thr3ads.net - Secure testing commits - [Secure-testing-commits] r10868

If this information is useful, please help other people find it:
Share via:
sf at alioth.debian.org
2009-Jan-06 11:26 UTC
[Secure-testing-commits] r10868 - data/CVE

Author: sf
Date: 2009-01-06 11:26:58 +0000 (Tue, 06 Jan 2009)
New Revision: 10868

Modified:
   data/CVE/list
Log:
new: linux, java, mediawiki(unimportant)
some NFUs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-01-06 09:14:11 UTC (rev 10867)
+++ data/CVE/list	2009-01-06 11:26:58 UTC (rev 10868)
@@ -311,7 +311,7 @@
 CVE-2008-5695 (wp-admin/options.php in WordPress MU before 1.3.2, and WordPress
2.3.2 ...)
 	- wordpress <unfixed>
 CVE-2008-5694 (PHP remote file inclusion vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Sandbox
 CVE-2008-5693 (Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly
other ...)
 	NOT-FOR-US: Ipswitch WS_FTP Server Manager
 CVE-2008-5692 (Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other
...)
@@ -323,7 +323,8 @@
 CVE-2008-5689 (tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through
snv_76 ...)
 	NOT-FOR-US: Solaris
 CVE-2008-5688 (MediaWiki 1.8.1 through 1.13.3, when the wgShowExceptionDetails
...)
-	TODO: check
+	- mediawiki <unfixed> (unimportant)
+	NOTE: Installation path disclosure not treated as a security issue
 CVE-2008-5687 (MediaWiki 1.11 through 1.13.3 does not properly protect against
the ...)
 	TODO: check
 CVE-2008-5686 (IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006,
when its ...)
@@ -682,9 +683,9 @@
 CVE-2008-5551 (The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows
remote ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2008-5550 (Open redirect vulnerability in
console/faces/jsp/login/BeginLogin.jsp ...)
-	TODO: check
+	NOT-FOR-US: Sun Java Web Console
 CVE-2008-5549 (Unspecified vulnerability in the Sun Java Web Console components
in ...)
-	TODO: check
+	NOT-FOR-US: Sun Java Web Console
 CVE-2008-5548 (VirusBuster 4.5.11.0, when Internet Explorer 6 or 7 is used,
allows ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2008-5547 (HAURI ViRobot 2008.12.4.1499 and possibly 2008.9.12.1375, when
...)
@@ -1050,7 +1051,8 @@
 CVE-2008-5396 (Array index error in the (1) torisa.c and (2) dahdi/tor2.c
drivers in ...)
 	- zaptel 1:1.4.11~dfsg-3
 CVE-2008-5395 (The parisc_show_stack function in arch/parisc/kernel/traps.c in
the ...)
-	TODO: check
+	- linux-2.6 <unfixed>
+	- linux-2.6.24 <removed>
 CVE-2008-5393 (UPR-Kernel in Ubuntu Privacy Remix (UPR) before 8.04_r1 includes
...)
 	NOT-FOR-US: Ubuntu Privacy Remix
 CVE-2008-5392
@@ -1128,11 +1130,11 @@
 CVE-2008-5364 (Stack-based buffer overflow in the getPlus ActiveX control in
gp.ocx ...)
 	NOT-FOR-US: getPlus
 CVE-2008-5363 (The ActionScript 2 virtual machine in Adobe Flash Player 10.x
before ...)
-	TODO: check
+	NOT-FOR-US: Adobe Flash Player
 CVE-2008-5362 (The DefineConstantPool action in the ActionScript 2 virtual
machine in ...)
-	TODO: check
+	NOT-FOR-US: Adobe Flash Player
 CVE-2008-5361 (The ActionScript 2 virtual machine in Adobe Flash Player 10.x
before ...)
-	TODO: check
+	NOT-FOR-US: Adobe Flash Player
 CVE-2008-5617 (The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1
does ...)
 	- rsyslog 3.18.6-1 (bug #508027)
 CVE-2008-5624 (PHP 5 before 5.2.7 does not properly initialize the page_uid and
...)
@@ -1143,49 +1145,93 @@
 CVE-2008-5660 (Format string vulnerability in the vinagre_utils_show_error
function ...)
 	- vinagre 0.5.1-2
 CVE-2008-5360 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10
and ...)
-	TODO: check
+	- sun-java5 <unfixed> (low; bug #508194)
+	- sun-java6 <unfixed> (low; bug #508195)
+	- openjdk-6 <unfixed> (low; bug #510972)
 CVE-2008-5359 (Buffer overflow in Java Runtime Environment (JRE) for Sun JDK
and JRE ...)
-	TODO: check
+	- sun-java5 <unfixed> (bug #508194)
+	- sun-java6 <unfixed> (bug #508195)
+	- openjdk-6 <unfixed> (bug #510972)
 CVE-2008-5358 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10
and ...)
-	TODO: check
+	- sun-java5 <unfixed> (bug #508194)
+	- sun-java6 <unfixed> (bug #508195)
+	- openjdk-6 <unfixed> (bug #510972)
 CVE-2008-5357 (Integer overflow in Java Runtime Environment (JRE) for Sun JDK
and JRE ...)
-	TODO: check
+	- sun-java5 <unfixed> (bug #508194)
+	- sun-java6 <unfixed> (bug #508195)
