thr3ads.net - Secure testing commits - [Secure-testing-commits] r12206

If this information is useful, please help other people find it:
Share via:
Giuseppe Iuculano
2009-Jun-26 07:03 UTC
[Secure-testing-commits] r12206 - data/CVE

Author: derevko-guest
Date: 2009-06-26 07:03:24 +0000 (Fri, 26 Jun 2009)
New Revision: 12206

Modified:
   data/CVE/list
Log:
- NFUs
- strongswan and kfreebsd got a CVE id


Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-06-25 22:08:07 UTC (rev 12205)
+++ data/CVE/list	2009-06-26 07:03:24 UTC (rev 12206)
@@ -1,7 +1,11 @@
 CVE-2009-2209 (SQL injection vulnerability in rscms_mod_newsview.php in RS-CMS
2.1 ...)
-	TODO: check
+	NOT-FOR-US: RS-CMS
 CVE-2009-2208 (FreeBSD 6.3, 6.4, 7.1, and 7.2 does not enforce permissions on
the ...)
-	TODO: check
+	- kfreebsd-6 <removed>
+	[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
+	- kfreebsd-7 7.2-2
+	[lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
+	NOTE: http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
 CVE-2009-2207
 	RESERVED
 CVE-2009-2206
@@ -43,11 +47,12 @@
 CVE-2009-2188
 	RESERVED
 CVE-2009-2187 (Multiple memory leaks in the (1) IP and (2) IPv6 multicast ...)
-	TODO: check
+	NOT-FOR-US: Sun Solaris 
 CVE-2009-2186 (Unspecified vulnerability in Adobe Shockwave Player before
11.0.0.465 ...)
-	TODO: check
+	NOT-FOR-US: Adobe Shockwave Playe
 CVE-2009-2185 (The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, ...)
-	TODO: check
+	- strongswan 4.2.14-1.2 (bug #533837)
+	- openswan 1:2.6.22+dfsg-1
 CVE-2009-XXXX [request-tracker: root priviledges for dialog]
 	- request-tracker3.4 <removed> (low; bug #534498)
 	[etch] - request-tracker3.4 <not-affected> (flaw introduced in 3.6.2)
@@ -187,10 +192,6 @@
 	- mahara 1.1.5-1 (low)
 CVE-2009-2171 (Mahara 1.1 before 1.1.5 does not apply permission checks when
saving a ...)
 	- mahara 1.1.5-1 (low)
-CVE-2009-XXXX [strongswan dos in RDNs asn.1 parser]
-	- strongswan 4.2.14-1.2 (bug #533837)
-CVE-2009-XXXX [strongswan dos in ASN.1 UTCTIME and GENERALIZEDTIME string
conversion]
-	- strongswan 4.2.14-1.2 (bug #533837)
 CVE-2009-2120 (Multiple SQL injection vulnerabilities in TekBase All-in-One 3.1
allow ...)
 	NOT-FOR-US: TekBase
 CVE-2009-2119 (Cross-site scripting (XSS) vulnerability in the login interface
in F5 ...)
@@ -368,9 +369,9 @@
 CVE-2009-2047
 	RESERVED
 CVE-2009-2046 (The embedded web server on the Cisco Video Surveillance 2500
Series IP ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2009-2045 (The Cisco Video Surveillance Stream Manager firmware before 5.3,
as ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2009-2044 (Mozilla Firefox 3.0.10 and earlier on Linux allows remote
attackers to ...)
 	- xulrunner <unfixed> (unknown)
 	TODO: check on the details once the Mozilla bug has been made public
@@ -407,12 +408,6 @@
 	NOT-FOR-US: Sun Solaris
 CVE-2009-2028 (Multiple unspecified vulnerabilities in Adobe Reader 7 and
Acrobat 7 ...)
 	NOT-FOR-US: Adobe
-CVE-2009-XXXX [freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl]
-	- kfreebsd-6 <removed>
-	[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
-	- kfreebsd-7 7.2-2
-	[lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
-	NOTE: http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
 CVE-2009-XXXX [adtool leaks password in environment]
 	- adtool 1.3.2-1 (unimportant)
 	NOTE: adtool has safe means to specify the password, so this boils
@@ -809,7 +804,7 @@
 CVE-2009-1861 (Multiple heap-based buffer overflows in Adobe Reader 7 and
Acrobat 7 ...)
 	NOT-FOR-US: Adobe Reader
 CVE-2009-1860 (Unspecified vulnerability in Adobe Shockwave Player before
11.5.0.600 ...)
-	TODO: check
+	NOT-FOR-US: Adobe Shockwave Player
 CVE-2009-1859 (Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and
Acrobat ...)
 	NOT-FOR-US: Adobe Reader
 CVE-2009-1858 (The JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3,
Adobe ...)
@@ -3150,7 +3145,7 @@
 CVE-2009-1164
 	RESERVED
 CVE-2009-1163 (Memory leak on the Cisco Physical Access Gateway with software
before ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2009-1162 (Cross-site scripting (XSS) vulnerability in the Spam Quarantine
login ...)
 	NOT-FOR-US: Cisco IronPort AsyncOS
 CVE-2009-1161 (Directory traversal vulnerability in the TFTP service in Cisco
...)
@@ -3954,7 +3949,7 @@
 CVE-2009-0904
 	RESERVED
 CVE-2009-0903 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3, and
the ...)
-	TODO: check
+	NOT-FOR-US: WebSphere
 CVE-2009-0902
 	RESERVED
 CVE-2009-0901
Secure testing commits - Jun 2009 - r12206 - data/CVE

[Secure-testing-commits] r12206 - data/CVE
