Author: derevko-guest
Date: 2009-06-25 17:34:32 +0000 (Thu, 25 Jun 2009)
New Revision: 12199
Modified:
data/CVE/list
Log:
- new xcftools, gupnp, ocsinventory-server issues
- adjust impact of OCS Inventory NG SQL Injection Vulnerability, it
can be exploited only if magic_quotes is off
- remove superfluous distribution tags in CVE-2009-0153, it was fixed in
icu 4.0.1-1 and stable and oldstable have a lower version
- CVE-2009-2121: track chromium-browser itp
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-06-25 16:51:46 UTC (rev 12198)
+++ data/CVE/list 2009-06-25 17:34:32 UTC (rev 12199)
@@ -23,9 +23,9 @@
CVE-2009-2176 (Multiple directory traversal vulnerabilities in fuzzylime (cms)
3.03a ...)
NOT-FOR-US: fuzzylime
CVE-2009-2175 (Stack-based buffer overflow in the flattenIncrementally function
in ...)
- TODO: check
+ - xcftools <unfixed> (bug #533361)
CVE-2009-2174 (GUPnP 0.12.7 allows remote attackers to cause a denial of
service ...)
- TODO: check
+ - gupnp <unfixed> (low; bug #534594)
CVE-2009-2173 (The LAN game feature in Carom3D 5.06 allows remote authenticated
users ...)
NOT-FOR-US: Carom3D
CVE-2009-2172 (Cross-site scripting (XSS) vulnerability in forum/radioandtv.php
in ...)
@@ -37,7 +37,7 @@
CVE-2009-2167 (Multiple SQL injection vulnerabilities in cpanel/login.php in
EgyPlus ...)
NOT-FOR-US: EgyPlus 7ammel (aka 7ml)
CVE-2009-2166 (Absolute path traversal vulnerability in cvs.php in OCS
Inventory NG ...)
- TODO: check
+ - ocsinventory-server 1.02.1-1 (medium; bug #531735)
CVE-2009-2165 (SerendipityNZ (aka SimpleBoxes) Serene Bach 2.20R and earlier,
and ...)
NOT-FOR-US: SerendipityNZ (aka SimpleBoxes) Serene Bach
CVE-2009-2164 (Multiple SQL injection vulnerabilities in Kjtechforce mailman
beta1, ...)
@@ -131,7 +131,7 @@
CVE-2009-2122 (SQL injection vulnerability in viewimg.php in the Paolo
Palmonari ...)
NOT-FOR-US: Photoracer plugin for WordPress
CVE-2009-2121 (Buffer overflow in the browser kernel in Google Chrome before
...)
- TODO: check
+ - chromium-browser <itp> (bug #520324)
CVE-2009-2170 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara
1.0 ...)
{DSA-1822-1}
- mahara 1.1.5-1 (low)
@@ -718,7 +718,8 @@
CVE-2009-1880 (Cross-site scripting (XSS) vulnerability in MT312 REP-BBS allows
...)
NOT-FOR-US: MT312
CVE-2009-XXXX [OCS Inventory NG SQL Injection Vulnerability]
- - ocsinventory-server 1.02.1-1 (medium; bug #531735)
+ - ocsinventory-server 1.02.1-1 (low; bug #531735)
+ NOTE: can be exploited only if magic_quotes is off
CVE-2009-3870
REJECTED
CVE-2009-1879
@@ -6946,9 +6947,7 @@
CVE-2009-0154 (Heap-based buffer overflow in Apple Type Services (ATS) in Apple
Mac ...)
NOT-FOR-US: Apple Type Services
CVE-2009-0153 (International Components for Unicode (ICU) 4.0, 3.6, and other
3.x ...)
- - icu 4.0.1-1
- [lenny] - icu <unfixed> (low; bug #534590)
- [etch] - icu <unfixed> (low; bug #534590)
+ - icu 4.0.1-1 (low; bug #534590)
CVE-2009-0152 (iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL
...)
NOT-FOR-US: iChat in Apple Mac OS X
CVE-2009-0151