Author: jmm-guest
Date: 2009-05-22 19:51:11 +0000 (Fri, 22 May 2009)
New Revision: 11955
Modified:
data/CVE/list
Log:
- minor evolution issue can be fixed with other issues
- new kernel issue
- new pidgin issues (update to be released soon)
- new openssl issues
- add explicit etch status for older neon issue
- add some kvm issues
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-05-22 09:14:10 UTC (rev 11954)
+++ data/CVE/list 2009-05-22 19:51:11 UTC (rev 11955)
@@ -125,8 +125,11 @@
CVE-2009-1631 (The Mailer component in Evolution 2.26.1 and earlier uses ...)
- evolution <unfixed> (low; bug #526409)
NOTE: minor issue, perhaps a no-dsa tag for etch and lenny will be appropiate?
+ NOTE: This is minor, but since other Evolution issues need to be fixed anyway
+ NOTE: it can be fixed along
CVE-2009-1630 (The nfs_permission function in fs/nfs/dir.c in the NFS client
...)
- TODO: check
+ - linux-2.6 <unfixed>
+ - linux-2.6.24 <removed>
CVE-2009-1629 (ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs
with ...)
- ajaxterm <unfixed> (medium; bug #528938)
CVE-2009-XXXX [eggdrop buffer overflow]
@@ -411,7 +414,9 @@
[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in
2.6.29)
NOTE: vulnerability introduced in commit d84f4f99, which has only been
included in the kernel since 2.6.29
+ NOTE: However, d84f4f99 was introduced on 13th Nov 2008, so must''ve
been included in 2.6.28 at least?
NOTE: it has been confirmed that an exploit in the wild is making use of this
vulnerability
+ TODO: Verify exploit on earlier kernels
CVE-2009-1526 (JBMC Software DirectAdmin before 1.334 allows local users to
create or ...)
NOT-FOR-US: Directadmin
CVE-2009-1525 (CMD_DB in JBMC Software DirectAdmin before 1.334 allows remote
...)
@@ -830,17 +835,29 @@
CVE-2009-1379 (Use-after-free vulnerability in the
dtls1_retrieve_buffered_fragment ...)
TODO: check
CVE-2009-1378 (Multiple memory leaks in the dtls1_process_out_of_seq_message
function ...)
- TODO: check
+ - openssl <unfixed>
+ - openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
+ TODO: File bug
CVE-2009-1377 (The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL
0.9.8k and ...)
- TODO: check
-CVE-2009-1376
+ - openssl <unfixed>
+ - openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
+ TODO: File bug
+CVE-2009-1376 [new pidgin issues]
RESERVED
-CVE-2009-1375
+ - pidgin 2.5.6-1
+ - gaim <removed>
+CVE-2009-1375 [new pidgin issues]
RESERVED
-CVE-2009-1374
+ - pidgin 2.5.6-1
+ - gaim <removed>
+CVE-2009-1374 [new pidgin issues]
RESERVED
-CVE-2009-1373
+ - pidgin 2.5.6-1
+ - gaim <removed>
+CVE-2009-1373 [new pidgin issues]
RESERVED
+ - pidgin 2.5.6-1
+ - gaim <removed>
CVE-2009-1365 (Unspecified vulnerability in Adobe Flash Media Server (FMS)
before ...)
NOT-FOR-US: Adobe Flash Media Server
CVE-2009-1364 (Use-after-free vulnerability in the embedded GD library in
libwmf ...)
@@ -11395,6 +11412,7 @@
NOTE: mechanism in the first place.
CVE-2008-3746 (neon 0.28.0 through 0.28.2 allows remote servers to cause a
denial of ...)
- neon27 0.28.2-4
+ - neon26 <not-affected> (Issue was introduced in 0.28)
CVE-2008-3739 (Cross-site scripting (XSS) vulnerability in (1) System
Consultants ...)
NOT-FOR-US: La!Cooda WIZ
CVE-2008-3738 (Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and
earlier ...)
@@ -22801,9 +22819,11 @@
CVE-2007-5730 (Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and
possibly ...)
{DSA-1284-1}
- qemu 0.9.0-2 (bug #424070)
+ TODO: Affects KVM, check status
CVE-2007-5729 (The NE2000 emulator in QEMU 0.8.2 allows local users to execute
...)
{DSA-1284-1}
- qemu 0.9.0-2 (bug #424070)
+ TODO: Affects KVM, check status
CVE-2007-5728 (Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to
4.1.1, ...)
{DSA-1693-1}
- phppgadmin 4.1.3-0.1 (bug #449103; low)
@@ -30408,6 +30428,7 @@
CVE-2007-2893 (Heap-based buffer overflow in the bx_ne2k_c::rx_frame function
in ...)
{DSA-1351-1}
- bochs 2.3+20070705-1 (low; bug #427144)
+ TODO: Affects KVM, check status
CVE-2007-2892 (Cross-site scripting (XSS) vulnerability in news.asp in ASP-Nuke
2.0.7 ...)
NOT-FOR-US: ASP-Nuke
CVE-2007-2891 (Multiple PHP remote file inclusion vulnerabilities in FirmWorX
0.1.2 ...)