Secure testing commits - Apr 2009 - r11570 - data/CVE

Author: nion
Date: 2009-04-06 17:28:18 +0000 (Mon, 06 Apr 2009)
New Revision: 11570

Modified:
   data/CVE/list
Log:
- NFU
- CVE-2008-654{8,9} fixed in moin 1.6.2-1
- CVE-2008-653{2,3} fixed in drupal6/drupal5 6.9-1/5.14-1
- CVE-2009-0364 fixed in webcit 7.38b-dfsg-2
- new multipath-tools issue (CVE-2009-0115)


Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-04-06 16:40:24 UTC (rev 11569)
+++ data/CVE/list	2009-04-06 17:28:18 UTC (rev 11570)
@@ -380,9 +380,9 @@
 CVE-2008-6550 (Cross-site scripting (XSS) vulnerability in glossaire.php in
Glossaire ...)
 	NOT-FOR-US: Glossaire
 CVE-2008-6549 (The password_checker function in config/multiconfig.py in
MoinMoin ...)
-	TODO: check
+	- moin 1.6.2-1 (low)
 CVE-2008-6548 (The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not
check ...)
-	TODO: check
+	- moin 1.6.2-1 (low)
 CVE-2008-6547 (schema.py in FormEncode for Python (python-formencode) 1.0 does
not ...)
 	- python-formencode 1.0.1-1
 	[etch] - python-formencode <not-affected> (Vulnerable code was
introduced in 1.0)
@@ -413,9 +413,11 @@
 CVE-2008-6534 (Incomplete blacklist vulnerability in NULL FTP Server Free and
Pro ...)
 	NOT-FOR-US: NULL FTP Server
 CVE-2008-6533 (Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all
related ...)
-	TODO: check
+	- drupal5 5.14-1 (low)
+	- drupal6 6.9-1 (low)
 CVE-2008-6532 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
-	TODO: check
+	- drupal5 5.14-1 (low)
+	- drupal6 6.9-1 (low)
 CVE-2008-6531 (The WebWork 1 web application framework in Atlassian JIRA before
...)
 	NOT-FOR-US: Atlassian JIRA 
 CVE-2008-6530 (Unrestricted file upload vulnerability in editimage.php in ...)
@@ -3253,7 +3255,7 @@
 	- network-manager 0.7.0.99-1 (medium)
 CVE-2009-0364 (Format string vulnerability in the mini_calendar component in
...)
 	{DSA-1752-1}
-	TODO: check
+	- webcit 7.38b-dfsg-2 (low)
 CVE-2009-0363 (Multiple buffer overflows in (a) BarnOwl before 1.0.5 and (b)
owl ...)
 	{DTSA-197-1}
 	- barnowl 1.0.5-1
@@ -3845,7 +3847,7 @@
 CVE-2009-0194
 	RESERVED
 CVE-2009-0193 (Heap-based buffer overflow in Adobe Acrobat Reader 9 before 9.1,
8 ...)
-	TODO: check
+	NOT-FOR-US: Adobe Acrobat Reader
 CVE-2009-0192
 	RESERVED
 CVE-2009-0191 (Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506,
...)
@@ -4063,7 +4065,7 @@
 CVE-2009-0116
 	RESERVED
 CVE-2009-0115 (multipath-tools in SUSE openSUSE 10.3 through 11.0 and SUSE
Linux ...)
-	TODO: check
+	- multipath-tools <unfixed> (low; bug #522813)
 CVE-2008-5901 (iyzi Forum 1.0 beta 3 stores sensitive information under the web
root ...)
 	NOT-FOR-US: iyzi Forum
 CVE-2008-5900 (CodeAvalanche Articles stores sensitive information under the
web root ...)