thr3ads.net - Secure testing commits - [Secure-testing-commits] r13527

If this information is useful, please help other people find it:
Share via:
Kees Cook
2009-Dec-12 20:12 UTC
[Secure-testing-commits] r13527 - data/CVE

Author: kees
Date: 2009-12-12 20:12:13 +0000 (Sat, 12 Dec 2009)
New Revision: 13527

Modified:
   data/CVE/list
Log:
NFUs: 44

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-12-12 19:32:17 UTC (rev 13526)
+++ data/CVE/list	2009-12-12 20:12:13 UTC (rev 13527)
@@ -444,7 +444,7 @@
 	- roundcube <unfixed>
 	TODO: check
 CVE-2009-4075 (Unspecified vulnerability in the timeout mechanism in sshd in
Sun ...)
-	TODO: check
+	NOT-FOR-US: Sun Solaris
 CVE-2009-4074 (The XSS Filter in Microsoft Internet Explorer 8 allows remote
...)
 	NOT-FOR-US: Microsoft Internet Explorer 8
 CVE-2008-7247 (sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through
5.1.41, ...)
@@ -812,7 +812,7 @@
 CVE-2009-3935 (Multiple unspecified vulnerabilities in the Advanced Management
Module ...)
 	NOT-FOR-US: IBM BladeCenter
 CVE-2009-3934 (The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage
function ...)
-	TODO: check
+	NOT-FOR-US: Google Chrome
 CVE-2009-3933 (WebKit before r50173, as used in Google Chrome before
3.0.195.32, ...)
 	- webkit <not-affected> (chromium-specific issue in their timer)
 	- qt4-x11 <not-affected> (chromium-specific issue in their timer)
@@ -820,9 +820,9 @@
 	- kde4libs <not-affected> (chromium-specific issue in their timer)
 	- chromium-browser <itp> (low; bug #520324)
 CVE-2009-3932 (The Gears plugin in Google Chrome before 3.0.195.32 allows ...)
-	TODO: check
+	NOT-FOR-US: Google Chrome
 CVE-2009-3931 (Incomplete blacklist vulnerability in
browser/download/download_exe.cc ...)
-	TODO: check
+	NOT-FOR-US: Google Chrome
 CVE-2009-3930 (Multiple integer overflows in Christos Zoulas file before 5.02
allow ...)
 	- file 5.03-1
 	[lenny] - file <not-affected>
@@ -956,7 +956,7 @@
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3878 (Buffer overflow in Sun Java System Web Server 7.0 Update 6 has
...)
-	TODO: check
+	NOT-FOR-US: Sun Java System Web Server
 CVE-2009-3877 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0
before ...)
 	- openjdk <unfixed>
 	- sun-java6 <unfixed>
@@ -1776,7 +1776,7 @@
 CVE-2009-3587 (Unspecified vulnerability in the arclib component in the
Anti-Virus ...)
 	NOT-FOR-US: eTrust Antivirus
 CVE-2009-3586 (Off-by-one error in src/http.c in CoreHTTP 0.5.3.1 and earlier
allows ...)
-	TODO: check
+	NOT-FOR-US: CoreHTTP
 CVE-2009-3585 (Session fixation vulnerability in
html/Elements/SetupSessionCookie in ...)
 	{DSA-1944-1}
 	- request-tracker3.4 <removed>
@@ -1792,11 +1792,11 @@
 CVE-2009-3580
 	RESERVED
 CVE-2009-3578 (Autodesk Maya 8.0, 8.5, 2008, 2009, and 2010 and Alias Wavefront
Maya ...)
-	TODO: check
+	NOT-FOR-US: Autodesk Maya
 CVE-2009-3577 (Autodesk 3D Studio Max (3DSMax) 6 through 9 and 2008 through
2010 ...)
-	TODO: check
+	NOT-FOR-US: Autodesk
 CVE-2009-3576 (Autodesk Softimage 7.x and Softimage XSI 6.x allow remote
attackers to ...)
-	TODO: check
+	NOT-FOR-US: Autodesk Softimage
 CVE-2009-3575 (Buffer overflow in DHTRoutingTableDeserializer.cc in aria2
0.15.3, ...)
 	- aria2 1.2.0-1 (low; bug #551070)
 	[etch] - aria2 <not-affected> (Vulnerable code not present)
@@ -1908,7 +1908,7 @@
 	[lenny] - wireshark <not-affected> (Only affects Wireshark 1.2.x)
 	[etch] - wireshark <not-affected> (Only affects Wireshark 1.2.x)
 CVE-2009-3548 (The Windows installer for Apache Tomcat 6.0.0 through 6.0.20,
5.5.0 ...)
-	TODO: check
+	NOT-FOR-US: Apache Tomcat (Windows only)
 CVE-2009-3547 (Multiple race conditions in fs/pipe.c in the Linux kernel before
...)
 	{DSA-1929-1 DSA-1928-1 DSA-1927-1}
 	- linux-2.6 2.6.31-2 (high)
@@ -3522,7 +3522,7 @@
 CVE-2009-3034
 	RESERVED
 CVE-2009-3033 (Buffer overflow in the RunCmd method in the Altiris eXpress NS
