Author: gilbert-guest
Date: 2010-03-16 02:49:48 +0000 (Tue, 16 Mar 2010)
New Revision: 14275
Modified:
data/CVE/list
data/DSA/list
Log:
NFUs; new webkit issues; DSA-2017-1; possible unimportant pubsub issue
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-03-16 02:37:53 UTC (rev 14274)
+++ data/CVE/list 2010-03-16 02:49:48 UTC (rev 14275)
@@ -39,7 +39,7 @@
CVE-2010-0947 (Cross-site scripting (XSS) vulnerability in post.aspx in Max
Network ...)
NOT-FOR-US: BBSMAX
CVE-2009-4697 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
- TODO: check
+ NOT-FOR-US: RadNICS Gold 5
CVE-2009-4696 (SQL injection vulnerability in index.php in RadNICS Gold 5
allows ...)
NOT-FOR-US: RadNICS Gold 5
CVE-2009-4695 (SQL injection vulnerability in index.php in RadScripts RadLance
Gold ...)
@@ -1529,7 +1529,7 @@
NOTE:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=f98bfbd78c37c5946cc53089da32a5f741efdeb7
CVE-2010-0409 (Buffer overflow in the GMIME_UUENCODE_LEN macro in ...)
- gmime2.2 <unfixed> (bug #568291)
- - gmime2.4 <unfixed> (bug #568291)
+ - gmime2.4 <unfixed> (bug #573877)
CVE-2010-0408 (The ap_proxy_ajp_request function in mod_proxy_ajp.c in
mod_proxy_ajp ...)
- apache2 2.2.15-1 (low)
[lenny] - apache2 <no-dsa> (minor issue)
@@ -2401,11 +2401,11 @@
CVE-2010-0125
RESERVED
CVE-2010-0124 (Employee Timeclock Software 0.99 places the database password on
the ...)
- TODO: check
+ NOT-FOR-US: Employee Timeclock Software
CVE-2010-0123 (The database backup implementation in Employee Timeclock
Software 0.99 ...)
- TODO: check
+ NOT-FOR-US: Employee Timeclock Software
CVE-2010-0122 (Multiple SQL injection vulnerabilities in Employee Timeclock
Software ...)
- TODO: check
+ NOT-FOR-US: Employee Timeclock Software
CVE-2010-0121
RESERVED
CVE-2010-0120
@@ -3161,35 +3161,65 @@
- xar <unfixed> (bug #572556)
[lenny] - xar <no-dsa> (Minor issue)
CVE-2010-0054 (Use-after-free vulnerability in WebKit in Apple Safari before
4.0.5 ...)
- TODO: check
+ - webkit <undetermined> (bug #574064)
+ - kde4libs <undetermined>
+ - kdelibs <undetermined>
+ - qt4-x11 <undetermined>
CVE-2010-0053 (Use-after-free vulnerability in WebKit in Apple Safari before
4.0.5 ...)
- TODO: check
+ - webkit <undetermined> (bug #574064)
+ - kde4libs <undetermined>
+ - kdelibs <undetermined>
+ - qt4-x11 <undetermined>
CVE-2010-0052 (Use-after-free vulnerability in WebKit in Apple Safari before
4.0.5 ...)
- TODO: check
+ - webkit <undetermined> (bug #574064)
+ - kde4libs <undetermined>
+ - kdelibs <undetermined>
+ - qt4-x11 <undetermined>
CVE-2010-0051 (WebKit in Apple Safari before 4.0.5 does not properly validate
the ...)
- TODO: check
+ - webkit <undetermined> (bug #574064)
+ - kde4libs <undetermined>
+ - kdelibs <undetermined>
+ - qt4-x11 <undetermined>
CVE-2010-0050 (Use-after-free vulnerability in WebKit in Apple Safari before
4.0.5 ...)
