Author: nion Date: 2009-10-13 15:27:38 +0000 (Tue, 13 Oct 2009) New Revision: 13006 Modified: data/CVE/list Log: - viewvc xss fixed in 1.0.9-1 - vmware-package has been removed Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-10-13 10:32:32 UTC (rev 13005) +++ data/CVE/list 2009-10-13 15:27:38 UTC (rev 13006) @@ -1310,7 +1310,7 @@ CVE-2008-7183 (PHP remote file inclusion vulnerability in eva/index.php in EVA CMS ...) NOT-FOR-US: EVA CMS CVE-2009-XXXX [viewvc: XSS and illegal characters while printing name-value pairs] - - viewvc <unfixed> (low; bug #545779) + - viewvc 1.0.9-1 (low; bug #545779) NOTE: CVE id has been requested, fixed in 1.1.2 CVE-2009-3082 (SQL injection vulnerability in wcategory.php in Snow Hall Silurus ...) NOT-FOR-US: Snow Hall Silurus System @@ -21202,7 +21202,7 @@ CVE-2008-2101 (The VMware Consolidated Backup (VCB) command-line utilities in VMware ...) NOT-FOR-US: VMware ESX CVE-2008-2100 (Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on ...) - - vmware-package <unfixed> (low; bug #485919) + - vmware-package <removed> (low; bug #485919) [etch] - vmware-package <no-dsa> (Contrib not supported) NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself NOTE: does not download them, however it needs to update its hashes for upstream tarballs @@ -21210,7 +21210,7 @@ - vmware-package <not-affected> (Windows issue according to CVE) [etch] - vmware-package <no-dsa> (Contrib not supported) CVE-2008-2098 (Heap-based buffer overflow in the VMware Host Guest File System (HGFS) ...) - - vmware-package <unfixed> (low; bug #484491) + - vmware-package <removed> (low; bug #484491) [etch] - vmware-package <no-dsa> (Contrib not supported) NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself NOTE: does not download them, however it needs to update its hashes for upstream tarballs @@ -22872,7 +22872,7 @@ - plone3 <unfixed> (low; bug #473571; bug #486333) [lenny] - plone3 <no-dsa> (Only an issue if not following best practices, see bug #473571) CVE-2008-1392 (The default configuration of VMware Workstation 6.0.2, VMware Player ...) - - vmware-package <unfixed> (low; bug #486177) + - vmware-package <removed> (low; bug #486177) [etch] - vmware-package <no-dsa> (Contrib not supported) NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself NOTE: does not download them, however it needs to update its hashes for upstream tarballs @@ -22979,7 +22979,7 @@ CVE-2008-1365 (Stack-based buffer overflow in Trend Micro OfficeScan Corporate ...) NOT-FOR-US: Trend Micro OfficeScan Corporate Edition CVE-2008-1364 (Unspecified vulnerability in the DHCP service in VMware Workstation ...) - - vmware-package <unfixed> (low; bug #486177) + - vmware-package <removed> (low; bug #486177) [etch] - vmware-package <no-dsa> (Contrib not supported) NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself NOTE: does not download them, however it needs to update its hashes for upstream tarballs @@ -23029,7 +23029,7 @@ CVE-2008-1341 (SQL injection vulnerability in SearchResults.aspx in LaGarde ...) NOT-FOR-US: LaGarde StoreFront CVE-2008-1340 (Virtual Machine Communication Interface (VMCI) in VMware Workstation ...) - - vmware-package <unfixed> (low; bug #486177) + - vmware-package <removed> (low; bug #486177) [etch] - vmware-package <no-dsa> (Contrib not supported) NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself NOTE: does not download them, however it needs to update its hashes for upstream tarballs @@ -23963,7 +23963,7 @@ CVE-2008-0968 RESERVED CVE-2008-0967 (Untrusted search path vulnerability in vmware-authd in VMware ...) - - vmware-package <unfixed> (low; bug #486110) + - vmware-package <removed> (low; bug #486110) [etch] - vmware-package <no-dsa> (Contrib not supported) NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself NOTE: does not download them, however it needs to update its hashes for upstream tarballs @@ -29323,7 +29323,7 @@ CVE-2007-5620 (Directory traversal vulnerability in admin/inc/help.php in ...) NOT-FOR-US: ZZ:FlashChat CVE-2007-5619 (Unspecified vulnerability in VMware Server before 1.0.4 causes user ...) - - vmware-package <unfixed> (low; bug #486177) + - vmware-package <removed> (low; bug #486177) [etch] - vmware-package <no-dsa> (Contrib not supported) NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself NOTE: does not download them, however it needs to update its hashes for upstream tarballs @@ -29331,7 +29331,7 @@ - vmware-package <not-affected> (Only vulnerable on windows hosted systems) [etch] - vmware-package <no-dsa> (Contrib not supported) CVE-2007-5617 (Unspecified vulnerability in VMware Player 1.0.x before 1.0.5 and 2.0 ...) - - vmware-package <unfixed> (low; bug #486177) + - vmware-package <removed> (low; bug #486177) [etch] - vmware-package <no-dsa> (Contrib not supported) NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself NOTE: does not download them, however it needs to update its hashes for upstream tarballs