Moritz Muehlenhoff
2009-Oct-19 17:26 UTC
[Secure-testing-commits] r13040 - in data: . CVE DSA
Author: jmm-guest
Date: 2009-10-19 17:26:55 +0000 (Mon, 19 Oct 2009)
New Revision: 13040
Modified:
data/CVE/list
data/DSA/list
data/ospu-candidates.txt
data/spu-candidates.txt
Log:
- xmp no-dsa
- new pidgin issue
- rejected cleaups
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-10-18 09:14:46 UTC (rev 13039)
+++ data/CVE/list 2009-10-19 17:26:55 UTC (rev 13040)
@@ -176,8 +176,10 @@
RESERVED
CVE-2009-3616
RESERVED
-CVE-2009-3615
+CVE-2009-3615 [pidgin ICQ DoS]
RESERVED
+ - pidgin 2.6.3-1
+ NOTE: http://pidgin.im/news/security/?id=41
CVE-2009-3614 [oping suid 0 arbitrary file disclosure]
RESERVED
- liboping 1.3.3-1 (low; bug #548684)
@@ -1248,9 +1250,13 @@
CVE-2008-7217 (Microsoft Office 2008 for Mac, when running on Macintosh systems
that ...)
NOT-FOR-US: Microsoft Office
CVE-2007-6732 (Multiple buffer overflows in the dtt_load function in ...)
- - xmp 2.6.1-1 (medium; bug #546730)
+ - xmp 2.6.1-1 (low; bug #546730)
+ [etch] - xmp <no-dsa> (Minor issue, fringe app/formats)
+ [lenny] - xmp <no-dsa> (Minor issue, fringe app/formats)
CVE-2007-6731 (Extended Module Player (XMP) 2.5.1 and earlier allow remote
attackers ...)
- - xmp 2.6.1-1 (medium; bug #546730)
+ - xmp 2.6.1-1 (low; bug #546730)
+ [etch] - xmp <no-dsa> (Minor issue, fringe app/formats)
+ [lenny] - xmp <no-dsa> (Minor issue, fringe app/formats)
CVE-2009-3182 (Unrestricted file upload vulnerability in ...)
NOT-FOR-US: Anantasoft Gazelle CMS
CVE-2009-3181 (Directory traversal vulnerability in Anantasoft Gazelle CMS 1.0
allows ...)
@@ -2485,7 +2491,6 @@
NOT-FOR-US: NASA Common Data Format
CVE-2009-2845
REJECTED
- NOT-FOR-US: duplicate of CVE-2009-2768
CVE-2008-7015 (Unreal engine 3, as used in Unreal Tournament 3 1.3, Frontlines:
Fuel ...)
NOT-FOR-US: Unreal Tournament
CVE-2008-7014 (fhttpd 0.4.2 allows remote attackers to cause a denial of
service ...)
@@ -4282,7 +4287,6 @@
NOT-FOR-US: IBM Tivoli
CVE-2009-2315
REJECTED
- NOT-FOR-US: Apple iPhone OS
CVE-2009-2314 (Race condition in the Sun Lightweight Availability Collection
Tool 3.0 ...)
NOT-FOR-US: Lightweight Availability Collection Tool
CVE-2007-6728 (Cross-site scripting (XSS) vulnerability in XMB 1.5 allows
remote ...)
@@ -6027,7 +6031,6 @@
NOT-FOR-US: Bitweaver
CVE-2009-1676
REJECTED
- NOT-FOR-US: IIS
CVE-2009-1675 (Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24
allows ...)
NOT-FOR-US: ElectraSoft 32bit FTP
CVE-2009-1674 (Stack-based buffer overflow in Microchip MPLAB IDE 8.30 allows
...)
@@ -7554,7 +7557,6 @@
NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
CVE-2008-6628
REJECTED
- NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
CVE-2008-6627 (SQL injection vulnerability in getin.php in WEBBDOMAIN WebShop
1.2, ...)
NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
CVE-2008-6626 (SQL injection vulnerability in getin.php in WEBBDOMAIN Quiz 1.02
and ...)
