thr3ads.net - Secure testing commits - [Secure-testing-commits] r14997

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2010-Jul-15 21:18 UTC
[Secure-testing-commits] r14997 - data/CVE

Author: jmm-guest
Date: 2010-07-15 21:18:13 +0000 (Thu, 15 Jul 2010)
New Revision: 14997

Modified:
   data/CVE/list
Log:
- bugzilla fixed
- rewrite several older bugzilla entries now that
  3.4 is in unstable
- Oracle NFUs  


Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-07-15 21:14:35 UTC (rev 14996)
+++ data/CVE/list	2010-07-15 21:18:13 UTC (rev 14997)
@@ -854,29 +854,29 @@
 CVE-2010-2404
 	RESERVED
 CVE-2010-2403 (Unspecified vulnerability in the PeopleSoft Enterprise Campus
...)
-	TODO: check
+	NOT-FOR-US: PeopleSoft
 CVE-2010-2402 (Unspecified vulnerability in the PeopleSoft Enterprise
PeopleTools ...)
-	TODO: check
+	NOT-FOR-US: PeopleSoft
 CVE-2010-2401 (Unspecified vulnerability in the PeopleSoft Enterprise HCM -
eProfile ...)
-	TODO: check
+	NOT-FOR-US: PeopleSoft
 CVE-2010-2400 (Unspecified vulnerability in Oracle Solaris 9 and 10, and
OpenSolaris, ...)
-	TODO: check
+	NOT-FOR-US: Solaris
 CVE-2010-2399 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris
allows ...)
-	TODO: check
+	NOT-FOR-US: Solaris
 CVE-2010-2398 (Unspecified vulnerability in the PeopleSoft Enterprise HCM
component ...)
-	TODO: check
+	NOT-FOR-US: PeopleSoft
 CVE-2010-2397 (Unspecified vulnerability in Oracle Sun Java System Application
Server ...)
-	TODO: check
+	NOT-FOR-US: Oracle Sun Java System Application Serve
 CVE-2010-2396
 	RESERVED
 CVE-2010-2395
 	RESERVED
 CVE-2010-2394 (Unspecified vulnerability in Oracle Solaris 10 allows local
users to ...)
-	TODO: check
+	NOT-FOR-US: Solaris
 CVE-2010-2393 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris
allows ...)
-	TODO: check
+	NOT-FOR-US: Solaris
 CVE-2010-2392 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris
allows ...)
-	TODO: check
+	NOT-FOR-US: Solaris
 CVE-2010-2391
 	RESERVED
 CVE-2010-2390
@@ -888,39 +888,39 @@
 CVE-2010-2387
 	RESERVED
 CVE-2010-2386 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and
...)
-	TODO: check
+	NOT-FOR-US: Solaris
 CVE-2010-2385 (Unspecified vulnerability in Oracle Sun Java System Web Proxy
Server ...)
 	TODO: check
 CVE-2010-2384 (Unspecified vulnerability in Oracle Solaris 9 and 10 allows
local ...)
-	TODO: check
+	NOT-FOR-US: Solaris
 CVE-2010-2383 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and
...)
-	TODO: check
+	NOT-FOR-US: Solaris
 CVE-2010-2382 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows
local ...)
-	TODO: check
+	NOT-FOR-US: Solaris
 CVE-2010-2381 (Unspecified vulnerability in the Application Server Control
component ...)
-	TODO: check
+	NOT-FOR-US: Oracle Fusion Middleware
 CVE-2010-2380 (Unspecified vulnerability in the PeopleSoft Enterprise FSCM
component ...)
-	TODO: check
+	NOT-FOR-US: PeopleSoft
 CVE-2010-2379 (Unspecified vulnerability in the PeopleSoft Enterprise HCM -
Time &amp; ...)
-	TODO: check
+	NOT-FOR-US: PeopleSoft
 CVE-2010-2378 (Unspecified vulnerability in the PeopleSoft Enterprise CRM
component ...)
-	TODO: check
+	NOT-FOR-US: PeopleSoft
 CVE-2010-2377 (Unspecified vulnerability in the PeopleSoft Enterprise
PeopleTools ...)
-	TODO: check
+	NOT-FOR-US: PeopleSoft
