Giuseppe Iuculano
2009-Oct-21 18:43 UTC
[Secure-testing-commits] r13058 - bin data/CVE doc
Author: derevko-guest Date: 2009-10-21 18:43:24 +0000 (Wed, 21 Oct 2009) New Revision: 13058 Modified: bin/report-vuln data/CVE/list doc/narrative_introduction Log: NFUs s/security-tracker.debian.net/security-tracker.debian.org Modified: bin/report-vuln ==================================================================--- bin/report-vuln 2009-10-21 18:28:20 UTC (rev 13057) +++ bin/report-vuln 2009-10-21 18:43:24 UTC (rev 13058) @@ -19,7 +19,7 @@ ret = '''' for cnt, id in enumerate(ids): ret += ''\n['' + str(cnt) + ''] http://cve.mitre.org/cgi-bin/cvename.cgi?name='' + id + ''\n'' - ret += '' http://security-tracker.debian.net/tracker/'' + id + ret += '' http://security-tracker.debian.org/tracker/'' + id return ret Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-10-21 18:28:20 UTC (rev 13057) +++ data/CVE/list 2009-10-21 18:43:24 UTC (rev 13058) @@ -19,37 +19,37 @@ CVE-2009-3720 RESERVED CVE-2009-3719 (Cross-site scripting (XSS) vulnerability in comment.asp in Battle Blog ...) - TODO: check + NOT-FOR-US: Battle Blog CVE-2009-3718 (SQL injection vulnerability in admin/authenticate.asp in Battle Blog ...) - TODO: check + NOT-FOR-US: Battle Blog CVE-2009-3717 (Heap-based buffer overflow in LucVil PatPlayer 3.9 allows remote ...) - TODO: check + NOT-FOR-US: LucVil PatPlayer CVE-2009-3716 (Unrestricted file upload vulnerability in admin.php in MCshoutbox 1.1 ...) - TODO: check + NOT-FOR-US: MCshoutbox CVE-2009-3715 (Multiple SQL injection vulnerabilities in scr_login.php in MCshoutbox ...) - TODO: check + NOT-FOR-US: MCshoutbox CVE-2009-3714 (Cross-site scripting (XSS) vulnerability in admin_login.php in ...) - TODO: check + NOT-FOR-US: MCshoutbox CVE-2009-3713 (SQL injection vulnerability in fichero.php in MorcegoCMS 1.7.6 and ...) - TODO: check + NOT-FOR-US: MorcegoCMS CVE-2009-3712 (Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote ...) - TODO: check + NOT-FOR-US: Ebay Clone 2009 CVE-2009-3711 (Stack-based buffer overflow in the h_handlepeer function in http.cpp ...) - TODO: check + NOT-FOR-US: httpdx CVE-2009-3710 (RioRey RIOS 4.6.6 and 4.7.0 uses an undocumented, hard-coded username ...) - TODO: check + NOT-FOR-US: RioRey RIOS CVE-2009-3709 (Stack-based buffer overflow in the Meta Content Optimizer in Konae ...) - TODO: check + NOT-FOR-US: Konae Technologies Alleycode HTML Editor CVE-2009-3708 (Stack-based buffer overflow in the Meta Content Optimizer in Konae ...) - TODO: check + NOT-FOR-US: Konae Technologies Alleycode HTML Editor CVE-2009-3707 (VMware Authentication Daemon 1.0 in vmware-authd.exe 6.5.3.8888 in the ...) - TODO: check + NOT-FOR-US: VMware CVE-2009-3706 (Unspecified vulnerability in the ZFS filesystem in Sun Solaris 10, and ...) - TODO: check + NOT-FOR-US: ZFS filesystem in Sun Solaris CVE-2009-3705 (PHP remote file inclusion vulnerability in debugger.php in Achievo ...) - TODO: check + NOT-FOR-US: Achievo CVE-2009-3704 (ZoIPer 2.22, and possibly other versions before 2.24 Library 5324, ...) - TODO: check + NOT-FOR-US: ZoIPer CVE-2009-3703 RESERVED CVE-2009-3702 @@ -611,15 +611,15 @@ CVE-2009-3463 RESERVED CVE-2009-3462 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-3461 (Unspecified vulnerability in Adobe Acrobat 9.x before 9.2 allows ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-3460 (Adobe Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-3459 (Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before ...) NOT-FOR-US: Adobe Acrobat CVE-2009-3458 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-3457 (Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) ...) NOT-FOR-US: Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) CVE-2009-3456 (Google Chrome, possibly 3.0.195.21 and earlier, does not properly ...) @@ -1008,9 +1008,9 @@ CVE-2009-3283 (Cross-site scripting (XSS) vulnerability in phpspot PHP BBS, PHP Image ...) NOT-FOR-US: phpspot Products CVE-2009-3282 (Integer overflow in the vmx86 kernel extension in VMware Fusion before ...) - TODO: check + NOT-FOR-US: VMware Fusion CVE-2009-3281 (The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 ...) - TODO: check + NOT-FOR-US: VMware Fusion CVE-2009-3280 (Integer signedness error in the find_ie function in ...) - linux-2.6 2.6.31-1 (medium) - linux-2.6.24 <not-affected> (vulnerable code not present) @@ -2009,7 +2009,7 @@ CVE-2008-7107 (easdrv.sys in ESET Smart Security 3.0.667.0 allows local users to ...) NOT-FOR-US: ESET Smart Security CVE-2009-2999 (The com.android.phone process in Android 1.5 CRBxx allows remote ...) - TODO: check + NOT-FOR-US: Android CVE-2009-XXXX [serveez: buffer overflow in header