Author: derevko-guest Date: 2009-11-21 13:39:13 +0000 (Sat, 21 Nov 2009) New Revision: 13340 Modified: data/CVE/list Log: NFUs CVE-2009-3978 fixed in xulrunner 1.9.1.5-1 CVE-2009-3941, CVE-2009-3942, msmtp and mpop are not affected CVE-2009-3940: fixed in virtualbox-guest-additions 3.0.10-1 Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-11-21 11:46:20 UTC (rev 13339) +++ data/CVE/list 2009-11-21 13:39:13 UTC (rev 13340) @@ -19,7 +19,7 @@ CVE-2009-4007 RESERVED CVE-2009-4006 (Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft ...) - TODO: check + NOT-FOR-US: Serv-U FTP server CVE-2009-4005 (The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the ...) - linux-2.6 <unfixed> - linux-2.6.24 <removed> @@ -75,36 +75,36 @@ CVE-2009-3979 RESERVED CVE-2009-3978 (The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2.cpp ...) - - xulrunner <unfixed> + - xulrunner 1.9.1.5-1 TODO: check CVE-2009-3977 (Multiple buffer overflows in a certain ActiveX control in ...) - TODO: check + NOT-FOR-US: HP OpenView Network Node Manager CVE-2009-3976 (Buffer overflow in Labtam ProFTP 2.9 allows remote FTP servers to ...) - TODO: check + NOT-FOR-US: Labtam ProFTP CVE-2009-3975 (SQL injection vulnerability in index.php in Moa Gallery 1.1.0 and ...) - TODO: check + NOT-FOR-US: Moa Gallery CVE-2009-3974 (Multiple SQL injection vulnerabilities in Invision Power Board (IPB or ...) NOT-FOR-US: Invision Power Board CVE-2009-3973 (SQL injection vulnerability in index.php in Turnkey Arcade Script ...) - TODO: check + NOT-FOR-US: Turnkey Arcade Script CVE-2009-3972 (SQL injection vulnerability in the Q-Proje Siirler Bileseni ...) - TODO: check + NOT-FOR-US: component for Joomla! CVE-2009-3971 (SQL injection vulnerability in the jTips (com_jtips) component 1.0.7 ...) - TODO: check + NOT-FOR-US: component for Joomla! CVE-2009-3970 (SQL injection vulnerability in index.php in PHP Dir Submit (aka ...) - TODO: check + NOT-FOR-US: PHP Dir Submit CVE-2009-3969 (Stack-based buffer overflow in Faslo Player 7.0 allows remote ...) - TODO: check + NOT-FOR-US: Faslo Player CVE-2009-3968 (Multiple SQL injection vulnerabilities in ITechBids 8.0 allow remote ...) - TODO: check + NOT-FOR-US: ITechBids CVE-2009-3967 (SQL injection vulnerability in browse.php in Ed Charkow SuperCharged ...) - TODO: check + NOT-FOR-US: Ed Charkow SuperCharged Linking CVE-2009-3966 (Arcade Trade Script 1.0 allows remote attackers to bypass ...) - TODO: check + NOT-FOR-US: Arcade Trade Script CVE-2009-3965 (SQL injection vulnerability in rating.php in New 5 star Rating 1.0 ...) - TODO: check + NOT-FOR-US: New 5 star Rating CVE-2009-3964 (SQL injection vulnerability in the NinjaMonials (com_ninjacentral) ...) - TODO: check + NOT-FOR-US: component for Joomla! CVE-2009-XXXX [ngingx webdav directory traversal] - nginx <unfixed> (low) TODO: check @@ -173,12 +173,11 @@ CVE-2009-3943 (Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2009-3942 (Martin Lambers msmtp before 1.4.19, when OpenSSL is used, does not ...) - TODO: check + - msmtp <not-affected> (uses GnuTLS and not OpenSSL; bug #557324) CVE-2009-3941 (Martin Lambers mpop before 1.0.19, when OpenSSL is used, does not ...) - TODO: check + - mpop <not-affected> (uses GnuTLS and not OpenSSL; bug #557326) CVE-2009-3940 (Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox ...) - - virtualbox-guest-additions - TODO: check + - virtualbox-guest-additions 3.0.10-1 CVE-2009-3939 (The poll_mode_io file for the megaraid_sas driver in the Linux kernel ...) - linux-2.6 <unfixed> (low) - linux-2.6.24 <removed> (low) @@ -297,11 +296,9 @@ CVE-2009-3893 RESERVED CVE-2009-3891 (Cross-site scripting (XSS) vulnerability in wp-admin/press-this.php in ...) - - wordpress 2.8.6-1 - TODO: check + - wordpress 2.8.6-1 (low) CVE-2009-3890 (Unrestricted file upload vulnerability in the wp_check_filetype ...) - - wordpress 2.8.6-1 - TODO: check + - wordpress 2.8.6-1 (low) CVE-2009-3889 (The dbg_lvl file for the megaraid_sas driver in the Linux kernel ...) - linux-2.6 2.6.27-1 (low) - linux-2.6.24 <removed> (low)