Author: geissert Date: 2009-12-12 07:22:27 +0000 (Sat, 12 Dec 2009) New Revision: 13516 Modified: data/CVE/list Log: NFUs expat, java, rt issues polipo issue verified and reported Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-12-12 03:52:41 UTC (rev 13515) +++ data/CVE/list 2009-12-12 07:22:27 UTC (rev 13516) @@ -121,9 +121,7 @@ TODO: check NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=543905 CVE-2009-XXXX [polipo crash/DoS via overly-large content-length header] - - polipo <unfixed> - TODO: report bug, check affected versions - NOTE: http://www.exploit-db.com/exploits/10338 + - polipo <unfixed> (medium; bug #560779) CVE-2009-4224 (Multiple PHP remote file inclusion vulnerabilities in SweetRice 0.5.4, ...) NOT-FOR-US: SweetRice CVE-2009-4223 (PHP remote file inclusion vulnerability in adm/krgourl.php in KR-Web ...) @@ -267,6 +265,8 @@ CVE-2009-4152 (Cross-site scripting (XSS) vulnerability in the Collaboration ...) NOT-FOR-US: IBM WebSphere CVE-2009-4151 (Session fixation vulnerability in html/Elements/SetupSessionCookie in ...) + - request-tracker3.6 <unfixed> + - request-tracker3.4 <removed> TODO: check CVE-2009-4150 (dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and ...) NOT-FOR-US: IBM DB2 @@ -953,6 +953,9 @@ CVE-2009-3878 (Buffer overflow in Sun Java System Web Server 7.0 Update 6 has ...) TODO: check CVE-2009-3877 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before ...) + - openjdk <unfixed> + - sun-java6 <unfixed> + [lenny] - sun-java6 <no-dsa> (Non-free not supported) TODO: check CVE-2009-3876 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before ...) - openjdk <unfixed> @@ -1042,7 +1045,7 @@ CVE-2009-3845 RESERVED CVE-2009-3844 (Unspecified vulnerability in HP OpenView Data Protector Application ...) - TODO: check + NOT-FOR-US: HP OpenView Data Protector Application CVE-2009-3843 (HP Operations Manager 8.10 on Windows contains a "hidden account" in ...) NOT-FOR-US: HP Operations Manager CVE-2009-3842 (Unspecified vulnerability on the HP Color LaserJet M3530 Multifunction ...) @@ -1527,19 +1530,19 @@ CVE-2009-3678 RESERVED CVE-2009-3677 (The Internet Authentication Service (IAS) in Microsoft Windows 2000 ...) - TODO: check + NOT-FOR-US: Microsoft Internet Authentication Service CVE-2009-3676 (The kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows ...) NOT-FOR-US: Microsoft Windows Server CVE-2009-3675 (LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in ...) - TODO: check + NOT-FOR-US: Microsoft Local Security Authority Subsystem Service CVE-2009-3674 (Microsoft Internet Explorer 8 does not properly handle objects in ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2009-3673 (Microsoft Internet Explorer 7 and 8 does not properly handle objects ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2009-3672 (Microsoft Internet Explorer 6 and 7 does not properly handle objects ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2009-3671 (Microsoft Internet Explorer 8 does not properly handle objects in ...) - TODO: check + NOT-FOR-US: Microsoft Internet Explorer CVE-2009-3670 (Stack-based buffer overflow in KSP Sound Player 2009 R2 and R2.1 ...) NOT-FOR-US: KSP Sound Player CVE-2009-3669 (SQL injection vulnerability in the foobla Suggestions ...) @@ -1864,6 +1867,7 @@ CVE-2009-3561 (Directory traversal vulnerability in Xerver HTTP Server 4.32 allows ...) NOT-FOR-US: Xerver HTTP Server CVE-2009-3560 (The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, ...) + - expat <unfixed> TODO: check CVE-2009-3559 (** DISPUTED ** ...) - php5 <unfixed> (unimportant) @@ -4923,7 +4927,7 @@ [etch] - xemacs21 <no-dsa> (Minor issue, obscure attack vector) [lenny] - xemacs21 <no-dsa> (Minor issue, obscure attack vector) CVE-2009-2686 (Unspecified vulnerability in HP NonStop G06.12.00 through G06.32.00, ...) - TODO: check + NOT-FOR-US: IBM WebSphere Application Server CVE-2009-2685 (Stack-based buffer overflow in the login form in the management web ...) NOT-FOR-US: HP Power Manager CVE-2009-2684 (Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and ...) @@ -5460,15 +5464,15 @@ CVE-2009-2510 (The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 ...) NOT-FOR-US: Microsoft Windows 2000 CVE-2009-2509 (Active Directory Federation Services (ADFS) in Microsoft Windows ...) - TODO: check + NOT-FOR-US: Microsoft Active Directory Federation Services CVE-2009-2508 (The single sign-on implementation in Active Directory Federation ...) - TODO: check + NOT-FOR-US: Microsoft Active Directory Federation Services CVE-2009-2507 (A certain ActiveX control in the Indexing Service in Microsoft Windows ...) NOT-FOR-US: Microsoft Windows CVE-2009-2506 (The text converters in Microsoft Office Word 2002 SP3 and 2003 SP3; ...) - TODO: check + NOT-FOR-US: Microsoft Office CVE-2009-2505 (The Internet Authentication Service (IAS) in Microsoft Windows Vista ...) - TODO: check + NOT-FOR-US: Microsoft Office CVE-2009-2504 (Multiple integer overflows in unspecified APIs in GDI+ in Microsoft ...) NOT-FOR-US: Microsoft products CVE-2009-2503 (GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, ...) @@ -8040,7 +8044,7 @@ CVE-2009-1567 (Multiple stack-based buffer overflows in the Lateral Arts Photobox ...) TODO: check CVE-2009-1566 (Integer overflow in Roxio Easy Media Creator 9.0.136, and Roxio ...) - TODO: check + NOT-FOR-US: Roxio Easy Media Creator CVE-2009-1565 RESERVED CVE-2009-1564 @@ -13782,7 +13786,7 @@ CVE-2008-5881 (Multiple directory traversal vulnerabilities in playSMS 0.9.3 allow ...) NOT-FOR-US: playSMS CVE-2009-0102 (Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2009-0101 RESERVED CVE-2009-0100 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; ...)