Author: derevko-guest
Date: 2009-09-25 14:36:28 +0000 (Fri, 25 Sep 2009)
New Revision: 12885
Modified:
data/CVE/list
Log:
- NFUs
- glib2.0 minor issue
- CVE-2009-3287 fixed in thin 1.2.4-1
- CVE-2009-3237 fixed in horde3 3.3.5+debian0-1
- CVE-2008-721{8,9} old horde issues
- Insecure pid directory permissions for postfix
- CVE-2009-2701 fixed in zodb 1:3.9.0-1
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-09-25 11:55:39 UTC (rev 12884)
+++ data/CVE/list 2009-09-25 14:36:28 UTC (rev 12885)
@@ -29,33 +29,33 @@
CVE-2009-3320 (Cross-site scripting (XSS) vulnerability in scrivi.php in Zenas
...)
NOT-FOR-US: Zenas PaoLink (aka Pao-Link)
CVE-2009-3319 (SQL injection vulnerability in poems.php in DCI-Designs Dawaween
1.03 ...)
- TODO: check
+ NOT-FOR-US: DCI-Designs Dawaween
CVE-2009-3318 (Directory traversal vulnerability in the Roland Breedveld Album
...)
- TODO: check
+ NOT-FOR-US: Roland Breedveld Album (com_album) component 1.14 for Joomla!
CVE-2009-3317 (PHP remote file inclusion vulnerability in pages/pageHeader.php
in ...)
- TODO: check
+ NOT-FOR-US: OpenSiteAdmin
CVE-2009-3316 (SQL injection vulnerability in the JReservation
(com_jreservation) ...)
- TODO: check
+ NOT-FOR-US: JReservation (com_jreservation) component 1.0 and 1.5 for Joomla!
CVE-2009-3315 (SQL injection vulnerability in admin/index.php in NeLogic Nephp
...)
- TODO: check
+ NOT-FOR-US: NeLogic Nephp Publisher Enterprise
CVE-2009-3314 (SQL injection vulnerability in ladders.php in Elite Gaming
Ladders 3.2 ...)
- TODO: check
+ NOT-FOR-US: Elite Gaming Ladders
CVE-2009-3313 (Multiple SQL injection vulnerabilities in FMyClone 2.3 allow
remote ...)
- TODO: check
+ NOT-FOR-US: FMyClone
CVE-2009-3312 (PHP remote file inclusion vulnerability in php/init.poll.php in
...)
- TODO: check
+ NOT-FOR-US: phpPollScript
CVE-2009-3311 (Cross-site scripting (XSS) vulnerability in index.php in ...)
- TODO: check
+ NOT-FOR-US: RSSMediaScript
CVE-2009-3310 (SQL injection vulnerability in index.php in Zainu 1.0 allows
remote ...)
- TODO: check
+ NOT-FOR-US: Zainu
CVE-2009-3309 (SQL injection vulnerability in index.cfm in CF ShopKart 5.4 beta
...)
- TODO: check
+ NOT-FOR-US: CF ShopKart
CVE-2009-3308 (SQL injection vulnerability in show-cat.php in FanUpdate 2.2.1
allows ...)
- TODO: check
+ NOT-FOR-US: FanUpdate
CVE-2009-3307 (Multiple PHP remote file inclusion vulnerabilities in FSphp
0.2.1 ...)
- TODO: check
+ NOT-FOR-US: FSphp
CVE-2009-3306 (PHP remote file inclusion vulnerability in include/header.php in
...)
- TODO: check
+ NOT-FOR-US: ClearSite
CVE-2009-3305
RESERVED
CVE-2009-3304
@@ -90,15 +90,16 @@
- php5 5.2.11.dfsg.1-1
TODO: check etch, lenny and php4
CVE-2009-3289 (The g_file_copy function in glib 2.0 sets the permissions of a
target ...)
- TODO: check
+ - glib2.0 2.22.0-1 (low)
+ NOTE: no-dsa candidate, minor issue
CVE-2009-3287 (lib/thin/connection.rb in Thin web server before 1.2.4 relies on
the ...)
- TODO: check
+ - thin 1.2.4-1 (low)
CVE-2009-3285
RESERVED
CVE-2009-3284 (Directory traversal vulnerability in phpspot PHP BBS, PHP Image
...)
- TODO: check
+ NOT-FOR-US: phpspot Products
CVE-2009-3283 (Cross-site scripting (XSS) vulnerability in phpspot PHP BBS, PHP
Image ...)
- TODO: check
+ NOT-FOR-US: phpspot Products
CVE-2009-3282
RESERVED
CVE-2009-3281
@@ -106,23 +107,23 @@
CVE-2009-3280 (Integer signedness error in the find_ie function in ...)
TODO: check
CVE-2009-3279 (The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613,
3.1.0 ...)
- TODO: check
+ NOT-FOR-US: QNAP TS-239 Pro and TS-639
CVE-2009-3278 (The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613,
3.1.0 ...)
- TODO: check
+ NOT-FOR-US: QNAP TS-239 Pro and TS-639
CVE-2009-3277 (DataVault.Tesla/Impl/TypeSystem/AssociationHelper.cs in
datavault ...)
