jmm-guest at alioth.debian.org
2009-Jan-14 21:36 UTC
[Secure-testing-commits] r10958 - in data: CVE DSA
Author: jmm-guest
Date: 2009-01-14 21:36:10 +0000 (Wed, 14 Jan 2009)
New Revision: 10958
Modified:
data/CVE/list
data/DSA/list
Log:
- add new enscript CVE ID already fixed
- new devil issue
- lots of NFUs
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-01-14 21:14:14 UTC (rev 10957)
+++ data/CVE/list 2009-01-14 21:36:10 UTC (rev 10958)
@@ -267,7 +267,6 @@
NOT-FOR-US: My PHP Baseball Stats
CVE-2008-5850
REJECTED
- NOT-FOR-US: Check Point
CVE-2008-5849 (Check Point VPN-1 R55, R65, and other versions, when Port
Address ...)
NOT-FOR-US: Check Point
CVE-2008-5848 (The Advantech ADAM-6000 module has 00000000 as its default
password, ...)
@@ -1223,61 +1222,61 @@
CVE-2008-5464
RESERVED
CVE-2008-5463 (Unspecified vulnerability in the PeopleSoft Enterprise Campus
...)
- TODO: check
+ NOT-FOR-US: BEA WebLogic
CVE-2008-5462 (Unspecified vulnerability in the WebLogic Portal component in
BEA ...)
- TODO: check
+ NOT-FOR-US: BEA WebLogic
CVE-2008-5461 (Unspecified vulnerability in the WebLogic Server component in
BEA ...)
- TODO: check
+ NOT-FOR-US: BEA WebLogic
CVE-2008-5460 (Unspecified vulnerability in the WebLogic Server component in
BEA ...)
- TODO: check
+ NOT-FOR-US: BEA WebLogic
CVE-2008-5459 (Unspecified vulnerability in the WebLogic Server component in
BEA ...)
- TODO: check
+ NOT-FOR-US: BEA WebLogic
CVE-2008-5458 (Unspecified vulnerability in the Oracle Application Object
Library ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2008-5457 (Unspecified vulnerability in the Oracle BEA WebLogic Server
Plugins ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2008-5456 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS
component ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2008-5455 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS -
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2008-5454 (Unspecified vulnerability in the iProcurement component in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2008-5453
RESERVED
CVE-2008-5452 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS
component ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2008-5451 (Unspecified vulnerability in the JD Edwards Tools component in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2008-5450 (Unspecified vulnerability in the Oracle Applications Platform
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2008-5449 (Unspecified vulnerability in the Oracle Secure Backup component
in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2008-5448 (Unspecified vulnerability in the Oracle Secure Backup component
in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2008-5447 (Unspecified vulnerability in the Oracle Enterprise Manager
component ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2008-5446 (Unspecified vulnerability in the Oracle Applications Framework
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2008-5445 (Unspecified vulnerability in the Oracle Secure Backup component
in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2008-5444 (Unspecified vulnerability in the Oracle Secure Backup component
in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2008-5443 (Unspecified vulnerability in the Oracle Secure Backup component
in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2008-5442 (Unspecified vulnerability in the Oracle Secure Backup component
in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2008-5441 (Unspecified vulnerability in the Oracle Secure Backup component
in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2008-5440 (Unspecified vulnerability in the TimesTen Data Server component
in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2008-5439 (Unspecified vulnerability in the SQL*Plus Windows GUI component
in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2008-5438 (Unspecified vulnerability in the Oracle Portal component in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2008-5437 (Unspecified vulnerability in the Job Queue component in Oracle
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2008-5436 (Unspecified vulnerability in the Oracle OLAP component in Oracle
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2008-5435 (Cross-site scripting (XSS) vulnerability in moderate.php in
PunBB ...)
NOT-FOR-US: PunBB
CVE-2008-5434 (Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1
allow ...)
@@ -1746,7 +1745,7 @@
CVE-2008-5263
RESERVED
CVE-2008-5262 (Multiple stack-based buffer overflows in the iGetHdrHeader
function in ...)
- TODO: check
+ - devil <unfixed> (bug filed)
CVE-2008-5261
RESERVED
CVE-2008-5260
@@ -2219,7 +2218,7 @@
- linux-2.6.24 <removed>
NOTE: http://marc.info/?l=linux-netdev&m=122841256115780&w=2
CVE-2008-5078 (Multiple buffer overflows in the (1) recognize_eps_file function
...)
- TODO: check
+ - enscript 1.6.4-13 (bug #506261)
CVE-2008-5077 (OpenSSL 0.9.8i and earlier does not properly check the return
value ...)
{DSA-1701-1}
- openssl 0.9.8g-15
@@ -4202,7 +4201,7 @@
CVE-2008-4217 (Integer signedness error in BOM in Apple Mac OS X before 10.5.6
allows ...)
NOT-FOR-US: BOM Apple Mac OS X
CVE-2008-4216 (The plug-in interface in WebKit in Apple Safari before 3.2 does
not ...)
- TODO: check
+ NOT-FOR-US: Safari
CVE-2008-4215 (Weblog in Mac OS X Server 10.4.11 does not properly check an
error ...)