parser] - serveez <removed> (low) [lenny] - serveez <no-dsa> (Fringe package, mostly unused) @@ -2017,45 +2017,45 @@ [etch] - serveez <no-dsa> (Fringe package, mostly unused) TODO: next point release [etch] - serveez 0.1.5-2+etch1 CVE-2009-2998 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-2997 (Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-2996 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-2995 (Integer overflow in Adobe Acrobat 7.x before 7.1.4, 8.x before 8.1.7, ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-2994 (Buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-2993 (The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-2992 (An unspecified ActiveX control in Adobe Reader and Acrobat 9.x before ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-2991 (Unspecified vulnerability in the Mozilla plug-in in Adobe Reader and ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-2990 (Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-2989 (Integer overflow in Adobe Acrobat 9.x before 9.2, 8.x before 8.1.7, ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-2988 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-2987 (Unspecified vulnerability in an ActiveX control in Adobe Reader and ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-2986 (Multiple heap-based buffer overflows in Adobe Reader and Acrobat 7.x ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-2985 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-2984 (Unspecified vulnerability in the image decoder in Adobe Acrobat 9.x ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-2983 (Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-2982 (An unspecified certificate in Adobe Reader and Acrobat 9.x before 9.2, ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-2981 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-2980 (Integer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-2979 (Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-2978 (SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and ...) NOT-FOR-US: SugarCRM CVE-2009-2977 (The Cisco Security Monitoring, Analysis and Response System (CS-MARS) ...) @@ -2099,7 +2099,7 @@ CVE-2009-2971 RESERVED CVE-2009-2970 (Stack-based buffer overflow in the GetUiDllVersion function in an ...) - TODO: check + NOT-FOR-US: UiTV UiPlayer CVE-2009-2969 RESERVED CVE-2009-2968 (Directory traversal vulnerability in a support component in the web ...) @@ -2485,6 +2485,7 @@ - backuppc 3.1.0-8 (low; bug #542218) [etch] - backuppc <not-affected> (No configuration GUI) [lenny] - backuppc <no-dsa> (Requires access) + TODO: next point release: [lenny] - backuppc 3.1.0-4lenny2 CVE-2009-XXXX [burn: Insecure escaping of file names] - burn 0.4.5-1 (low; bug #542329) [lenny] - burn 0.4.3-2.1+lenny1 @@ -2502,7 +2503,7 @@ CVE-2009-2875 RESERVED CVE-2009-2874 (The TimesTenD process in Cisco Unified Presence 1.x, 6.x before ...) - TODO: check + NOT-FOR-US: Cisco Unified Presence CVE-2009-2873 (Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco ...) NOT-FOR-US: Cisco IOS CVE-2009-2872 (Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco ...) @@ -3003,9 +3004,9 @@ CVE-2009-2735 (SQL injection vulnerability in admin.php in sun-jester OpenNews 1.0, ...) NOT-FOR-US: OpenNews CVE-2009-2734 (SQL injection vulnerability in the get_employee function in ...) - TODO: check + NOT-FOR-US: Achievo CVE-2009-2733 (Multiple cross-site scripting (XSS) vulnerabilities in Achievo before ...) - TODO: check + NOT-FOR-US: Achievo CVE-2009-2732 (The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier ...) - ntop 3:3.3-12 (low; bug #543312) [lenny] - ntop <no-dsa> (Minor issue) @@ -45392,7 +45393,7 @@ CVE-2006-6405 (BitDefender Mail Protection for SMB 2.0 allows remote attackers to ...) NOT-FOR-US: BitDefender CVE-2006-6404 (Innovation Data Processing FDR allows remote attackers to cause a ...) - TODO: check + NOT-FOR-US: Innovation Data Processing''s FDR Backup CVE-2006-6403 (mystats.php in MyStats 1.0.8 and earlier allows remote attackers to ...) NOT-FOR-US: MyStats CVE-2006-6402 (SQL injection vulnerability in mystats.php in MyStats 1.0.8 and ...) Modified: doc/narrative_introduction ==================================================================--- doc/narrative_introduction 2009-10-21 18:28:20 UTC (rev 13057) +++ doc/narrative_introduction 2009-10-21 18:43:24 UTC (rev 13058) @@ -413,7 +413,7 @@ compared against madison to determine what has been fixed and what is still waiting, this results in this website: -http://security-tracker.debian.net/ +http://security-tracker.debian.org/ It incorporates package lists and parses distribution lists and can thus be used to