Console ...)
-	TODO: check
+	NOT-FOR-US: ActiveX
 CVE-2009-3032
 	RESERVED
 CVE-2009-3031 (Stack-based buffer overflow in the BrowseAndSaveFile method in
the ...)
@@ -4263,49 +4263,49 @@
 	[lenny] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.30)
 	- linux-2.6.24 <not-affected> (vulnerability introduced in 2.6.30)
 CVE-2009-2843 (Java for Mac OS X 10.5 before Update 6 and 10.6 before Update 1
...)
-	TODO: check
+	NOT-FOR-US: Mac OS X
 CVE-2009-2842 (Apple Safari before 4.0.4 does not properly implement certain
(1) Open ...)
-	TODO: check
+	NOT-FOR-US: Apple Safari
 CVE-2009-2841 (WebKit in Apple Safari before 4.0.4 on Mac OS X does not perform
the ...)
 	- webkit <unfixed> (medium; bug #559759)
 	TODO: work with upstream to determine affected/not-affected versions
 	TODO: check qt4-x11, kdelibs, kde4libs
 CVE-2009-2840 (Spotlight in Apple Mac OS X 10.5.8 does not properly handle
temporary ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2009-2839 (Screen Sharing in Apple Mac OS X 10.5.8 allows remote VNC
servers to ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2009-2838 (Integer overflow in QuickLook in Apple Mac OS X 10.5.8 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2009-2837 (Heap-based buffer overflow in QuickDraw Manager in Apple Mac OS
X ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2009-2836 (Race condition in Login Window in Apple Mac OS X 10.6.x before
10.6.2, ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2009-2835 (The kernel in Apple Mac OS X before 10.6.2 does not properly
handle ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2009-2834 (IOKit in Apple Mac OS X before 10.6.2 allows local users to
modify the ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2009-2833 (Buffer overflow in the UCCompareTextDefault API in International
...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2009-2832 (Buffer overflow in FTP Server in Apple Mac OS X before 10.6.2
allows ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2009-2831 (Dictionary in Apple Mac OS X 10.5.8 allows remote attackers to
create ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2009-2830 (Multiple buffer overflows in Christos Zoulas file before 5.03 in
Apple ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2009-2829 (Event Monitor in Apple Mac OS X 10.5.8 does not properly handle
...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2009-2828 (The server in DirectoryService in Apple Mac OS X 10.5.8 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2009-2827 (Heap-based buffer overflow in Disk Images in Apple Mac OS X
10.5.8 ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2009-2826 (Multiple integer overflows in CoreGraphics in Apple Mac OS X
10.5.8 ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2009-2825 (Certificate Assistant in Apple Mac OS X before 10.6.2 does not
...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2009-2824 (Multiple buffer overflows in Apple Type Services (ATS) in Apple
Mac OS ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2009-2823 (The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables
the ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2009-2822
 	RESERVED
 CVE-2009-2821
@@ -4315,9 +4315,9 @@
 	- cups 1.4.2-1 (low; bug #555666)
 	- cupsys <removed>
 CVE-2009-2819 (AFP Client in Apple Mac OS X 10.5.8 allows remote AFP servers to
...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2009-2818 (Adaptive Firewall in Apple Mac OS X before 10.6.2 does not
properly ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2009-2817 (Buffer overflow in Apple iTunes before 9.0.1 allows remote
attackers ...)
 	NOT-FOR-US: Apple iTunes
 CVE-2009-2816 (The implementation of Cross-Origin Resource Sharing (CORS) in
WebKit, ...)
@@ -4338,11 +4338,11 @@
 CVE-2009-2811 (Incomplete blacklist vulnerability in Launch Services in Apple