@@ -10055,7 +10057,6 @@
NOT-FOR-US: LightBlog
CVE-2008-6176
REJECTED
- NOTE: dupe of CVE-2008-6171
CVE-2008-6175 (SilverSHielD 1.0.2.34 allows remote attackers to cause a denial
of ...)
NOT-FOR-US: SilverSHielD
CVE-2008-6174 (Cross-site scripting (XSS) vulnerability in
admin/postlister/index.php ...)
@@ -10830,7 +10831,6 @@
NOT-FOR-US: HP HP-UX
CVE-2008-6067
REJECTED
- NOT-FOR-US: E-Shop Shopping Cart
CVE-2008-6066 (Multiple PHP remote file inclusion vulnerabilities in Meet#Web
0.8 ...)
NOT-FOR-US: Meet#Web
CVE-2008-6065 (Oracle Database Server 10.1, 10.2, and 11g grants directory
WRITE ...)
@@ -10867,8 +10867,6 @@
NOT-FOR-US: Tech Articles
CVE-2008-6049
REJECTED
- - tinymce <not-affected> (Vulnerable code not present)
- NOTE: no idea what this is about tinymce doesn''t ship any php code
CVE-2008-6048 (Multiple cross-site request forgery (CSRF) vulnerabilities in
TangoCMS ...)
NOT-FOR-US: TangoCMS
CVE-2008-6047 (Cross-site scripting (XSS) vulnerability in ADbNewsSender before
1.5.2 ...)
@@ -12931,9 +12929,6 @@
NOT-FOR-US: Apple QuickTime
CVE-2008-5622
REJECTED
- {DSA-1723-1}
- - phpmyadmin 4:2.11.8.1-5
- NOTE: is a duplicate of CVE-2008-5621, contacted mitre
CVE-2008-5621 (Cross-site request forgery (CSRF) vulnerability in phpMyAdmin
2.11.x ...)
{DSA-1723-1}
- phpmyadmin 4:2.11.8.1-5
@@ -19059,7 +19054,6 @@
NOT-FOR-US: Xerox CentreWare Web
CVE-2008-3120
REJECTED
- NOT-FOR-US: Dokeos
CVE-2008-3119 (SQL injection vulnerability in index.php in DreamPics Builder
allows ...)
NOT-FOR-US: DreamPics Builder
CVE-2008-3118 (SQL injection vulnerability in play.php in PHPmotion 2.0 and
earlier ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2009-10-18 09:14:46 UTC (rev 13039)
+++ data/DSA/list 2009-10-19 17:26:55 UTC (rev 13040)
@@ -742,7 +742,7 @@
{CVE-2008-5153 CVE-2009-0500 CVE-2009-0502 CVE-2008-6125}
[etch] - moodle 1.6.3-2+etch2
[11 Feb 2009] DSA-1723-1 phpmyadmin - arbitrary code execution
- {CVE-2008-5621 CVE-2008-5622}
+ {CVE-2008-5621}
[etch] - phpmyadmin 4:2.9.1.1-10
[11 Feb 2009] DSA-1722-1 libpam-heimdal - local privilege
{CVE-2009-0361}
Modified: data/ospu-candidates.txt
==================================================================---
data/ospu-candidates.txt 2009-10-18 09:14:46 UTC (rev 13039)
+++ data/ospu-candidates.txt 2009-10-19 17:26:55 UTC (rev 13040)
@@ -902,6 +902,11 @@
--
+xmp (CVE-2007-6731, CVE-2007-6732)
+#546730
+
+--
+
xscreensaver (no CVE)
#539699
notified maintainer
Modified: data/spu-candidates.txt
==================================================================---
data/spu-candidates.txt 2009-10-18 09:14:46 UTC (rev 13039)
+++ data/spu-candidates.txt 2009-10-19 17:26:55 UTC (rev 13040)
@@ -353,5 +353,10 @@
--
+xmp (CVE-2007-6731, CVE-2007-6732)
+#546730
+
+--
+
ziproxy (CVE-2009-0804)
#521051