- TODO: check
+ - webkit <undetermined> (bug #574064)
+ - kde4libs <undetermined>
+ - kdelibs <undetermined>
+ - qt4-x11 <undetermined>
CVE-2010-0049 (Use-after-free vulnerability in WebKit in Apple Safari before
4.0.5 ...)
- TODO: check
+ - webkit <undetermined> (bug #574064)
+ - kde4libs <undetermined>
+ - kdelibs <undetermined>
+ - qt4-x11 <undetermined>
CVE-2010-0048 (Use-after-free vulnerability in WebKit in Apple Safari before
4.0.5 ...)
- TODO: check
+ - webkit <undetermined> (bug #574064)
+ - kde4libs <undetermined>
+ - kdelibs <undetermined>
+ - qt4-x11 <undetermined>
CVE-2010-0047 (Use-after-free vulnerability in WebKit in Apple Safari before
4.0.5 ...)
- TODO: check
+ - webkit <undetermined> (bug #574064)
+ - kde4libs <undetermined>
+ - kdelibs <undetermined>
+ - qt4-x11 <undetermined>
CVE-2010-0046 (The Cascading Style Sheets (CSS) implementation in WebKit in
Apple ...)
- TODO: check
+ - webkit <undetermined> (bug #574064)
+ - kde4libs <undetermined>
+ - kdelibs <undetermined>
+ - qt4-x11 <undetermined>
CVE-2010-0045 (Apple Safari before 4.0.5 on Windows does not properly validate
...)
- TODO: check
+ NOT-FOR-US: Apple Safari
CVE-2010-0044 (PubSub in Apple Safari before 4.0.5 does not properly implement
use of ...)
- TODO: check
+ - libipc-pubsub-perl <undetermined> (unimportant; bug #574066)
+ - libpoe-component-pubsub-perl <undetermined> (unimportant; bug #574067)
+ NOTE: not enough info in apple report to check, but poor cookie handling
+ NOTE: isn''t important enough to worry about
CVE-2010-0043 (ImageIO in Apple Safari before 4.0.5 on Windows allows remote
...)
- TODO: check
+ NOT-FOR-US: Apple Safari
CVE-2010-0042 (ImageIO in Apple Safari before 4.0.5 on Windows does not ensure
that ...)
- TODO: check
+ NOT-FOR-US: Apple Safari
CVE-2010-0041 (ImageIO in Apple Safari before 4.0.5 on Windows does not ensure
that ...)
- TODO: check
+ NOT-FOR-US: Apple Safari
CVE-2010-0040 (Integer overflow in ColorSync in Apple Safari before 4.0.5 on
Windows ...)
- TODO: check
+ NOT-FOR-US: Apple Safari
CVE-2010-0039
RESERVED
CVE-2010-0038 (Recovery Mode in Apple iPhone OS 1.0 through 3.1.2, and iPhone
OS for ...)
@@ -4160,7 +4190,7 @@
CVE-2009-4002 (Heap-based buffer overflow in Adobe Shockwave Player before
11.5.6.606 ...)
NOT-FOR-US: Adobe Shockwave Player
CVE-2009-4001 (Integer overflow in XnView before 1.97.2 might allow remote
attackers ...)
- TODO: check
+ NOT-FOR-US: XnView
CVE-2009-4000 (Directory traversal vulnerability in goform/formExportDataLogs
in HP ...)
NOT-FOR-US: HP Power Manager
CVE-2009-3999 (Stack-based buffer overflow in goform/formExportDataLogs in HP
Power ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2010-03-16 02:37:53 UTC (rev 14274)
+++ data/DSA/list 2010-03-16 02:49:48 UTC (rev 14275)
@@ -1,3 +1,5 @@
+[15 Mar 2010] DSA-2017-1 pulseaudio - insecure temporary directory
+ [lenny] - pulseaudio 0.9.10-3+lenny2
[15 Mar 2010] DSA-2015-1 drbd8 linux-modules-extra-2.6 - privilege escalation
{CVE-2009-3725}
[lenny] - drbd8 2:8.0.14-2+lenny1