Author: derevko-guest Date: 2009-11-01 09:01:09 +0000 (Sun, 01 Nov 2009) New Revision: 13164 Modified: data/CVE/list Log: - NFUs - mutt and openssl issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-10-31 21:12:50 UTC (rev 13163) +++ data/CVE/list 2009-11-01 09:01:09 UTC (rev 13164) @@ -1,13 +1,13 @@ CVE-2009-3832 (Opera before 10.01 on Windows does not prevent use of Web fonts in ...) - TODO: check + NOT-FOR-US: Opera CVE-2009-3831 (Opera before 10.01 allows remote attackers to execute arbitrary code ...) - TODO: check + NOT-FOR-US: Opera CVE-2009-3830 (The download functionality in Team Services in Microsoft Office ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2009-3829 (Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows ...) TODO: check CVE-2009-3828 (The web interface for Everfocus EDR1600 DVR allows remote attackers to ...) - TODO: check + NOT-FOR-US: Everfocus EDR1600 DVR CVE-2009-3827 RESERVED CVE-2009-3826 (Multiple buffer overflows in squidGuard 1.4 allow remote attackers to ...) @@ -53,7 +53,7 @@ CVE-2009-3806 (SQL injection vulnerability in feedback_js.php in DedeCMS 5.1 allows ...) NOT-FOR-US: DedeCMS CVE-2009-3805 (gpg2.exe in Gpg4win 2.0.1, as used in KDE Kleopatra 2.0.11, allows ...) - TODO: check + NOT-FOR-US: Gpg4win NOTE: looks like an issue in gpg2 for windows (gpg4win.org), not specific NOTE: to kleopatra CVE-2009-3804 (Multiple SQL injection vulnerabilities in modules/forum/post.php in ...) @@ -158,13 +158,10 @@ CVE-2009-3768 RESERVED CVE-2009-3767 (libraries/libldap/tls_o.c in OpenLDAP, when OpenSSL is used, does not ...) - - openldap <unfixed> + - openldap <unfixed> (medium; bug #553432) TODO: check CVE-2009-3766 (mutt_ssl.c in mutt 1.5.16, when OpenSSL is used, does not verify the ...) - - mutt <unfixed> - TODO: check - NOTE: probably not an issue, etch has 1.5.13-1.1 and lenny has 1.5.18-6 - NOTE: but it is not enough to rule them out + - mutt <unfixed> (medium; bug #553433) CVE-2009-3765 (mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not ...) - mutt <unfixed> TODO: check