Mac OS ...)
 	NOT-FOR-US: Apple Mac OS X
 CVE-2009-2810 (Launch Services in Apple Mac OS X 10.6.x before 10.6.2
recursively ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2009-2809 (ImageIO in Apple Mac OS X 10.4.11 and 10.5.8 allows remote
attackers ...)
 	NOT-FOR-US: ImageIO in Apple Mac OS X
 CVE-2009-2808 (Help Viewer in Apple Mac OS X before 10.6.2 does not use an
HTTPS ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2009-2807 (Heap-based buffer overflow in the USB backend in CUPS in Apple
Mac OS ...)
 	- cupsys <not-affected> (issue in darwin-specific code; bug #550150)
 	- cups <not-affected> (issue in darwin-specific code; bug #550150)
@@ -4569,13 +4569,13 @@
 CVE-2009-2750
 	RESERVED
 CVE-2009-2749 (Feature Pack for Communications Enabled Applications (CEA)
before ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2009-2748
 	RESERVED
 CVE-2009-2747
 	RESERVED
 CVE-2009-2746 (Cross-site request forgery (CSRF) vulnerability in the
administrative ...)
-	TODO: check
+	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2009-2745
 	RESERVED
 CVE-2009-2744 (Unspecified vulnerability in IBM WebSphere Application Server
(WAS) ...)
@@ -4948,7 +4948,7 @@
 CVE-2009-2679 (Unspecified vulnerability in bootpd in HP HP-UX B.11.11,
B.11.23, and ...)
 	NOT-FOR-US: HP HP-UX
 CVE-2009-2678 (Unspecified vulnerability in Open System Services (OSS) Name
Server on ...)
-	TODO: check
+	NOT-FOR-US: Open System Services (OSS) Name Server on HP NonStop
 CVE-2009-2677 (Cross-site request forgery (CSRF) vulnerability in HP Insight
Control ...)
 	NOT-FOR-US: HP Insight Control Suite For Linux (aka ICE-LX)
 CVE-2009-2676 (Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE,
and SE ...)
@@ -5166,7 +5166,7 @@
 	- kolab-cyrus-imapd 2.2.13-5.1 (medium; bug #547712)
 	- dovecot 1:1.2.1-1 (medium; bug #546656)
 CVE-2009-2631 (Multiple clientless SSL VPN products that run in web browsers,
...)
-	TODO: check
+	NOT-FOR-US: Commercial SSL VPN products
 CVE-2009-2630
 	RESERVED
 CVE-2009-2629 (Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0
through ...)
@@ -8043,11 +8043,11 @@
 CVE-2009-1570 (Integer overflow in the ReadImage function in ...)
 	- gimp 2.6.7-1.1 (medium; bug #555929)
 CVE-2009-1569 (Multiple stack-based buffer overflows in Novell iPrint Client
4.38, ...)
-	TODO: check
+	NOT-FOR-US: Novell iPrint Client
 CVE-2009-1568 (Stack-based buffer overflow in ienipp.ocx in Novell iPrint
Client ...)
-	TODO: check
+	NOT-FOR-US: Novell iPrint Client
 CVE-2009-1567 (Multiple stack-based buffer overflows in the Lateral Arts
Photobox ...)
-	TODO: check
+	NOT-FOR-US: ActiveX
 CVE-2009-1566 (Integer overflow in Roxio Easy Media Creator 9.0.136, and Roxio
...)
 	NOT-FOR-US: Roxio Easy Media Creator
 CVE-2009-1565
@@ -10483,7 +10483,7 @@
 CVE-2009-0896 (Buffer overflow in the queue manager in IBM WebSphere MQ 6.x
before ...)
 	NOT-FOR-US: IBM WebSphere
 CVE-2009-0895 (Integer overflow in Novell eDirectory 8.7.3.x before 8.7.3.10
ftf2 and ...)
-	TODO: check
+	NOT-FOR-US: Novell eDirectory
 CVE-2009-0894 (Heap-based buffer overflow in the decoder_create function in the
...)
 	- xvidcore <itp> (bug #531040)
 CVE-2009-0893 (Multiple heap-based buffer overflows in xvidcore/src/decoder.c
in the ...)
@@ -13920,7 +13920,7 @@
 CVE-2009-0053 (PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4
before ...)
 	NOT-FOR-US: Cisco IronPort Encryption Appliance
 CVE-2009-0052 (The Atheros wireless driver, as used in Netgear WNDAP330 Wi-Fi
access ...)
-	TODO: check
+	NOT-FOR-US: Atheros wireless driver
 CVE-2009-0051 (ZXID 0.29 and earlier does not properly check the return value
from ...)
 	NOT-FOR-US: ZXID
 CVE-2009-0050 (Lasso 2.2.1 and earlier does not properly check the return value
from ...)
Secure testing commits - Dec 2009 - r13527 - data/CVE

[Secure-testing-commits] r13527 - data/CVE
