Author: nion
Date: 2009-07-24 18:46:19 +0000 (Fri, 24 Jul 2009)
New Revision: 12404
Modified:
data/CVE/list
Log:
- new kernel issue (CVE-2009-2584) - not even fixed in git
- CVE-2009-2569 doesn''t affect verlihub but only the php based web
frontent which isn''t in debian
- CVE-2009-1273 fixed in libpam-ssh 1.92-7
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-07-24 18:02:12 UTC (rev 12403)
+++ data/CVE/list 2009-07-24 18:46:19 UTC (rev 12404)
@@ -1,5 +1,6 @@
CVE-2009-2584 (Off-by-one error in the options_write function in ...)
- TODO: check
+ - linux-2.6 <unfixed> (low)
+ - linux-2.6.24 <removed>
CVE-2009-2583 (Multiple session fixation vulnerabilities in IBM Tivoli Identity
...)
NOT-FOR-US: IBM Tivoli
CVE-2009-2582 (Stack-based buffer overflow in manager.exe in Akamai Download
Manager ...)
@@ -29,7 +30,8 @@
CVE-2009-2570 (Stack-based buffer overflow in the Symantec.FaxViewerControl.1
ActiveX ...)
NOT-FOR-US: Symantec WinFax Pro
CVE-2009-2569 (Multiple cross-site scripting (XSS) vulnerabilities in Verlihub
...)
- NOT-FOR-US: vhcp
+ - verlihub <unfixed> (low; bug #538234)
+ NOTE: http://packetstorm.linuxsecurity.com/0905-exploits/verlihub-xss.txt
CVE-2009-2568 (Stack-based buffer overflow in Sorinara Streaming Audio Player
(SAP) ...)
NOT-FOR-US: Sorinara Streaming Audio Player
CVE-2009-2567 (SQL injection vulnerability in the Almond Classifieds
(com_aclassf) ...)
@@ -3646,7 +3648,7 @@
CVE-2007-6726 (Multiple cross-site scripting (XSS) vulnerabilities in Dojo
0.4.1 and ...)
NOT-FOR-US: Dojo
CVE-2009-1273 (pam_ssh 1.92 and possibly other versions, as used when PAM is
compiled ...)
- - libpam-ssh <unfixed> (low; bug #535877)
+ - libpam-ssh 1.92-7 (low; bug #535877)
CVE-2009-1272 (The php_zip_make_relative_path function in php_zip.c in PHP
5.2.x ...)
{DTSA-188-1}
- php5 5.2.6.dfsg.1-3