thr3ads.net - Secure testing commits - [Secure-testing-commits] r13796

If this information is useful, please help other people find it:
Share via:
Raphael Geissert
2010-Jan-13 05:13 UTC
[Secure-testing-commits] r13796 - data/CVE

Author: geissert
Date: 2010-01-13 05:13:13 +0000 (Wed, 13 Jan 2010)
New Revision: 13796

Modified:
   data/CVE/list
Log:
new acidbase and pidgin issues, mediawiki CVEified, NFUs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-01-13 04:46:35 UTC (rev 13795)
+++ data/CVE/list	2010-01-13 05:13:13 UTC (rev 13796)
@@ -1,11 +1,12 @@
 CVE-2010-0277 (slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4
and ...)
+	- pidgin <unfixed>
 	TODO: check
 CVE-2010-0276 (IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241
for ...)
-	TODO: check
+	NOT-FOR-US: IBM Lotus iNotes
 CVE-2010-0275 (Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or
DWA) ...)
-	TODO: check
+	NOT-FOR-US: IBM Lotus iNotes
 CVE-2010-0274 (Unspecified vulnerability in the Edit Contact scene in
Ultra-light ...)
-	TODO: check
+	NOT-FOR-US: IBM Lotus iNotes
 CVE-2010-0273 (Unspecified vulnerability in Sun Java System Web Server 7.0
Update 6 ...)
 	TODO: check
 CVE-2010-0272 (Heap-based buffer overflow in Sun Java System Web Server 7.0
Update 6 ...)
@@ -95,43 +96,45 @@
 CVE-2010-0230
 	RESERVED
 CVE-2010-0229 (Verbatim Corporate Secure and Corporate Secure FIPS Edition USB
flash ...)
-	TODO: check
+	NOT-FOR-US: Verbatim Corporate Secure
 CVE-2010-0228 (Verbatim Corporate Secure and Corporate Secure FIPS Edition USB
flash ...)
-	TODO: check
+	NOT-FOR-US: Verbatim Corporate Secure
 CVE-2010-0227 (Verbatim Corporate Secure and Corporate Secure FIPS Edition USB
flash ...)
-	TODO: check
+	NOT-FOR-US: Verbatim Corporate Secure
 CVE-2010-0226 (SanDisk Cruzer Enterprise USB flash drives do not prevent
password ...)
-	TODO: check
+	NOT-FOR-US: SanDisk Cruzer Enterprise USB flash drives
 CVE-2010-0225 (SanDisk Cruzer Enterprise USB flash drives use a fixed 256-bit
key for ...)
-	TODO: check
+	NOT-FOR-US: SanDisk Cruzer Enterprise USB flash drives
 CVE-2010-0224 (SanDisk Cruzer Enterprise USB flash drives validate passwords
with a ...)
-	TODO: check
+	NOT-FOR-US: SanDisk Cruzer Enterprise USB flash drives
 CVE-2010-0223 (Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure
Privacy ...)
-	TODO: check
+	NOT-FOR-US: Kingston USB flash drives
 CVE-2010-0222 (Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure
Privacy ...)
-	TODO: check
+	NOT-FOR-US: Kingston USB flash drives
 CVE-2010-0221 (Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure
Privacy ...)
-	TODO: check
+	NOT-FOR-US: Kingston USB flash drives
 CVE-2010-0220 (The nsObserverList::FillObserverArray function in ...)
 	TODO: check
 CVE-2009-4594 (Unspecified vulnerability in IBM Lotus iNotes (aka Domino Web
Access ...)
-	TODO: check
+	NOT-FOR-US: IBM Lotus iNotes
 CVE-2009-4593 (The bftpdutmp_log function in bftpdutmp.c in Bftpd before 2.4
does not ...)
-	TODO: check
+	NOT-FOR-US: Bftpd
 CVE-2009-4592 (Unspecified vulnerability in base_local_rules.php in Basic
Analysis ...)
+	- acidbase 1.4.4-1
 	TODO: check
 CVE-2009-4591 (SQL injection vulnerability in Basic Analysis and Security
Engine ...)
+	- acidbase 1.4.4-1
 	TODO: check
 CVE-2009-4590 (Cross-site scripting (XSS) vulnerability in base_local_rules.php
in ...)
+	- acidbase 1.4.4-1
 	TODO: check
-CVE-2009-4589 (Cross-site scripting (XSS) vulnerability in the Special:Block
...)
-	TODO: check
 CVE-2009-4588 (Heap-based buffer overflow in the WindsPlayerIE.View.1 ActiveX
control ...)
-	TODO: check
+	NOT-FOR-US: AwingSoft Awakening
 CVE-2009-4587 (Cherokee Web Server 0.5.4 allows remote attackers to cause a
denial of ...)
 	TODO: check
+	NOTE: looks like a windows-specific issue
 CVE-2009-4586 (Multiple cross-site scripting (XSS) vulnerabilities in
index.html in ...)
-	TODO: check
+	NOT-FOR-US: Wowd client
 CVE-2010-0219
 	RESERVED
 CVE-2010-0218
@@ -7075,7 +7078,7 @@
 	- movabletype-opensource 4.2.6.1-1 (low; bug #537935) 
 	[lenny] - movabletype-opensource <no-dsa> (Minor information disclosure)
 	TODO: next point update: [lenny] - movabletype-opensource 4.2.3-1+lenny1
-CVE-2009-XXXX [mediawiki: XSS via specialblock]
+CVE-2009-4589 [mediawiki: XSS via specialblock]
 	- mediawiki 1:1.15.0-1.1 (low; bug #537634)
 	- mediawiki1.7 <removed>
 	[etch] - mediawiki <not-affected> (metapackage)
Secure testing commits - Jan 2010 - r13796 - data/CVE

[Secure-testing-commits] r13796 - data/CVE
