Author: atomo64-guest Date: 2009-04-19 23:22:45 +0000 (Sun, 19 Apr 2009) New Revision: 11652 Modified: data/CVE/list Log: NFUs, atmailopen is also vulnerable to roundcube''s html2text issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-04-19 23:10:32 UTC (rev 11651) +++ data/CVE/list 2009-04-19 23:22:45 UTC (rev 11652) @@ -1,25 +1,25 @@ CVE-2009-XXXX [slurm-llnl doesn''t drop supplementary groups] - slumn-llnl 1.3.15-1 CVE-2009-1330 (Stack-based buffer overflow in Easy RM to MP3 Converter allows remote ...) - TODO: check + NOT-FOR-US: Easy RM to MP3 Converter CVE-2009-1329 (Stack-based buffer overflow in Mini-stream Shadow Stream Recorder ...) - TODO: check + NOT-FOR-US: Mini-stream CVE-2009-1328 (Stack-based buffer overflow in Mini-stream RM-MP3 Converter 3.0.0.7 ...) - TODO: check + NOT-FOR-US: Mini-stream CVE-2009-1327 (Stack-based buffer overflow in Mini-stream WM Downloader 3.0.0.9 ...) - TODO: check + NOT-FOR-US: Mini-stream CVE-2009-1326 (Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 ...) - TODO: check + NOT-FOR-US: Mini-stream CVE-2009-1325 (Stack-based buffer overflow in Mini-stream Ripper 3.0.1.1 allows ...) - TODO: check + NOT-FOR-US: Mini-stream CVE-2009-1324 (Stack-based buffer overflow in Mini-stream ASX to MP3 Converter ...) - TODO: check + NOT-FOR-US: Mini-stream CVE-2009-1323 (SQL injection vulnerability in body.asp in Web File Explorer 3.1 ...) - TODO: check + NOT-FOR-US: Web File Explorer CVE-2009-1322 (ASP Product Catalog 1.0 stores sensitive information under the web ...) - TODO: check + NOT-FOR-US: ASP Product Catalog CVE-2009-1321 (Cross-site scripting (XSS) vulnerability in search.asp in ASP Product ...) - TODO: check + NOT-FOR-US: ASP Product Catalog CVE-2009-1320 (Multiple cross-site scripting (XSS) vulnerabilities in ...) TODO: check CVE-2009-1319 (Directory traversal vulnerability in includes/ini.inc.php in GuestCal ...) @@ -27,13 +27,13 @@ CVE-2009-1318 (Directory traversal vulnerability in index.php in Jamroom 3.1.2, 3.2.3 ...) TODO: check CVE-2009-1317 (Multiple SQL injection vulnerabilities in Aqua CMS 1.1, when ...) - TODO: check + NOT-FOR-US: Aqua CMS CVE-2009-1316 (Multiple SQL injection vulnerabilities in AbleSpace 1.0 allow remote ...) - TODO: check + NOT-FOR-US: AbleSpace CVE-2009-1315 (Multiple cross-site scripting (XSS) vulnerabilities in AbleSpace 1.0 ...) - TODO: check + NOT-FOR-US: Ablespace CVE-2009-1314 (body.asp in Web File Explorer 3.1 allows remote attackers to create ...) - TODO: check + NOT-FOR-US: CVE-2009-1314 CVE-2009-1313 RESERVED CVE-2009-1312 @@ -63,11 +63,11 @@ CVE-2009-1300 (apt 0.7.20 does not check when the date command returns an "invalid ...) - apt 0.7.21 (bug #523213) CVE-2008-6726 (Multiple directory traversal vulnerabilities in CMScout 2.06, when ...) - TODO: check + NOT-FOR-US: CMScout CVE-2008-6725 (Multiple SQL injection vulnerabilities in CMScout 2.06 allow remote ...) - TODO: check + NOT-FOR-US: CMScout CVE-2008-6724 (Cross-site scripting (XSS) vulnerability in index.pl in Perl Nopaste ...) - TODO: check + NOT-FOR-US: Perl Nopaste CVE-2009-1299 RESERVED CVE-2009-1298 @@ -5831,6 +5831,8 @@ NOTE: moodle recently copied roundcube''s html2text due to their copy being non-free - mahara <unfixed> (bug #524778) [lenny] - mahara <not-affected> (Vulnerable code not present) + - atmailopen <unfixed> + NOTE: maintainer is aware of it and an upload is pending CVE-2008-5485 RESERVED CVE-2008-5484