nion at alioth.debian.org
2009-Apr-01 11:35 UTC
[Secure-testing-commits] r11520 - data/CVE
Author: nion
Date: 2009-04-01 11:35:19 +0000 (Wed, 01 Apr 2009)
New Revision: 11520
Modified:
data/CVE/list
Log:
- NFUs
- CVE-2009-1175 non-issue
- new xfig issue (tmp race)
- CVE-2009-1046/CVE-2009-0859 fixed in linux.2.6 2.6.29-1
- new vlc issue (CVE-2009-1045)
- CVE-2009-0930 fixed in imp4 4.2-4
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-04-01 09:14:12 UTC (rev 11519)
+++ data/CVE/list 2009-04-01 11:35:19 UTC (rev 11520)
@@ -1,5 +1,7 @@
CVE-2009-1175 (Cross-site scripting (XSS) vulnerability in apps/web/vs_diag.cgi
in ...)
- TODO: check
+ - banshee <unfixed> (unimportant)
+ NOTE: banshee is intented as a desktop music player with no serious
+ NOTE: login credentials that an attacker could use remote
CVE-2009-1174 (The Web Services Security component in IBM WebSphere Application
...)
NOT-FOR-US: WebSphere
CVE-2009-1173 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3 uses
weak ...)
@@ -262,7 +264,7 @@
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-XXXX [unspecified xfig temp issue]
- xfig 1:3.2.5.a-1
- TODO: check
+ NOTE: requested CVE id
CVE-2009-XXXX [auth2db: SQL injection]
- auth2db 0.2.5-2+dfsg-1.1 (bug #521823; low)
[lenny] - auth2db 0.2.5-2+dfsg-1+lenny1
@@ -395,9 +397,9 @@
CVE-2009-1047 (Cross-site scripting (XSS) vulnerability in the Send by e-mail
module ...)
NOT-FOR-US: Send by e-mail module for Drupal
CVE-2009-1046 (The console selection feature in the Linux kernel 2.6.28 before
...)
- TODO: check
+ - linux.2.6 2.6.29-1
CVE-2009-1045 (requests/status.xml in VLC 0.9.8a allows remote attackers to
cause a ...)
- TODO: check
+ - vlc <unfixed> (low; bug #522170)
CVE-2009-1044 (Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to
execute ...)
{DSA-1756-1}
- xulrunner 1.9.0.8-1
@@ -689,11 +691,11 @@
- horde3 3.2.2+debian0-2 (bug #513265)
[etch] - horde3 <not-affected> (Vulnerable code not present)
CVE-2009-0930 (Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP
...)
- TODO: check
+ - imp4 4.2-4 (medium; bug #513266)
CVE-2009-0929 (Directory traversal vulnerability in the media manager in
Nucleus CMS ...)
NOT-FOR-US: Nucleus CMS
CVE-2009-0928 (Heap-based buffer overflow in Adobe Acrobat Reader and Acrobat
...)
- TODO: check
+ NOT-FOR-US: Adobe Acrobat Reader
CVE-2009-0927 (Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9
before ...)
NOT-FOR-US: Adobe Reader and Adobe Acrobat
CVE-2009-0926 (Unspecified vulnerability in the UFS filesystem functionality in
Sun ...)
@@ -786,7 +788,7 @@
CVE-2009-0893
RESERVED
CVE-2009-0892 (The administrative console in IBM WebSphere Application Server
(WAS) ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere
CVE-2009-0891 (The Web Services Security component in IBM WebSphere Application
...)
NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-0890
@@ -902,7 +904,7 @@
CVE-2009-0860 (Cross-site scripting (XSS) vulnerability in the web user
interface in ...)
NOT-FOR-US: NetMRI
CVE-2009-0859 (The shm_get_stat function in ipc/shm.c in the shm subsystem in
the ...)
- TODO: check
+ - linux-2.6 2.6.29-1
CVE-2009-0858 (The response_addname function in response.c in Daniel J.
Bernstein ...)
- djbdns 1:1.05-5 (low; bug #518169; bug #517631)
CVE-2009-0857 (Cross-site scripting (XSS) vulnerability in /prm/reports in the
...)