Author: derevko-guest Date: 2009-08-29 06:13:31 +0000 (Sat, 29 Aug 2009) New Revision: 12701 Modified: data/CVE/list data/spu-candidates.txt Log: - NFUs - some issues fixed in spu - chromium-browser itp Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-08-28 21:14:17 UTC (rev 12700) +++ data/CVE/list 2009-08-29 06:13:31 UTC (rev 12701) @@ -41,43 +41,43 @@ CVE-2009-2979 RESERVED CVE-2009-2978 (SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and ...) - TODO: check + NOT-FOR-US: SugarCRM CVE-2009-2977 (The Cisco Security Monitoring, Analysis and Response System (CS-MARS) ...) - TODO: check + NOT-FOR-US: Cisco CVE-2009-2976 (Cisco Aironet Lightweight Access Point (AP) devices send the contents ...) - TODO: check + NOT-FOR-US: Cisco CVE-2009-2975 (Mozilla Firefox 3.5.2 on Windows XP, in some situations possibly ...) TODO: check CVE-2009-2974 (Google Chrome 1.0.154.65, 1.0.154.48, and earlier allows remote ...) - TODO: check + - chromium-browser <itp> (bug #520324) CVE-2009-2973 (Google Chrome before 2.0.172.43 does not prevent SSL connections to a ...) - TODO: check + - chromium-browser <itp> (bug #520324) CVE-2009-2972 (in.lpd in the print service in Sun Solaris 8 and 9 allows remote ...) - TODO: check + NOT-FOR-US: Sun Solaris CVE-2008-7106 (The installation of Sophos PureMessage for Microsoft Exchange 3.0 ...) - TODO: check + NOT-FOR-US: Microsoft Exchange CVE-2008-7105 (Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows ...) - TODO: check + NOT-FOR-US: Sophos PureMessage for Microsoft Exchange CVE-2008-7104 (Sophos PureMessage Scanner service (PMScanner.exe) in PureMessage for ...) - TODO: check + NOT-FOR-US: Sophos PureMessage Scanner service CVE-2008-7103 (Stack-based buffer overflow in an ActiveX control in ...) - TODO: check + NOT-FOR-US: Toolbar 2.0.4.1 CVE-2008-7102 (DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx ...) - TODO: check + NOT-FOR-US: DotNetNuke CVE-2008-7101 (Unspecified vulnerability in DotNetNuke 4.0 through 4.8.4 and 5.0 ...) - TODO: check + NOT-FOR-US: DotNetNuke CVE-2008-7100 (Unspecified vulnerability in DotNetNuke 4.4.1 through 4.8.4 allows ...) - TODO: check + NOT-FOR-US: DotNetNuke CVE-2008-7099 (Unspecified vulnerability in the Manage Templates feature in Qsoft ...) - TODO: check + NOT-FOR-US: Qsoft K-Rate Premium CVE-2008-7098 (Multiple cross-site scripting (XSS) vulnerabilities in Qsoft K-Rate ...) - TODO: check + NOT-FOR-US: Qsoft K-Rate Premium CVE-2008-7097 (Multiple SQL injection vulnerabilities in Qsoft K-Rate Premium allow ...) - TODO: check + NOT-FOR-US: Qsoft K-Rate Premium CVE-2008-7096 (Intel Desktop and Intel Mobile Boards with BIOS firmware DQ35JO, ...) - TODO: check + NOT-FOR-US: Intel Desktop and Intel Mobile Boards CVE-2008-7095 (The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller does ...) - TODO: check + NOT-FOR-US: ArubaOS CVE-2009-2971 RESERVED CVE-2009-2970 @@ -235,7 +235,7 @@ CVE-2009-2936 RESERVED CVE-2009-2935 (Google V8, as used in Google Chrome before 2.0.172.43, allows remote ...) - TODO: check + - chromium-browser <itp> (bug #520324) CVE-2009-2934 (Multiple stack-based buffer overflows in xaudio.dll in Programmed ...) NOT-FOR-US: Programmed Integration PIPL CVE-2009-2933 (SQL injection vulnerability in comments.php in Piwigo before 2.0.3 ...) @@ -478,7 +478,7 @@ CVE-2009-2862 RESERVED CVE-2009-2861 (The Over-the-Air Provisioning (OTAP) functionality on Cisco Aironet ...) - TODO: check + NOT-FOR-US: Cisco CVE-2009-2860 (Unspecified vulnerability in db2jds in IBM DB2 8.1 before FP18 allows ...) NOT-FOR-US: db2jds in IBM DB2 CVE-2009-2859 (IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access ...) @@ -2434,6 +2434,7 @@ - stardict 3.0.1-5 (low; bug #534731) [lenny] - stardict <no-dsa> (Minor issue) [etch] - stardict <not-affected> (netdict plugin not yet present) + TODO: add after r3 [lenny] - stardict 3.0.1-4+lenny1 CVE-2009-2259 (Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow ...) NOT-FOR-US: PHP Address Book CVE-2009-2258 (Directory traversal vulnerability in cgi-bin/webcm in the ...) @@ -2933,15 +2934,15 @@ CVE-2009-2055 (Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a ...) NOT-FOR-US: Cisco IOS CVE-2009-2054 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...) - TODO: check + NOT-FOR-US: Cisco CVE-2009-2053 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...) - TODO: check + NOT-FOR-US: Cisco CVE-2009-2052 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...) - TODO: check + NOT-FOR-US: Cisco CVE-2009-2051 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...) - TODO: check + NOT-FOR-US: Cisco CVE-2009-2050 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...) - TODO: check + NOT-FOR-US: Cisco CVE-2009-2049 (Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through ...) NOT-FOR-US: Cisco IOS CVE-2009-2048 (Cross-site scripting (XSS) vulnerability in the Administration ...) @@ -3377,6 +3378,7 @@ - xerces27 <removed> CVE-2009-1884 (Off-by-one error in the bzinflate function in Bzip2.xs in the ...) - libcompress-raw-bzip2-perl 2.018-1 (medium; bug #542777) + TODO: add after r3 [lenny] - libcompress-raw-bzip2-perl 2.011-2lenny1 CVE-2009-1883 RESERVED CVE-2009-1882 (Integer overflow in the XMakeImage function in magick/xwindow.c in ...) @@ -4746,6 +4748,8 @@ [lenny] - perl <no-dsa> (Minor issue) [etch] - perl <not-affected> (Doesn''t yet include Compress-Raw-Zlib) - libcompress-raw-zlib-perl 2.015-2 (low; bug #532738) + TODO: add after r3 [lenny] - libcompress-raw-zlib-perl 2.012-1lenny1 + TODO: add after r3 [lenny] - perl 5.10.0-19lenny1 CVE-2009-1390 (Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) ...) - mutt 1.5.20-1 [lenny] - mutt <not-affected> (Affected code was introduced in 1.5.19) Modified: data/spu-candidates.txt ==================================================================--- data/spu-candidates.txt 2009-08-28 21:14:17 UTC (rev 12700) +++ data/spu-candidates.txt 2009-08-29 06:13:31 UTC (rev 12701) @@ -144,12 +144,6 @@ -- -stardict (CVE-2009-2260) -#534731 -notified maintainer - --- - net-snmp (CVE-2008-6123) Noah will see to it.