thijs at alioth.debian.org
2009-Feb-27 09:22 UTC
[Secure-testing-commits] r11273 - data/CVE
Author: thijs
Date: 2009-02-27 09:22:22 +0000 (Fri, 27 Feb 2009)
New Revision: 11273
Modified:
data/CVE/list
Log:
new optipng, opensc issues.
clean up rejected issues
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-02-26 09:14:13 UTC (rev 11272)
+++ data/CVE/list 2009-02-27 09:22:22 UTC (rev 11273)
@@ -1,3 +1,6 @@
+CVE-2009-XXXX [optipng array overflow]
+ - optipng 0.6.2.1-1 (low)
+ NOTE: http://secunia.com/advisories/34035/
CVE-2009-0741 (SQL injection vulnerability in Login.asp in Craft Silicon
Banking at Home ...)
TODO: check
CVE-2009-0740 (SQL injection vulnerability in login.php in BlueBird Prelease
allows ...)
@@ -140,7 +143,6 @@
TODO: check
CVE-2009-0671
REJECTED
- TODO: check
CVE-2009-0670
RESERVED
CVE-2009-0669
@@ -1409,8 +1411,10 @@
NOTE: https://bugs.gentoo.org/show_bug.cgi?id=253493
NOTE: CVE id requested
[lenny] - audacity 1.3.5-2+lenny1
-CVE-2009-0368
+CVE-2009-0368 [opensc information leak]
RESERVED
+ - opensc <unfixed>
+ NOTE: Unclear yet which versions are affected, asked maintainer
CVE-2009-0367
RESERVED
CVE-2009-0366
@@ -1906,8 +1910,6 @@
- typo3-src 4.2.4-1
CVE-2009-0242
REJECTED
- - ganglia-monitor-core <not-affected> (Only affects 3.1.1 branch,
currently in experimental under different name)
- - ganglia-monitor <unfixed> (low; bug #512637)
CVE-2009-0241 (Stack-based buffer overflow in the process_path function in ...)
{DSA-1710-1}
- ganglia-monitor-core 2.5.7-5 (medium; bug #512637)
@@ -4807,7 +4809,6 @@
NOT-FOR-US: Chipmunk CMS
CVE-2008-4920
REJECTED
- NOT-FOR-US: Agavi
CVE-2008-4919 (Insecure method vulnerability in VISAGESOFT eXPert PDF Viewer X
...)
NOT-FOR-US: eXPert PDF Viewer X ActiveX
CVE-2008-4918 (Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS
Enhanced ...)
@@ -5950,7 +5951,6 @@
NOT-FOR-US: IceBB
CVE-2008-4430
REJECTED
- NOTE: duplicate of CVE-2008-3699, will be rejected soon
CVE-2008-4429 (Unspecified vulnerability in SOURCENEXT Virus Security ZERO
9.5.0173 ...)
NOT-FOR-US: SOURCENEXT Virus Security ZERO
CVE-2008-4428 (Unrestricted file upload vulnerability in upload.php in
Phlatline''s ...)
@@ -5967,7 +5967,6 @@
NOT-FOR-US: Ovidentia
CVE-2008-4422
REJECTED
- NOT-FOR-US: ** REJECT **
CVE-2008-4421 (Directory traversal vulnerability in MetaGauge 1.0.0.17, and
probably ...)
NOT-FOR-US: MetaGauge
CVE-2008-4420