thr3ads.net - Secure testing commits - [Secure-testing-commits] r12968

If this information is useful, please help other people find it:
Share via:

Michael Gilbert

2009-Oct-09 23:03 UTC

[Secure-testing-commits] r12968 - data/CVE

Author: gilbert-guest
Date: 2009-10-09 23:03:06 +0000 (Fri, 09 Oct 2009)
New Revision: 12968

Modified:
   data/CVE/list
Log:
samba and openexr triage

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-10-09 21:14:16 UTC (rev 12967)
+++ data/CVE/list	2009-10-09 23:03:06 UTC (rev 12968)
@@ -1888,9 +1888,9 @@
 	RESERVED
 CVE-2009-2949
 	RESERVED
-CVE-2009-2948
+CVE-2009-2948 [samba: local password disclosure]
 	RESERVED
-	- samba 2:3.4.2-1
+	- samba 2:3.4.2-1 (medium; bug #550423)
 CVE-2009-2947 (Cross-site scripting (XSS) vulnerability in Xapian Omega before
1.0.16 ...)
 	{DSA-1882-1}
 	- xapian-omega 1.0.15-2
@@ -2076,9 +2076,9 @@
 	- linux-2.6.24 <removed> (medium)
 CVE-2009-2907
 	RESERVED
-CVE-2009-2906
+CVE-2009-2906 [samba: remote dos]
 	RESERVED
-	- samba 2:3.4.2-1
+	- samba 2:3.4.2-1 (low; bug #550423)
 CVE-2009-2905 (Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6,
and ...)
 	{DSA-1894-1}
 	- newt 0.52.10-4.1 (medium; bug #548198)
@@ -2318,9 +2318,9 @@
 CVE-2009-2814 (Cross-site scripting (XSS) vulnerability in the Wiki Server in
Apple ...)
 	NOT-FOR-US: Apple Mac OS X
 CVE-2009-2813 (The SMB (aka Samba) subsystem in Apple Mac OS X 10.5.8, when
Windows ...)
-	- samba 2:3.4.2-1
-	TODO: check
-	NOTE: details are unknown
+	- samba 2:3.4.2-1 (unimportant; bug #550422)
+	NOTE: requires an administrator to manually configure a user account without
+	NOTE: a home dir, otherwise, this is ineffective
 CVE-2009-2812 (Launch Services in Apple Mac OS X 10.5.8 does not properly
recognize ...)
 	NOT-FOR-US: Apple Mac OS X
 CVE-2009-2811 (Incomplete blacklist vulnerability in Launch Services in Apple
Mac OS ...)
@@ -5579,13 +5579,13 @@
 	NOT-FOR-US: CFNetwork in Apple Mac OS X
 CVE-2009-1722 (Heap-based buffer overflow in the compression implementation in
...)
 	{DSA-1842-1}
-	- openexr <unfixed>
+	- openexr <unfixed> (medium; bug #540424)
 CVE-2009-1721 (The decompression implementation in the Imf::hufUncompress
function in ...)
 	{DSA-1842-1}
-	- openexr <unfixed>
+	- openexr <unfixed> (medium; bug #540424)
 CVE-2009-1720 (Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow ...)
 	{DSA-1842-1}
-	- openexr <unfixed>
+	- openexr <unfixed> (medium; bug #540424)
 CVE-2009-1719 (The Aqua Look and Feel for Java implementation in Java 1.5 on
Mac OS X ...)
 	NOT-FOR-US: Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X
 CVE-2009-1718 (WebKit in Apple Safari before 4.0 allows user-assisted remote
...)

Secure testing commits - Oct 2009 - r12968 - data/CVE

[Secure-testing-commits] r12968 - data/CVE