Author: jmm-guest
Date: 2009-12-02 21:17:03 +0000 (Wed, 02 Dec 2009)
New Revision: 13427
Modified:
data/CVE/list
Log:
- freebsd issue doesn''t affect kfreebsd
- cups, slim fixed
- mark .desktop issues as unimportant
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-12-02 14:43:55 UTC (rev 13426)
+++ data/CVE/list 2009-12-02 21:17:03 UTC (rev 13427)
@@ -1,9 +1,6 @@
CVE-2009-XXXX [monkey DoS]
- monkey 0.9.3-1 (low)
[lenny] - monkey <no-dsa> (Minor issue, fringe package)
-CVE-2009-XXXX [kfreebsd local root exploit posted to full-disclosure]
- - kfreebsd-7 <unfixed>
- - kfreebsd-8 <unfixed>
CVE-2009-4130
RESERVED
CVE-2009-4129
@@ -1489,7 +1486,7 @@
CVE-2009-3554
RESERVED
CVE-2009-3553 (Use-after-free vulnerability in the abstract file-descriptor
handling ...)
- - cups <unfixed> (low; bug #557740)
+ - cups 1.4.2-4 (low; bug #557740)
- cupsys <not-affected> (vulnerable code introduced in 1.3.x)
NOTE:
http://www.cups.org/newsgroups.php/s1+gcups.bugs?s1+gcups.bugs+v4+T+Q3200
CVE-2009-3552
@@ -7327,7 +7324,7 @@
CVE-2008-6812 (SQL injection vulnerability in bukutamu.php in phpWebNews 0.2
MySQL ...)
NOT-FOR-US: phpWebNews
CVE-2009-1756 (SLiM Simple Login Manager 1.3.0 places the X authority magic
cookie ...)
- - slim <removed> (low; bug #529306)
+ - slim 1.3.1-2 (low; bug #529306)
[lenny] - slim <no-dsa> (Minor issue)
CVE-2009-1755 (Off-by-one error in the packet_read_query_section function in
packet.c ...)
{DSA-1803-1}
@@ -11287,10 +11284,8 @@
CVE-2008-6213 (SQL injection vulnerability in mypage.php in Harlandscripts Pro
...)
NOT-FOR-US: Harlandscripts Pro Traffic One
CVE-2009-XXXX [thunar: potential exploits via application launchers]
- - thunar <unfixed> (bug #517020; low)
- [etch] - thunar <no-dsa> (Minor issue)
- [lenny] - thunar <no-dsa> (Minor issue)
- NOTE: CVE needs to be requested
+ - thunar <unfixed> (bug #517020; unimportant)
+ NOTE: Minor impact, any attack would still require a significant amount of
social engineering
CVE-2009-XXXX [sysvinit: no-root option in expert installer exposes locally
exploitable security flaw]
- sysvinit <unfixed> (bug #517018; unimportant)
NOTE: hardly a security issue, if an attacker has local access to the machine
and you
@@ -11815,10 +11810,8 @@
[etch] - nautilus <no-dsa> (Minor issue)
NOTE: need to submit a request for CVE id
CVE-2009-XXXX [konqueror: potential exploits via application launchers]
- - kdebase <unfixed> (low; bug #515106)
- [etch] - kdebase <no-dsa> (Minor issue)
- [lenny] - kdebase <no-dsa> (Minor issue)
- NOTE: need to submit a request for CVE id
+ - kdebase <unfixed> (unimportant; bug #515106)
+ NOTE: Minor impact, any attack would still require a significant amount of
social engineering
CVE-2009-0737 (Multiple cross-site scripting (XSS) vulnerabilities in the
web-based ...)
{DSA-1901-1}
- mediawiki 1:1.14.0-1 (low; bug #514547)