+	- openjdk-6 <unfixed> (bug #510972)
 CVE-2008-5356 (Heap-based buffer overflow in Java Runtime Environment (JRE) for
Sun ...)
-	TODO: check
+	- sun-java5 <unfixed> (bug #508194)
+	- sun-java6 <unfixed> (bug #508195)
+	- openjdk-6 <unfixed> (bug #510972)
 CVE-2008-5355 (The &quot;Java Update&quot; feature for Java Runtime
Environment (JRE) for Sun ...)
-	TODO: check
+	- sun-java5 <not-affected> (Java update not used in Debian)
+	- sun-java6 <not-affected> (Java update not used in Debian)
+	- openjdk-6 <not-affected> (Java update not used in Debian)
 CVE-2008-5354 (Stack-based buffer overflow in Java Runtime Environment (JRE)
for Sun ...)
-	TODO: check
+	- sun-java5 <unfixed> (bug #508194)
+	- sun-java6 <unfixed> (bug #508195)
+	- openjdk-6 <unfixed> (bug #510972)
 CVE-2008-5353 (Unspecified vulnerability in Java Runtime Environment (JRE) for
Sun ...)
-	TODO: check
+	- sun-java5 <unfixed> (bug #508194)
+	- sun-java6 <unfixed> (bug #508195)
+	- openjdk-6 <unfixed> (bug #510972)
 CVE-2008-5352 (Integer overflow in the JAR unpacking utility (unpack200) in the
...)
-	TODO: check
+	- sun-java5 <unfixed> (bug #508194)
+	- sun-java6 <unfixed> (bug #508195)
+	- openjdk-6 <unfixed> (bug #510972)
 CVE-2008-5351 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10
and ...)
-	TODO: check
+	- sun-java5 <unfixed> (bug #508194)
+	- sun-java6 <unfixed> (bug #508195)
+	- openjdk-6 <unfixed> (bug #510972)
 CVE-2008-5350 (Unspecified vulnerability in Java Runtime Environment (JRE) for
Sun ...)
-	TODO: check
+	- sun-java5 <unfixed> (bug #508194)
+	- sun-java6 <unfixed> (bug #508195)
+	- openjdk-6 <unfixed> (bug #510972)
 CVE-2008-5349 (Unspecified vulnerability in Java Runtime Environment (JRE) for
Sun ...)
-	TODO: check
+	- sun-java5 <unfixed> (bug #508194)
+	- sun-java6 <unfixed> (bug #508195)
+	- openjdk-6 <unfixed> (bug #510972)
 CVE-2008-5348 (Unspecified vulnerability in Java Runtime Environment (JRE) for
Sun ...)
-	TODO: check
+	- sun-java5 <unfixed> (bug #508194)
+	- sun-java6 <unfixed> (bug #508195)
+	- openjdk-6 <unfixed> (bug #510972)
 CVE-2008-5347 (Multiple unspecified vulnerabilities in Java Runtime Environment
(JRE) ...)
-	TODO: check
+	- sun-java5 <unfixed> (bug #508194)
+	- sun-java6 <unfixed> (bug #508195)
+	- openjdk-6 <unfixed> (bug #510972)
 CVE-2008-5346 (Unspecified vulnerability in Java Runtime Environment (JRE) for
Sun ...)
-	TODO: check
+	- sun-java5 <unfixed> (bug #508194)
+	- sun-java6 <unfixed> (bug #508195)
+	- openjdk-6 <unfixed> (bug #510972)
 CVE-2008-5345 (Unspecified vulnerability in Java Runtime Environment (JRE) with
Sun ...)
-	TODO: check
+	- sun-java5 <unfixed> (bug #508194)
+	- sun-java6 <unfixed> (bug #508195)
+	- openjdk-6 <unfixed> (bug #510972)
 CVE-2008-5344 (Unspecified vulnerability in Java Web Start (JWS) and Java
Plug-in ...)
-	TODO: check
+	- sun-java5 <unfixed> (bug #508194)
+	- sun-java6 <unfixed> (bug #508195)
+	- openjdk-6 <unfixed> (bug #510972)
 CVE-2008-5343 (Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6
Update 10 ...)
-	TODO: check
+	- sun-java5 <unfixed> (bug #508194)
+	- sun-java6 <unfixed> (bug #508195)
+	- openjdk-6 <unfixed> (bug #510972)
 CVE-2008-5342 (Unspecified vulnerability in the BasicService for Java Web Start
(JWS) ...)
-	TODO: check
+	- sun-java5 <unfixed> (bug #508194)
+	- sun-java6 <unfixed> (bug #508195)
+	- openjdk-6 <unfixed> (bug #510972)
 CVE-2008-5341 (Unspecified vulnerability in Java Web Start (JWS) and Java
Plug-in ...)
-	TODO: check
+	- sun-java5 <unfixed> (bug #508194)
+	- sun-java6 <unfixed> (bug #508195)
+	- openjdk-6 <unfixed> (bug #510972)
 CVE-2008-5340 (Unspecified vulnerability in Java Web Start (JWS) and Java
Plug-in ...)
-	TODO: check
+	- sun-java5 <unfixed> (bug #508194)
+	- sun-java6 <unfixed> (bug #508195)
+	- openjdk-6 <unfixed> (bug #510972)
 CVE-2008-5339 (Unspecified vulnerability in Java Web Start (JWS) and Java
Plug-in ...)
-	TODO: check
+	- sun-java5 <unfixed> (bug #508194)
+	- sun-java6 <unfixed> (bug #508195)
+	- openjdk-6 <unfixed> (bug #510972)
 CVE-2008-5338 (Cross-site scripting (XSS) vulnerability in info.php in
Bandwebsite ...)
 	NOT-FOR-US: Bandwebsite
 CVE-2008-5337 (SQL injection vulnerability in lyrics.php in Bandwebsite (aka
Bandsite ...)
Secure testing commits - Jan 2009 - r10868 - data/CVE

[Secure-testing-commits] r10868 - data/CVE