NOT-FOR-US: Weblog Mac OS X
CVE-2008-4214 (Unspecified vulnerability in Script Editor in Mac OS X 10.4.11
and ...)
@@ -4724,13 +4723,13 @@
CVE-2008-4018 (swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows
local ...)
NOT-FOR-US: IBM AIX
CVE-2008-4017 (Unspecified vulnerability in the OC4J component in Oracle
Application ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2008-4016 (Unspecified vulnerability in the Collaborative Workspaces
component in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2008-4015 (Unspecified vulnerability in the Oracle Streams component in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2008-4014 (Unspecified vulnerability in the Oracle BPEL Process Manager
component ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2008-4013 (Unspecified vulnerability in the WebLogic Server component in
BEA ...)
NOT-FOR-US: BEA WebLogic
CVE-2008-4012 (Unspecified vulnerability in the WebLogic Workshop component in
BEA ...)
@@ -4744,9 +4743,9 @@
CVE-2008-4008 (Unspecified vulnerability in the WebLogic Server Plugins for
Apache ...)
NOT-FOR-US: BEA WebLogic
CVE-2008-4007 (Unspecified vulnerability in the PeopleSoft Enterprise
Components ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2008-4006 (Unspecified vulnerability in the Oracle Secure Backup component
in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2008-4005 (Unspecified vulnerability in the Oracle Application Express
component ...)
NOT-FOR-US: Oracle
CVE-2008-4004 (Unspecified vulnerability in the JDE EnterpriseOne Business
Service ...)
@@ -4760,11 +4759,11 @@
CVE-2008-4000 (Unspecified vulnerability in the PeopleTools component in Oracle
...)
NOT-FOR-US: Oracle
CVE-2008-3999 (Unspecified vulnerability in the Oracle OLAP component in Oracle
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2008-3998 (Unspecified vulnerability in the Oracle iStore component in
Oracle ...)
NOT-FOR-US: Oracle
CVE-2008-3997 (Unspecified vulnerability in the Oracle OLAP component in Oracle
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2008-3996 (Unspecified vulnerability in the Change Data Capture component
in ...)
NOT-FOR-US: Oracle
CVE-2008-3995 (Unspecified vulnerability in the Change Data Capture component
in ...)
@@ -4796,13 +4795,13 @@
CVE-2008-3982 (Unspecified vulnerability in the Workspace Manager component in
Oracle ...)
NOT-FOR-US: Oracle
CVE-2008-3981 (Unspecified vulnerability in the Oracle Secure Backup component
in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2008-3980 (Unspecified vulnerability in the Upgrade component in Oracle
Database ...)
NOT-FOR-US: Oracle
CVE-2008-3979 (Unspecified vulnerability in the Oracle Spatial component in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2008-3978 (Unspecified vulnerability in the Oracle Spatial component in
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2008-3977 (Unspecified vulnerability in the Oracle Portal component in
Oracle ...)
NOT-FOR-US: Oracle
CVE-2008-3976 (Unspecified vulnerability in the Oracle Spatial component in
Oracle ...)
@@ -4810,9 +4809,9 @@
CVE-2008-3975 (Unspecified vulnerability in the Oracle Portal component in
Oracle ...)
NOT-FOR-US: Oracle
CVE-2008-3974 (Unspecified vulnerability in the Oracle OLAP component in Oracle
...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2008-3973 (Unspecified vulnerability in the SQL*Plus Windows GUI component
in ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2008-3972 (pkcs15-tool in OpenSC before 0.11.6 does not apply security
updates to ...)
{DSA-1627-2}
- opensc 0.11.4-5
Modified: data/DSA/list
==================================================================---
data/DSA/list 2009-01-14 21:14:14 UTC (rev 10957)
+++ data/DSA/list 2009-01-14 21:36:10 UTC (rev 10958)
@@ -105,7 +105,7 @@
{CVE-2008-0017 CVE-2008-4582 CVE-2008-5012 CVE-2008-5013 CVE-2008-5014
CVE-2008-5017 CVE-2008-5018 CVE-2008-5021 CVE-2008-5022 CVE-2008-5023
CVE-2008-5024}
[etch] - iceweasel 2.0.0.18-0etch1
[24 Nov 2008] DSA-1670-1 enscript - arbitrary code execution
- {CVE-2008-3863 CVE-2008-4306}
+ {CVE-2008-3863 CVE-2008-4306 CVE-2008-5078}
[etch] - enscript 1.6.4-11.1
[23 Nov 2008] DSA-1669-1 xulrunner - several vulnerabilities
{CVE-2008-0016 CVE-2008-0017 CVE-2008-3835 CVE-2008-3836 CVE-2008-3837
CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062
CVE-2008-4065 CVE-2008-4066 CVE-2008-4067 CVE-2008-4068 CVE-2008-4069
CVE-2008-4582 CVE-2008-5012 CVE-2008-5013 CVE-2008-5014 CVE-2008-5017
CVE-2008-5018 CVE-2008-5021 CVE-2008-5022 CVE-2008-5023 CVE-2008-5024
CVE-2008-4063 CVE-2008-4064}