Author: derevko-guest Date: 2010-01-02 15:01:04 +0000 (Sat, 02 Jan 2010) New Revision: 13697 Modified: data/CVE/list data/ospu-candidates.txt data/spu-candidates.txt Log: NFUs and ITPs two minor network-manager issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-01-02 09:30:05 UTC (rev 13696) +++ data/CVE/list 2010-01-02 15:01:04 UTC (rev 13697) @@ -8,35 +8,35 @@ TODO: check stable and oldstable (i.e. gaim) NOTE: http://events.ccc.de/congress/2009/Fahrplan/attachments/1483_26c3_ipv4_fuckups.pdf CVE-2009-4458 (Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.2 ...) - TODO: check + - freepbx <itp> (bug #464926) CVE-2009-4457 (Multiple unspecified vulnerabilities in the Vsftpd Webmin module ...) - TODO: check + - webmin <itp> (bug #377948) CVE-2009-4456 (SQL injection vulnerability in news_detail.php in Green Desktiny ...) - TODO: check + NOT-FOR-US: Green Desktiny CVE-2009-4455 (The default configuration of Cisco ASA 5500 Series Adaptive Security ...) - TODO: check + NOT-FOR-US: Cisco CVE-2009-4454 (vccleaner in VideoCache 1.9.2 allows local users with Squid proxy user ...) - TODO: check + - videocache <itp> (bug #505329) CVE-2009-4453 (Insecure method vulnerability in SoftCab Sound Converter ActiveX ...) - TODO: check + NOT-FOR-US: SoftCab Sound Converter ActiveX CVE-2009-4452 (Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; ...) - TODO: check + NOT-FOR-US: Kaspersky Anti-Viru CVE-2009-4451 (Unrestricted file upload vulnerability in upper.php in kandalf upper ...) - TODO: check + NOT-FOR-US: kandalf upper CVE-2009-4450 (Multiple cross-site scripting (XSS) vulnerabilities in map.php in ...) - TODO: check + NOT-FOR-US: LiveZilla CVE-2009-4449 (Directory traversal vulnerability in MyBB (aka MyBulletinBoard) ...) - TODO: check + NOT-FOR-US: MyBB CVE-2009-4448 (inc/functions_time.php in MyBB (aka MyBulletinBoard) 1.4.10, and ...) - TODO: check + NOT-FOR-US: MyBB CVE-2009-4447 (Jax Guestbook 3.5.0 allows remote attackers to bypass authentication ...) - TODO: check + NOT-FOR-US: Jax Guestbook CVE-2009-4446 (Cross-site scripting (XSS) vulnerability in admin.php in ...) - TODO: check + NOT-FOR-US: phpInstantGallery CVE-2009-4445 (Microsoft Internet Information Services (IIS), when used in ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2009-4444 (Microsoft Internet Information Services (IIS) 5.x and 6.x uses only ...) - TODO: check + NOT-FOR-US: Microsoft CVE-2009-4443 (Unspecified vulnerability in the psearch (aka persistent search) ...) NOT-FOR-US: Sun Java System Directory Server Enterprise Edition CVE-2009-4442 (Directory Proxy Server (DPS) in Sun Java System Directory Server ...) @@ -88,7 +88,7 @@ CVE-2009-4421 (Directory traversal vulnerability in languages_cgi.php in Simple PHP ...) NOT-FOR-US: Simple PHP Blog CVE-2009-4420 (Buffer overflow in the bd daemon in F5 Networks BIG-IP Application ...) - TODO: check + NOT-FOR-US: F5 Networks BIG-IP Application Security Manager (ASM) and Protocol Security Manager (PSM) CVE-2009-4419 (Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets in the ...) NOT-FOR-US: Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets CVE-2009-4418 (The unserialize function in PHP 5.3.0 and earlier allows ...) @@ -626,6 +626,10 @@ - xpat2 <unfixed> (unimportant; bug #560087) CVE-2009-4144 (NetworkManager (NM) 0.7.2 does not ensure that the configured ...) - network-manager-applet <unfixed> (low; bug #560067) + - network-manager 0.6.5-1 (low) + [lenny] - network-manager-applet <no-dsa> (minor issue) + [etch] - network-manager <no-dsa> (minor issue) + NOTE: network-manager in lenny not affected, because it is in network-manager-applet CVE-2009-XXXX [unsafe xfs] - xfs 1:1.0.8-6 (low; bug #521107) [etch] - xfs <no-dsa> (minor issue) @@ -929,8 +933,11 @@ CVE-2009-4146 (The _rtld function in the Run-Time Link-Editor (rtld) in ...) TODO: check CVE-2009-4145 (nm-connection-editor in NetworkManager (NM) 0.7.x exports connection ...) - - network-manager-applet <unfixed> - TODO: check + - network-manager-applet <unfixed> (low; bug #563371) + - network-manager 0.6.5-1 (low) + [lenny] - network-manager-applet <no-dsa> (minor issue) + [etch] - network-manager <no-dsa> (minor issue) + NOTE: network-manager in lenny not affected, because it is in network-manager-applet NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=546117 CVE-2009-4143 (PHP before 5.2.12 does not properly handle session data, which has ...) - php5 <unfixed> (low) Modified: data/ospu-candidates.txt ==================================================================--- data/ospu-candidates.txt 2010-01-02 09:30:05 UTC (rev 13696) +++ data/ospu-candidates.txt 2010-01-02 15:01:04 UTC (rev 13697) @@ -544,6 +544,16 @@ -- +network-manager (CVE-2009-4144) +#560067 +notified maintainer through initial bugreport + +CVE-2009-4145 +#563371 +notified maintainer through initial bugreport + +-- + nfs-utils (CVE-2008-4552) notified maintainer Modified: data/spu-candidates.txt ==================================================================--- data/spu-candidates.txt 2010-01-02 09:30:05 UTC (rev 13696) +++ data/spu-candidates.txt 2010-01-02 15:01:04 UTC (rev 13697) @@ -239,6 +239,16 @@ -- +network-manager-applet (CVE-2009-4144) +#560067 +notified maintainer through initial bugreport + +CVE-2009-4145 +#563371 +notified maintainer through initial bugreport + +-- + ntop (CVE-2009-2732) #543312 notified maintainer through initial bugreport