Author: derevko-guest
Date: 2009-06-30 17:33:30 +0000 (Tue, 30 Jun 2009)
New Revision: 12235
Modified:
data/CVE/list
Log:
- NFUs
- CVE-2009-2044: non-issue, browser crash
- CVE-2009-1887: net-snmp is not-affected
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-06-30 15:48:44 UTC (rev 12234)
+++ data/CVE/list 2009-06-30 17:33:30 UTC (rev 12235)
@@ -53,9 +53,9 @@
- zoph <unfixed> (bug #535188)
NOTE: the details are unknown
CVE-2008-6836 (Cross-site request forgery (CSRF) vulnerability in OpenID 5.x
before ...)
- TODO: check
+ NOT-FOR-US: OpenID module for Drupal
CVE-2008-6835 (Cross-site scripting (XSS) vulnerability in OpenID 5.x before
5.x-1.2, ...)
- TODO: check
+ NOT-FOR-US: OpenID module for Drupal
CVE-2009-XXXX [udev: creates aacraid devices that are rw by group floppy]
- udev 0.141-1 (medium; bug #530245; bug #462655; bug #404927)
CVE-2009-XXXX [command injection in nagios]
@@ -490,8 +490,8 @@
CVE-2009-2045 (The Cisco Video Surveillance Stream Manager firmware before 5.3,
as ...)
NOT-FOR-US: Cisco
CVE-2009-2044 (Mozilla Firefox 3.0.10 and earlier on Linux allows remote
attackers to ...)
- - xulrunner <unfixed> (unknown)
- TODO: check on the details once the Mozilla bug has been made public
+ - xulrunner <unfixed> (unimportant)
+ NOTE: Browser crashes not treated as security issues
CVE-2009-2043 (nsViewManager.cpp in Mozilla Firefox 3.0.2 through 3.0.10 allows
...)
- xulrunner <unfixed> (unimportant)
NOTE: Browser crashes not treated as security issues
@@ -858,7 +858,8 @@
- samba <unfixed>
[etch] - samba <not-affected> (Vulnerable code not present)
CVE-2009-1887 (agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat
Enterprise ...)
- TODO: check
+ - net-snmp <not-affected> (Vulnerable code not present)
+ NOTE: Red Hat incorrect fix for CVE-2008-4309. Checked code in oldstable and
stable.
CVE-2009-1886 (Multiple format string vulnerabilities in client/client.c in
smbclient ...)
{DSA-1823-1}
- samba 2:3.3.0