Author: nion
Date: 2009-11-09 11:36:24 +0000 (Mon, 09 Nov 2009)
New Revision: 13246
Modified:
data/CVE/list
Log:
- NFU
- vmware removed
- new mozilla issue (CVE-2009-3371)
- adjust snort impact (CVE-2009-3641)
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-11-09 03:36:28 UTC (rev 13245)
+++ data/CVE/list 2009-11-09 11:36:24 UTC (rev 13246)
@@ -15,7 +15,7 @@
CVE-2009-3856 (Cross-site scripting (XSS) vulnerability in the default URI in
news/ ...)
NOT-FOR-US: Twilight CMS
CVE-2009-3855 (Multiple unspecified vulnerabilities in the (1) UNIX and (2)
Linux ...)
- TODO: check
+ NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2009-3854 (Buffer overflow in the traditional client scheduler in the
client in ...)
NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2009-3853 (Buffer overflow in the client acceptor daemon (CAD) scheduler in
the ...)
@@ -292,7 +292,7 @@
CVE-2009-XXXX [mandos 0600 file being included in initrd]
- mandos 1.0.13-1 (bug #551907)
CVE-2009-3733 (Directory traversal vulnerability in VMware Server 1.x before
1.0.10 ...)
- TODO: check
+ - vmware-package <removed>
CVE-2009-3732
RESERVED
CVE-2009-3731
@@ -546,7 +546,8 @@
CVE-2009-3642 (Multiple SQL injection vulnerabilities in the Call Logging
feature in ...)
NOT-FOR-US: FrontRange HEAT
CVE-2009-3641 (Snort before 2.8.5.1, when the -v option is enabled, allows
remote ...)
- - snort <unfixed> (medium; bug #553584)
+ - snort <unfixed> (low; bug #553584)
+ NOTE: -v is usually not used as it''s slow and is only for debugging
purposes
CVE-2009-3640 (The update_cr8_intercept function in arch/x86/kvm/x86.c in the
KVM ...)
- linux-2.6 <unfixed> (medium)
[etch] - linux-2.6 <not-affected> (introduced in 2.6.25)
@@ -1053,13 +1054,13 @@
CVE-2009-3467
RESERVED
CVE-2009-3466 (Adobe Shockwave Player before 11.5.2.602 allows remote attackers
to ...)
- TODO: check
+ NOT-FOR-US: Adobe Shockwave Player
CVE-2009-3465 (Adobe Shockwave Player before 11.5.2.602 allows remote attackers
to ...)
- TODO: check
+ NOT-FOR-US: Adobe Shockwave Player
CVE-2009-3464 (Adobe Shockwave Player before 11.5.2.602 allows remote attackers
to ...)
- TODO: check
+ NOT-FOR-US: Adobe Shockwave Player
CVE-2009-3463 (Array index error in Adobe Shockwave Player before 11.5.2.602
allows ...)
- TODO: check
+ NOT-FOR-US: Adobe Shockwave Player
CVE-2009-3462 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and
9.x ...)
NOT-FOR-US: Adobe
CVE-2009-3461 (Unspecified vulnerability in Adobe Acrobat 9.x before 9.2 allows
...)
@@ -1299,7 +1300,10 @@
- xulrunner 1.9.1.4-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
CVE-2009-3371 (Use-after-free vulnerability in Mozilla Firefox 3.5.x before
3.5.4 ...)
- TODO: check
+ - icedove <unfixed> (bug #555313)
+ - iceweasel 3.5.4-1
+ - xulrunner 1.9.1.4-1
+ - kompozer <unfixed> (bug #555326)
CVE-2009-3370 (Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows
remote ...)
{DSA-1922-1}
- xulrunner 1.9.1.4-1
@@ -2441,7 +2445,7 @@
CVE-2009-3032
RESERVED
CVE-2009-3031 (Stack-based buffer overflow in the BrowseAndSaveFile method in
the ...)
- TODO: check
+ NOT-FOR-US: Symantec Altiris Notification Server
CVE-2009-3030 (Cross-site scripting (XSS) vulnerability in Symantec ...)
NOT-FOR-US: Symantec SecurityExpressions Audit and Compliance Server
CVE-2009-3029 (Cross-site scripting (XSS) vulnerability in the console in
Symantec ...)
@@ -5078,7 +5082,7 @@
CVE-2009-2268 (Cross-site scripting (XSS) vulnerability in the Cross-Domain
...)
NOT-FOR-US: Sun Java System Access Manager
CVE-2009-2267 (VMware Workstation 6.5.x before 6.5.3 build 185404, VMware
Player ...)
- TODO: check
+ - vmware-package <removed>
CVE-2009-2266 (OXID eShop 4.x before 4.1.4-21266, 3.x, and 2.x allows remote
...)
NOT-FOR-US: OXID eShop
CVE-2009-2281 (Multiple heap-based buffer underflows in the readPostBody
function in ...)