Author: geissert
Date: 2009-11-24 00:52:56 +0000 (Tue, 24 Nov 2009)
New Revision: 13357
Modified:
data/CVE/list
Log:
some issues were CVEified
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-11-23 21:14:17 UTC (rev 13356)
+++ data/CVE/list 2009-11-24 00:52:56 UTC (rev 13357)
@@ -56,8 +56,8 @@
RESERVED
CVE-2009-4018
RESERVED
-CVE-2009-4017
- RESERVED
+ - php5 <unfixed> (unimportant)
+ NOTE: safe_mode bypass
CVE-2005-4883 (Race condition in Philippe Jounin Tftpd32 before 2.80 allows
remote ...)
TODO: check
CVE-2005-4882 (tftpd in Philippe Jounin Tftpd32 2.74 and earlier, as used in
Wyse ...)
@@ -169,16 +169,16 @@
NOT-FOR-US: New 5 star Rating
CVE-2009-3964 (SQL injection vulnerability in the NinjaMonials
(com_ninjacentral) ...)
NOT-FOR-US: component for Joomla!
-CVE-2009-XXXX [ngingx webdav directory traversal]
+CVE-2009-3898 [ngingx webdav directory traversal]
- nginx 0.7.63-1 (low; bug #557389)
[etch] - nginx <no-dsa> (upload rights required)
[lenny] - nginx <no-dsa> (upload rights required)
-CVE-2009-XXXX [dovecot 0777 base_dir creation]
+CVE-2009-3897 [dovecot 0777 base_dir creation]
- dovecot <unfixed> (medium; bug #557601)
[lenny] - dovecot <not-affected> (Only affects 1.2.x)
[etch] - dovecot <not-affected> (Only affects 1.2.x)
NOTE: http://www.dovecot.org/list/dovecot-news/2009-November/000143.html, CVE
requested on oss-sec
-CVE-2009-XXXX [php temporary files exhaustion DoS]
+CVE-2009-4017 [php temporary files exhaustion DoS]
- php5 5.2.11.dfsg.1-2 (medium)
- php4 <unfixed> (medium)
NOTE: workarounds include using 5.3.1 or php5-suhosin
@@ -345,10 +345,6 @@
NOT-FOR-US: IBM PowerHA
CVE-2009-3899 (Memory leak in the Sockets Direct Protocol (SDP) driver in Sun
Solaris ...)
NOT-FOR-US: Sun Solaris
-CVE-2009-3898
- RESERVED
-CVE-2009-3897
- RESERVED
CVE-2009-3896
RESERVED
{DSA-1920-1}