Author: geissert Date: 2010-04-16 01:26:11 +0000 (Fri, 16 Apr 2010) New Revision: 14500 Modified: data/CVE/list Log: NFUs, one clamav issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-04-16 00:56:54 UTC (rev 14499) +++ data/CVE/list 2010-04-16 01:26:11 UTC (rev 14500) @@ -2527,9 +2527,9 @@ CVE-2010-0488 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0487 (The Authenticode Signature verification functionality in cabview.dll ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2010-0486 (The WinVerifyTrust function in Authenticode Signature Verification ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2010-0485 RESERVED CVE-2010-0484 @@ -2537,19 +2537,19 @@ CVE-2010-0483 (vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows ...) NOT-FOR-US: Microsoft Windows CVE-2010-0482 (The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2010-0481 (The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2010-0480 (Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2010-0479 (Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2010-0478 (Stack-based buffer overflow in nsum.exe in the Windows Media Unicast ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2010-0477 (The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2010-0476 (The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2010-0475 RESERVED CVE-2010-0474 @@ -3262,11 +3262,11 @@ CVE-2010-0271 (hald in Sun OpenSolaris snv_51 through snv_130 does not have the ...) NOT-FOR-US: hald in Sun OpenSolaris CVE-2010-0270 (The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2010-0269 (The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2010-0268 (Unspecified vulnerability in the Windows Media Player ActiveX control ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2010-0267 (Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly handle ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0266 @@ -3290,11 +3290,11 @@ CVE-2010-0257 (Microsoft Office Excel 2002 SP3 does not properly parse the Excel file ...) NOT-FOR-US: Microsoft Office CVE-2010-0256 (Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does ...) - TODO: check + NOT-FOR-US: Microsoft Office CVE-2010-0255 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0254 (Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does ...) - TODO: check + NOT-FOR-US: Microsoft Office CVE-2010-0253 RESERVED CVE-2010-0252 (The Microsoft Data Analyzer ActiveX control (aka the Office Excel ...) @@ -3326,15 +3326,15 @@ CVE-2010-0239 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and ...) NOT-FOR-US: Microsoft Windows Vista Gold CVE-2010-0238 (Unspecified vulnerability in registry-key validation in the kernel in ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2010-0237 (The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2010-0236 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2010-0235 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2010-0234 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2010-0233 (Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, ...) NOT-FOR-US: Microsoft Windows CVE-2010-0232 (The kernel in Microsoft Windows NT 3.1 through Windows 7, including ...) @@ -3429,35 +3429,35 @@ TODO: check freeimage, tuxonice-userui NOTE: http://www.kb.cert.org/vuls/id/576029 CVE-2010-0204 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on ...) - TODO: check + NOT-FOR-US: Adobe Reader CVE-2010-0203 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x ...) - TODO: check + NOT-FOR-US: Adobe Reader CVE-2010-0202 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x ...) - TODO: check + NOT-FOR-US: Adobe Reader CVE-2010-0201 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on ...) - TODO: check + NOT-FOR-US: Adobe Reader CVE-2010-0200 REJECTED CVE-2010-0199 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x ...) - TODO: check + NOT-FOR-US: Adobe Reader CVE-2010-0198 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x ...) - TODO: check + NOT-FOR-US: Adobe Reader CVE-2010-0197 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on ...) - TODO: check + NOT-FOR-US: Adobe Reader CVE-2010-0196 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before ...) - TODO: check + NOT-FOR-US: Adobe Reader CVE-2010-0195 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on ...) - TODO: check + NOT-FOR-US: Adobe Reader CVE-2010-0194 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on ...) - TODO: check + NOT-FOR-US: Adobe Reader CVE-2010-0193 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before ...) - TODO: check + NOT-FOR-US: Adobe Reader CVE-2010-0192 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before ...) - TODO: check + NOT-FOR-US: Adobe Reader CVE-2010-0191 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on ...) - TODO: check + NOT-FOR-US: Adobe Reader CVE-2010-0190 (Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat ...) - TODO: check + NOT-FOR-US: Adobe Reader CVE-2010-0189 (A certain ActiveX control in NOS Microsystems getPlus Download Manager ...) NOT-FOR-US: Adobe Download Manager CVE-2010-0188 (Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 ...) @@ -3807,6 +3807,8 @@ CVE-2010-0099 RESERVED CVE-2010-0098 (ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z ...) + - clamav 0.96+dfsg-1 + [lenny] - clamav <no-dsa> (no longer supported) TODO: check CVE-2010-0097 (ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before ...) - bind9 1:9.7.0.dfsg-1 @@ -4229,7 +4231,7 @@ - sun-java6 <unfixed> [lenny] - sun-java6 <no-dsa> (Non-free not supported) CVE-2010-0086 (Unspecified vulnerability in the Portal component in Oracle Fusion ...) - TODO: check + NOT-FOR-US: Oracle Fusion Middleware CVE-2010-0085 (Unspecified vulnerability in the Java Runtime Environment component in ...) - openjdk-6 <undetermined> - sun-java6 6.19-1 @@ -4261,7 +4263,7 @@ CVE-2010-0074 (Unspecified vulnerability in the WebLogic Server component in BEA ...) NOT-FOR-US: BEA Product Suite CVE-2010-0073 (Unspecified vulnerability in the WebLogic Server in Oracle WebLogic ...) - TODO: check + NOT-FOR-US: Oracle WebLogic Server CVE-2010-0072 (Unspecified vulnerability in the Oracle Secure Backup component in ...) NOT-FOR-US: Oracle Secure Backup CVE-2010-0071 (Unspecified vulnerability in the Listener component in Oracle Database ...) @@ -4544,9 +4546,9 @@ CVE-2010-0026 (The Hyper-V server implementation in Microsoft Windows Server 2008 ...) NOT-FOR-US: Microsoft Windows Server CVE-2010-0025 (The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2010-0024 (The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, ...) - TODO: check + NOT-FOR-US: Microsoft Windows CVE-2010-0023 (The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 ...) NOT-FOR-US: Microsoft Windows CVE-2010-0022 (The SMB implementation in the Server service in Microsoft Windows 2000 ...) @@ -6280,7 +6282,7 @@ CVE-2009-3733 (Directory traversal vulnerability in VMware Server 1.x before 1.0.10 ...) - vmware-package <removed> CVE-2009-3732 (Format string vulnerability in vmware-vmrc.exe build 158248 in VMware ...) - TODO: check + NOT-FOR-US: VMware CVE-2009-3731 (Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help ...) NOT-FOR-US: WebWorks Help CVE-2009-3730 (Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help ...) @@ -13222,9 +13224,9 @@ CVE-2009-1566 (Integer overflow in Roxio Easy Media Creator 9.0.136, and Roxio ...) NOT-FOR-US: Roxio Easy Media Creator CVE-2009-1565 (vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 ...) - TODO: check + NOT-FOR-US: VMware Movie Decoder CVE-2009-1564 (Heap-based buffer overflow in vmnc.dll in the VMnc media codec in ...) - TODO: check + TODO: VMware products CVE-2009-1563 REJECTED NOTE: Tracked as CVE-2009-0689 @@ -25669,7 +25671,7 @@ CVE-2008-3280 RESERVED CVE-2008-3279 (Untrusted search path vulnerability in libbrlttybba.so in brltty 3.7.2 ...) - TODO: check + - brltty <not-affected> (RedHat-specific) CVE-2008-3278 RESERVED CVE-2008-3277