Author: jmm-guest Date: 2009-10-09 17:21:44 +0000 (Fri, 09 Oct 2009) New Revision: 12960 Modified: data/CVE/list Log: - wireshark updates (spu, not-affected) - qt4 fixed - new phpgroupware issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-10-09 15:43:23 UTC (rev 12959) +++ data/CVE/list 2009-10-09 17:21:44 UTC (rev 12960) @@ -32,6 +32,10 @@ - jetty <unfixed> (unimportant) NOTE: http://www.coresecurity.com/content/jetty-persistent-xss NOTE: only an example application +CVE-2009-XXXX [phpgroupware XSS] + - phpgroupware 1:0.9.16.012+dfsg-9 +CVE-2009-XXXX [phpgroupware unspecified addressbook issue] + - phpgroupware 1:0.9.16.012+dfsg-9 CVE-2009-3566 RESERVED CVE-2009-3565 @@ -771,9 +775,13 @@ - wireshark <not-affected> (Windows-only issue) CVE-2009-3242 (Unspecified vulnerability in packet.c in the GSM A RR dissector in ...) - wireshark 1.2.2-1 (low; bug #547704) - NOTE: no-dsa candidate, application crash + [etch] - wireshark <not-affected> (Only affects 1.2.x) + [lenny] - wireshark <not-affected> (Only affects 1.2.x) CVE-2009-3241 (Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark ...) - wireshark 1.2.2-1 (low; bug #547704) + [etch] - wireshark <not-affected> (Only affects >= 0.99.6) + [lenny] - wireshark <no-dsa> (Minor issue, targeted for next point release) + TODO: next point release: [lenny] - wireshark 1.0.2-3+lenny6 CVE-2009-3240 (Cross-site scripting (XSS) vulnerability in the Happy Linux XF-Section ...) NOT-FOR-US: module for XOOPS CVE-2009-3239 (Buffer overflow in the EMF parser implementation in OpenOffice.org ...) @@ -2853,7 +2861,7 @@ [etch] - zodb <not-affected> (The vulnerability was introduced in ZODB 3.8) [lenny] - zodb <not-affected> (The vulnerability was introduced in ZODB 3.8) CVE-2009-2700 (src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not ...) - - qt4-x11 <unfixed> (medium; bug #545793) + - qt4-x11 4:4.5.3-1 (medium; bug #545793) [etch] - qt4-x11 <not-affected> (QSsl* classes were introduced in Qt 4.3) CVE-2009-2699 [apr DoS on Solaris] RESERVED @@ -3314,6 +3322,7 @@ CVE-2009-2562 (Unspecified vulnerability in the AFS dissector in Wireshark 0.9.2 ...) - wireshark 1.2.1-1 (low; bug #538237) [lenny] - wireshark <no-dsa> (Minor issue, targeted for lenny point update) + TODO: next point release: [lenny] - wireshark 1.0.2-3+lenny6 [etch] - wireshark <no-dsa> (Minor issue) CVE-2009-2561 (Unspecified vulnerability in the sFlow dissector in Wireshark 1.2.0 ...) - wireshark 1.2.1-1 (bug #538237) @@ -5368,6 +5377,7 @@ CVE-2009-1829 (Unspecified vulnerability in the PCNFSD dissector in Wireshark 0.8.20 ...) - wireshark 1.0.8-1 (low; bug #533347) [lenny] - wireshark <no-dsa> (Minor issue, targeted for lenny point update) + TODO: next point release: [lenny] - wireshark 1.0.2-3+lenny6 [etch] - wireshark <no-dsa> (Minor issue) CVE-2009-1808 (Microsoft Windows XP SP3 allows local users to cause a denial of ...) NOT-FOR-US: Microsoft