thr3ads.net - Secure testing commits - [Secure-testing-commits] r11886

If this information is useful, please help other people find it:
Share via:
Giuseppe Iuculano
2009-May-13 08:26 UTC
[Secure-testing-commits] r11886 - data/CVE

Author: derevko-guest
Date: 2009-05-13 08:26:30 +0000 (Wed, 13 May 2009)
New Revision: 11886

Modified:
   data/CVE/list
Log:
NFUs
CVE-2009-1603: opensc issue got a CVE id


Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-05-13 01:02:35 UTC (rev 11885)
+++ data/CVE/list	2009-05-13 08:26:30 UTC (rev 11886)
@@ -1,31 +1,34 @@
 CVE-2009-1616 (Cross-site scripting (XSS) vulnerability in docs/showdoc.php in
...)
-	TODO: check
+	NOT-FOR-US: Coppermine Photo Gallery
 CVE-2009-1615 (Unrestricted file upload vulnerability in Leap CMS 0.1.4 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: Leap CMS
 CVE-2009-1614 (Multiple cross-site scripting (XSS) vulnerabilities in Leap CMS
0.1.4 ...)
-	TODO: check
+	NOT-FOR-US: Leap CMS
 CVE-2009-1613 (Multiple SQL injection vulnerabilities in leap.php in Leap CMS
0.1.4, ...)
-	TODO: check
+	NOT-FOR-US: Leap CMS
 CVE-2009-1612 (Stack-based buffer overflow in the MPS.StormPlayer.1 ActiveX
control ...)
 	NOT-FOR-US: ActiveX
 CVE-2009-1611 (Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24
allows ...)
 	NOT-FOR-US: ElectraSoft 32bit FTP
 CVE-2009-1610 (admin/changepassword.php in Job Script Job Board Software 2.0
allows ...)
-	TODO: check
+	NOT-FOR-US: Job Script Job Board Software
 CVE-2009-1609 (Unrestricted file upload vulnerability in admin/uploadform.asp
in ...)
-	TODO: check
+	NOT-FOR-US: Battle Blog
 CVE-2009-1608 (Multiple buffer overflows in Microchip MPLAB IDE 8.30 and
possibly ...)
-	TODO: check
+	NOT-FOR-US: Microchip MPLAB IDE
 CVE-2009-1607 (Cross-site scripting (XSS) vulnerability in the administrator
panel in ...)
-	TODO: check
+	NOT-FOR-US: LinkBase 
 CVE-2009-1606 (Multiple stack-based and heap-based buffer overflows in Dafolo
...)
-	TODO: check
+	NOT-FOR-US: Dafolo DafoloControl ActiveX
 CVE-2009-1605 (Heap-based buffer overflow in the loadexponentialfunc function
in ...)
-	TODO: check
+	NOT-FOR-US: MuPDF
 CVE-2009-1604 (Unspecified vulnerability in LimeSurvey before 1.82 allows
remote ...)
 	NOT-FOR-US: LimeSurvey
 CVE-2009-1603 (src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when
used ...)
-	TODO: check
+	- opensc 0.11.8 (high; bug #527640)
+	[etch] - opensc <not-affected> (vulnerable code introduced in 0.11.7)
+	[lenny] - opensc <not-affected> (vulnerable code introduced in 0.11.7)
+	NOTE: checked code, public exponent set correctly in etch/lenny versions
(CK_BYTE publicExponent[] = { 3 };)
 CVE-2009-1602 (Pablo Software Solutions Quick ''n Easy Mail Server 3.3
allows remote ...)
 	NOT-FOR-US: Pablo Software
 CVE-2009-1601 (The Ubuntu clamav-milter.init script in clamav-milter before
...)
@@ -102,11 +105,6 @@
 	NOT-FOR-US: DFLabs
 CVE-2008-6792 (system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10, as
used ...)
 	- system-tools-backends <unfixed> (low; bug #527952)
-CVE-2009-XXXX [opensc: insecure due to wrong public exponent]
-	- opensc 0.11.8 (high; bug #527640)
-	[etch] - opensc <not-affected> (vulnerable code introduced in 0.11.7)
-	[lenny] - opensc <not-affected> (vulnerable code introduced in 0.11.7)
-	NOTE: checked code, public exponent set correctly in etch/lenny versions
(CK_BYTE publicExponent[] = { 3 };)
 CVE-2009-1581
 	RESERVED
 CVE-2009-1580
Secure testing commits - May 2009 - r11886 - data/CVE

[Secure-testing-commits] r11886 - data/CVE
