerability in FTP Server in Apple Mac OS X ...) - TODO: check + NOT-FOR-US: Apple FTP Server CVE-2010-0500 (Event Monitor in Apple Mac OS X before 10.6.3 does not properly ...) - TODO: check + NOT-FOR-US: Apple Event Monitor CVE-2010-0499 RESERVED CVE-2010-0498 (Directory Services in Apple Mac OS X before 10.6.3 does not properly ...) - TODO: check + NOT-FOR-US: Apple Directory Services CVE-2010-0497 (Disk Images in Apple Mac OS X before 10.6.3 does not provide the ...) - TODO: check + NOT-FOR-US: Apple Disk Images CVE-2010-0496 (FreeBit ServersMan 3.1.5 on Apple iPhone OS 3.1.2, and iPhone OS for ...) NOT-FOR-US: Apple iPhone OS CVE-2010-0495 RESERVED CVE-2010-0494 (Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0493 RESERVED CVE-2010-0492 (mstime.dll in Microsoft Internet Explorer 8 does not properly handle ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0491 (Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0490 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0489 (Race condition in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0488 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0487 RESERVED CVE-2010-0486 @@ -2218,15 +2217,15 @@ CVE-2010-0453 (The ucode_ioctl function in intel/io/ucode_drv.c in Sun Solaris 10 and ...) NOT-FOR-US: Sun Solaris CVE-2010-0452 (Multiple cross-site scripting (XSS) vulnerabilities in HP Project and ...) - TODO: check + NOT-FOR-US: HP Project and Portfolio Management Center CVE-2010-0451 (The installation process for NFS/ONCplus B.11.31_08 and earlier on HP ...) - TODO: check + NOT-FOR-US: HP-UX CVE-2010-0450 (Unspecified vulnerability in HP SOA Registry Foundation 6.63 and 6.64 ...) - TODO: check + NOT-FOR-US: HP SOA Registry Foundation CVE-2010-0449 (Cross-site scripting (XSS) vulnerability in HP SOA Registry Foundation ...) - TODO: check + NOT-FOR-US: HP SOA Registry Foundation CVE-2010-0448 (Unspecified vulnerability in HP SOA Registry Foundation 6.63 and 6.64 ...) - TODO: check + NOT-FOR-US: HP SOA Registry Foundation CVE-2010-0447 (The helpmanager servlet in the web server in HP OpenView Performance ...) NOT-FOR-US: HP OpenView Performance Insight CVE-2010-0446 (Unspecified vulnerability on the HP DreamScreen 100 and 130 with ...) @@ -2865,7 +2864,7 @@ CVE-2010-0268 RESERVED CVE-2010-0267 (Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly handle ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0266 RESERVED CVE-2010-0265 (Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, ...) @@ -3459,7 +3458,7 @@ CVE-2009-4506 RESERVED CVE-2009-4505 (Multiple cross-site scripting (XSS) vulnerabilities in OpenCMS OAMP ...) - TODO: check + NOT-FOR-US: OpenCMS CVE-2009-4504 RESERVED CVE-2009-4503 @@ -3771,7 +3770,7 @@ - sun-java6 <unfixed> [lenny] - sun-java6 <no-dsa> (Non-free not supported) CVE-2010-0094 (Unspecified vulnerability in the Java Runtime Environment component in ...) - TODO: check + NOT-FOR-US: Oracle Java SE CVE-2010-0093 (Unspecified vulnerability in the Java Runtime Environment component in ...) - openjdk-6 <undetermined> - sun-java6 <unfixed> @@ -3785,7 +3784,7 @@ - sun-java6 <unfixed> [lenny] - sun-java6 <no-dsa> (Non-free not supported) CVE-2010-0090 (Unspecified vulnerability in the Java Web Start, Java Plug-in ...) - TODO: check + NOT-FOR-US: Oracle Sava SE CVE-2010-0089 (Unspecified vulnerability in the Java Web Start, Java Plug-in ...) - openjdk-6 <undetermined> - sun-java6 <unfixed> @@ -3992,25 +3991,25 @@ NOTE: CVE requested NOTE: from "Shocking News in PHP Exploitation" by Stefan Esser CVE-2010-0065 (Disk Images in Apple Mac OS X before 10.6.3 allows user-assisted ...) - TODO: check + NOT-FOR-US: Apple Disk Images CVE-2010-0064 (DesktopServices in Apple Mac OS X 10.6 before 10.6.3 preserves file ...) - TODO: check + NOT-FOR-US: Apple DesktopServices CVE-2010-0063 (Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X ...) - TODO: check + NOT-FOR-US: Apple CoreTypes CVE-2010-0062 (Heap-based buffer overflow in CoreMedia and QuickTime in Apple Mac OS ...) - TODO: check + NOT-FOR-US: Apple QuickTime CVE-2010-0061 RESERVED CVE-2010-0060 (CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Apple CoreAudio CVE-2010-0059 (CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Apple CoreAudio CVE-2010-0058 (freshclam in ClamAV in Apple Mac OS X 10.5.8 with Security Update ...) TODO: check CVE-2010-0057 (AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use ...) - TODO: check + NOT-FOR-US: Apple AFP Server CVE-2010-0056 (Buffer overflow in Cocoa spell checking in AppKit in Apple Mac OS X ...) - TODO: check + NOT-FOR-US: Apple AppKit CVE-2010-0055 (xar in Apple Mac OS X 10.5.8 does not properly validate package ...) - xar <removed> (bug #572556) [lenny] - xar <no-dsa> (Minor issue) @@ -6182,7 +6181,7 @@ [lenny] - perl <not-affected> (Vulnerable code not present) [etch] - perl <not-affected> (Vulnerable code not present) CVE-2009-3625 (Directory traversal vulnerability in www/index.php in Sahana 0.6.2.2 ...) - NOT-FOR-US: Sahana + - sahana <itp> (bug #497414) CVE-2009-3624 (The get_instantiation_keyring function in security/keys/keyctl.c in ...) - linux-2.6 2.6.31-2 (low) [etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29) @@ -8951,7 +8950,7 @@ CVE-2009-2802 RESERVED CVE-2009-2801 (The Application Firewall in Apple Mac OS X 10.5.8 drops unspecified ...) - TODO: check + NOT-FOR-US: Apple Application Firewall CVE-2009-2800 (Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 ...) NOT-FOR-US: Apple Mac OS X CVE-2009-2799 (Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows ...) @@ -10781,7 +10780,7 @@ CVE-2009-2278 RESERVED CVE-2009-2277 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware ...) - TODO: check + NOT-FOR-US: VMware CVE-2009-2276 (SQL injection vulnerability in voteforus.php in the Vote For Us ...) NOT-FOR-US: voteforus.php extension for PunBB CVE-2009-2275 (Directory traversal vulnerability in frontend/x3/stats/lastvisit.html ...)