Secure testing commits - Oct 2009 - r13154 - data/CVE

Author: derevko-guest
Date: 2009-10-30 12:48:38 +0000 (Fri, 30 Oct 2009)
New Revision: 13154

Modified:
   data/CVE/list
Log:
- squidguard issues
- NFUs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-10-30 09:14:50 UTC (rev 13153)
+++ data/CVE/list	2009-10-30 12:48:38 UTC (rev 13154)
@@ -1,7 +1,7 @@
 CVE-2009-3827
 	RESERVED
 CVE-2009-3826 (Multiple buffer overflows in squidGuard 1.4 allow remote
attackers to ...)
-	TODO: check
+	- squidguard <unfixed> (low; bug #553319)
 CVE-2009-3825 (Multiple directory traversal vulnerabilities in GenCMS 2006
allow ...)
 	NOT-FOR-US: GenCMS
 CVE-2009-3824 (Directory traversal vulnerability in include/processor.php in
...)
@@ -96,23 +96,23 @@
 CVE-2009-3787 (files.php in Vivvo CMS 4.1.5.1 allows remote attackers to
conduct ...)
 	NOT-FOR-US: Vivvo CMS
 CVE-2009-3786 (Cross-site scripting (XSS) vulnerability in Organic Groups (OG)
...)
-	TODO: check
+	NOT-FOR-US: module for Drupal
 CVE-2009-3785 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
-	TODO: check
+	NOT-FOR-US: module for Drupal
 CVE-2009-3784 (Open redirect vulnerability in Simplenews Statistics 6.x before
...)
-	TODO: check
+	NOT-FOR-US: module for Drupal
 CVE-2009-3783 (Cross-site scripting (XSS) vulnerability in Simplenews
Statistics 6.x ...)
-	TODO: check
+	NOT-FOR-US: module for Drupal
 CVE-2009-3782 (Unspecified vulnerability in Userpoints 6.x before 6.x-1.1, a
module ...)
-	TODO: check
+	NOT-FOR-US: module for Drupal
 CVE-2009-3781 (The filefield_file_download function in FileField 6.x-3.1, a
module ...)
-	TODO: check
+	NOT-FOR-US: module for Drupal
 CVE-2009-3780 (Cross-site scripting (XSS) vulnerability in Abuse 5.x before
5.x-2.1 ...)
-	TODO: check
+	NOT-FOR-US: module for Drupal
 CVE-2009-3779 (Cross-site scripting (XSS) vulnerability in vCard 5.x before
5.x-1.4 ...)
-	TODO: check
+	NOT-FOR-US: module for Drupal
 CVE-2009-3778 (SQL injection vulnerability in Moodle Course List 6.x before
6.x-1.2, ...)
-	TODO: check
+	NOT-FOR-US: module for Drupal
 CVE-2009-XXXX [NULL dereferences, similar to Adobe''s CVE-2009-0658]
 	- ghostscript <unfixed>
 	- xpdf <unfixed>
@@ -307,7 +307,7 @@
 CVE-2009-3701
 	RESERVED
 CVE-2009-3700 (Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows
remote ...)
-	TODO: check
+	- squidguard <unfixed> (low; bug #553319)
 CVE-2009-3699 (Stack-based buffer overflow in libcsa.a (aka the calendar daemon
...)
 	NOT-FOR-US: IBM AIX
 CVE-2009-3698 (An unspecified function in the Dalvik API in Android 1.5 and
earlier ...)