- TODO: check
+ NOT-FOR-US: datavault
CVE-2009-3276 (Zoran/WinFormsAdvansed/RegeularDataToXML/Form1.cs in
WinFormsAdvansed ...)
- TODO: check
+ NOT-FOR-US: NASD CORE.NET Terelik (aka corenet1)
CVE-2009-3275
(Blocks/Common/Src/Configuration/Manageability/Adm/AdmContentBuilder.cs ...)
- TODO: check
+ NOT-FOR-US: Microsoft patterns & practices Enterprise Library
CVE-2009-3274 (Mozilla Firefox 3.6a1, 3.5.2, and earlier 2.x and 3.x versions
on ...)
TODO: check
CVE-2009-3273 (iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch,
does not ...)
- TODO: check
+ NOT-FOR-US: Apple iPhone
CVE-2009-3272 (Stack consumption vulnerability in WebKit.dll in WebKit in Apple
...)
TODO: check
CVE-2009-3271 (Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause
a ...)
- TODO: check
+ NOT-FOR-US: Apple Safari on iPhone OS 3.0.1
CVE-2009-3290 (The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM
in the ...)
- linux-2.6 <unfixed> (high)
[etch] - linux-2.6 <not-affected> (introduced in 2.6.25)
@@ -212,7 +213,7 @@
CVE-2009-3238 (The get_random_int function in drivers/char/random.c in the
Linux ...)
TODO: check
CVE-2009-3237 (Multiple cross-site scripting (XSS) vulnerabilities in Horde
...)
- TODO: check
+ - horde3 3.3.5+debian0-1
CVE-2009-3235 (Multiple stack-based buffer overflows in the Sieve plugin in
Dovecot ...)
{DSA-1893-1 DSA-1892-1}
- cyrus-imapd-2.2 2.2.13-17 (medium; bug #547947)
@@ -296,7 +297,7 @@
CVE-2009-3201 (Integer overflow in Media Player Classic 6.4.9 allows
user-assisted ...)
NOT-FOR-US: Media Player Classic
CVE-2009-3200 (The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613,
3.1.0 ...)
- TODO: check
+ NOT-FOR-US: QNAP TS-239 Pro and TS-639 Pro
CVE-2009-3199 (Uebimiau Webmail 3.2.0-2.0 stores sensitive information under
the web ...)
NOT-FOR-US: Uebimiau Webmail
CVE-2009-3198 (Cross-site scripting (XSS) vulnerability in search.php in
JCE-Tech ...)
@@ -381,9 +382,15 @@
CVE-2008-7220 (Unspecified vulnerability in Prototype JavaScript framework ...)
- prototypejs 1.6.0.2-1
CVE-2008-7219 (Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag
H3 2.1 ...)
- TODO: check
+ - kronolith2 2.1.7-1 (unknown)
+ - nag2 2.1.4-1 (unknown)
+ - mnemo2 2.1.2-1 (unknown)
CVE-2008-7218 (Unspecified vulnerability in the Horde API in Horde 3.1 before
3.1.6 ...)
- TODO: check
+ - horde3 3.1.6-1 (unknown)
+ - turba2 2.1.7-1 (unknown)
+ - kronolith2 2.1.7-1 (unknown)
+ - nag2 2.1.4-1 (unknown)
+ - mnemo2 2.1.2-1 (unknown)
CVE-2008-7217 (Microsoft Office 2008 for Mac, when running on Macintosh systems
that ...)
NOT-FOR-US: Microsoft Office
CVE-2007-6732 (Multiple buffer overflows in the dtt_load function in ...)
@@ -1318,7 +1325,7 @@
CVE-2009-2940
RESERVED
CVE-2009-2939 (The postfix.postinst script in the Debian GNU/Linux and Ubuntu
postfix ...)
- TODO: check
+ - postfix 2.6.5-3 (low)
CVE-2009-2938
RESERVED
CVE-2009-2937 (Cross-site scripting (XSS) vulnerability in Planet 2.0 and
Planet ...)
@@ -1964,11 +1971,11 @@
CVE-2009-2745
RESERVED
CVE-2009-2744 (Unspecified vulnerability in IBM WebSphere Application Server
(WAS) ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-2743 (IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27 does
not ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-2742 (Cross-site scripting (XSS) vulnerability in Eclipse Help in IBM
...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-2741 (Unspecified vulnerability in the wberuntimeear application in
the test ...)
NOT-FOR-US: IBM WebSphere Business Events
CVE-2009-2740 (kmxIds.sys before 7.3.1.18 in CA Host-Based Intrusion Prevention
...)
@@ -2264,7 +2271,9 @@
- kde4libs <unfixed> (low; bug #546218)
[lenny] - kde4libs <no-dsa> (Minor issue)
CVE-2009-2701 (Unspecified vulnerability in the Zope Enterprise Objects (ZEO)
...)
- TODO: check
+ - zodb 1:3.9.0-1
+ [etch] - zodb <not-affected> (The vulnerability was introduced in ZODB
3.8)
+ [lenny] - zodb <not-affected> (The vulnerability was introduced in ZODB
3.8)
CVE-2009-2700 (src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x
does not ...)
- qt4-x11 <unfixed> (medium; bug #545793)
[etch] - qt4-x11 <not-affected> (QSsl* classes were introduced in Qt
4.3)