jmm-guest at alioth.debian.org
2009-Mar-03 18:27 UTC
[Secure-testing-commits] r11318 - data/CVE
Author: jmm-guest Date: 2009-03-03 18:27:49 +0000 (Tue, 03 Mar 2009) New Revision: 11318 Modified: data/CVE/list Log: - five new kernel issues - xine-lib fixed - NFUs - new pngcrush issue - rewrite libvirt entry Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-03-03 09:14:18 UTC (rev 11317) +++ data/CVE/list 2009-03-03 18:27:49 UTC (rev 11318) @@ -1,11 +1,23 @@ CVE-2009-0748 (The ext4_fill_super function in fs/ext4/super.c in the Linux kernel ...) - TODO: check + - linux-2.6 <unfixed> (low) + [etch] - linux-2.6 <not-affected> (ext4 not yet present) + - linux-2.6.24 <unfixed> (low) + NOTE: Since the feature is experimental until 2.6.27, I don''t think we need to fix this CVE-2009-0747 (The ext4_isize function in fs/ext4/ext4.h in the Linux kernel 2.6.27 ...) - TODO: check + - linux-2.6 <unfixed> (low) + [etch] - linux-2.6 <not-affected> (ext4 not yet present) + - linux-2.6.24 <unfixed> (low) + NOTE: Since the feature is experimental until 2.6.27, I don''t think we need to fix this CVE-2009-0746 (The make_indexed_dir function in fs/ext4/namei.c in the Linux kernel ...) - TODO: check + - linux-2.6 <unfixed> (low) + [etch] - linux-2.6 <not-affected> (ext4 not yet present) + - linux-2.6.24 <unfixed> (low) + NOTE: Since the feature is experimental until 2.6.27, I don''t think we need to fix this CVE-2009-0745 (The ext4_group_add function in fs/ext4/resize.c in the Linux kernel ...) - TODO: check + - linux-2.6 <unfixed> (low) + [etch] - linux-2.6 <not-affected> (ext4 not yet present) + - linux-2.6.24 <unfixed> (low) + NOTE: Since the feature is experimental until 2.6.27, I don''t think we need to fix this CVE-2009-0744 (Apple Safari 4 Beta build 528.16 allows remote attackers to cause a ...) TODO: check CVE-2009-0743 (Cross-site scripting (XSS) vulnerability in the edit account page in ...) @@ -224,7 +236,7 @@ CVE-2009-0699 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Plunet BusinessManager CVE-2009-0698 (Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib ...) - - xine-lib <unfixed> (bug #517792; medium) + - xine-lib 1.1.16.2-1 (bug #517792; medium) CVE-2009-0697 RESERVED CVE-2009-0696 @@ -275,7 +287,9 @@ NOTE: Reproducer in <https://bugzilla.redhat.com/show_bug.cgi?id=486305> NOTE: lacks initialzer for len. Leak confirmed with fixed reproducer. CVE-2009-0675 (The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux ...) - TODO: check + - linux-2.6 <unfixed> (low) + - linux-2.6.24 <unfixed> (low) + NOTE: Didn''t check 2.6.24 so far, only temporary for now CVE-2009-0674 (images/captcha.php in Raven Web Services RavenNuke 2.30, when ...) NOT-FOR-US: RavenNuke CVE-2009-0673 (Eval injection vulnerability in the Custom Fields feature in the Your ...) @@ -653,29 +667,29 @@ CVE-2009-0626 RESERVED CVE-2009-0625 (Unspecified vulnerability in Cisco ACE Application Control Engine ...) - TODO: check + NOT-FOR-US: Cisco CVE-2009-0624 (Unspecified vulnerability in the SNMPv2c implementation in Cisco ACE ...) - TODO: check + NOT-FOR-US: Cisco CVE-2009-0623 (Unspecified vulnerability in Cisco ACE Application Control Engine ...) - TODO: check + NOT-FOR-US: Cisco CVE-2009-0622 (Unspecified vulnerability in Cisco ACE Application Control Engine ...) - TODO: check + NOT-FOR-US: Cisco CVE-2009-0621 (Cisco ACE 4710 Application Control Engine Appliance before A1(8a) uses ...) - TODO: check + NOT-FOR-US: Cisco CVE-2009-0620 (Cisco ACE Application Control Engine Module for Catalyst 6500 Switches ...) - TODO: check + NOT-FOR-US: Cisco CVE-2009-0619 RESERVED CVE-2009-0618 (Unspecified vulnerability in the Java agent in Cisco Application ...) - TODO: check + NOT-FOR-US: Cisco CVE-2009-0617 (Cisco Application Networking Manager (ANM) before 2.0 uses a default ...) - TODO: check + NOT-FOR-US: Cisco CVE-2009-0616 (Cisco Application Networking Manager (ANM) before 2.0 uses default ...) - TODO: check + NOT-FOR-US: Cisco CVE-2009-0615 (Directory traversal vulnerability in Cisco Application Networking ...) - TODO: check + NOT-FOR-US: Cisco CVE-2009-0614 (Unspecified vulnerability in the Web Server in Cisco Unified ...) - TODO: check + NOT-FOR-US: Cisco CVE-2009-0613 (Trend Micro InterScan Web Security Suite (IWSS) 3.1 before build 1237 ...) NOT-FOR-US: Trend Micro CVE-2009-0612 (Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and ...) @@ -973,17 +987,17 @@ - mediawiki <unfixed> (low; bug #514547) [lenny] - mediawiki 1:1.12.0-2lenny3 CVE-2009-0524 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 6 and 7, ...) - TODO: check + NOT-FOR-US: Adobe RoboHelp CVE-2009-0523 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 ...) - TODO: check + NOT-FOR-US: Adobe RoboHelp CVE-2009-0522 (Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on ...) - TODO: check + NOT-FOR-US: Adobe Flash Player CVE-2009-0521 (Untrusted search path vulnerability in Adobe Flash Player 9.x before ...) - TODO: check + NOT-FOR-US: Adobe Flash Player CVE-2009-0520 (Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 ...) - TODO: check + NOT-FOR-US: Adobe Flash Player CVE-2009-0519 (Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 ...) - TODO: check + NOT-FOR-US: Adobe Flash Player CVE-2009-0518 RESERVED CVE-2009-0517 (Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and ...) @@ -1007,7 +1021,7 @@ CVE-2009-0508 RESERVED CVE-2009-0507 (IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2 before ...) - TODO: check + NOT-FOR-US: IBM WebSphere CVE-2009-0506 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2009-0505 (The CICS listener in IBM TXSeries for Multiplatforms 6.2 GA waits for ...) @@ -3201,6 +3215,7 @@ NOTE: fixed in r6 point update NOTE: http://www.tdiary.org/20071215.html CVE-2009-0040 (The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before ...) + - pngcrush 1.6.15-1 TODO: check CVE-2009-0039 RESERVED @@ -3209,7 +3224,8 @@ CVE-2009-0037 RESERVED CVE-2009-0036 (Buffer overflow in the proxyReadClientSocket function in ...) - NOT-FOR-US: not building libvirt proxy from libvirt + - libvirt 0.5.1-7 (unimportant) + NOTE: not building libvirt proxy from libvirt source package CVE-2009-0035 RESERVED CVE-2009-0034 (parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret ...)