 CVE-2010-2376 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows
local ...)
-	TODO: check
+	NOT-FOR-US: Solaris
 CVE-2010-2375 (Package/Privilege: Plugins for Apache, Sun and IIS web servers
...)
-	TODO: check
+	NOT-FOR-US: Oracle Fusion Middleware
 CVE-2010-2374 (Unspecified vulnerability in Solaris Studio 12 update 1 allows
local ...)
-	TODO: check
+	NOT-FOR-US: Solaris
 CVE-2010-2373 (Unspecified vulnerability in the Console component in Oracle
...)
-	TODO: check
+	NOT-FOR-US: Oracle Enterprise Manager Grid Control 
 CVE-2010-2372 (Unspecified vulnerability in the Oracle Transportation
Management ...)
-	TODO: check
+	NOT-FOR-US: Oracle Supply Chain Products Suite
 CVE-2010-2371 (Unspecified vulnerability in the Oracle Transportation
Management ...)
-	TODO: check
+	NOT-FOR-US: Oracle Supply Chain Products Suite
 CVE-2010-2370 (Unspecified vulnerability in the Oracle Business Process
Management ...)
-	TODO: check
+	NOT-FOR-US: Oracle Fusion Middleware
 CVE-2010-2369
 	RESERVED
 CVE-2010-2368
@@ -1269,7 +1269,7 @@
 CVE-2010-2245
 	RESERVED
 CVE-2010-2244 (The AvahiDnsPacket function in avahi-core/socket.c in
avahi-daemon in ...)
-	TODO: check
+	- avahi <undetermined>
 CVE-2010-2243 [timekeeping oops]
 	RESERVED
 	- linux-2.6 2.6.32-11
@@ -4166,7 +4166,7 @@
 	- tuxonice-userui <unfixed> 
 	TODO: binNMU tuxonice-userui once libpng is fixed
 CVE-2010-1204 (Search.pm in Bugzilla 2.17.1 through 3.2.6, 3.3.1 through 3.4.6,
3.5.1 ...)
-	- bugzilla <unfixed> (low; bug #587663)
+	- bugzilla 3.4.7.0-1 (low; bug #587663)
 	[lenny] - bugzilla <no-dsa> (Minor issue)
 CVE-2010-1203 (The JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4
allow ...)
 	- xulrunner <not-affected> (Only affects Firefox 3.6, i.e xulrunner
1.9.2)
@@ -5069,7 +5069,7 @@
 CVE-2010-0917 (Stack-based buffer overflow in VBScript in Microsoft Windows
2000 SP4, ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2010-0916 (Unspecified vulnerability in Oracle OpenSolaris 10 allows local
users ...)
-	TODO: check
+	NOT-FOR-US: Solaris
 CVE-2010-0915 (Unspecified vulnerability in the Oracle Advanced Product Catalog
...)
 	TODO: check
 CVE-2010-0914 (Unspecified vulnerability in Oracle Sun Convergence 1.0 allows
remote ...)
@@ -9309,7 +9309,7 @@
 CVE-2009-3990
 	RESERVED
 CVE-2009-3989 (Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5,
and ...)
-	- bugzilla <unfixed> (unimportant)
+	- bugzilla 3.4.7.0-1 (unimportant)
 	NOTE: http://www.bugzilla.org/security/3.0.10/
 CVE-2009-3988 (Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and
...)
 	{DSA-1999-1}
@@ -11096,9 +11096,11 @@
 	[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no
longer covered by security support)
 	[lenny] - xulrunner <not-affected> (Video playback capabilities were
added in 3.5)
 CVE-2009-3387 (Bugzilla 3.3.1 through 3.4.4, 3.5.1, and 3.5.2 does not allow
group ...)
-	- bugzilla <not-affected> (Only Bugzilla >= 3.3 is affected)
+	- bugzilla 3.4.7.0-1
+	[lenny] - bugzilla <not-affected> (Only Bugzilla >= 3.3 is affected)
 CVE-2009-3386 (Template.pm in Bugzilla 3.3.2 through 3.4.3 and 3.5 through
3.5.1 ...)
-	- bugzilla <not-affected> (Only 3.3 onwards are affected)
+	- bugzilla 3.4.7.0-1
+	[lenny] - bugzilla <not-affected> (Only Bugzilla >= 3.3 is affected)
 CVE-2009-3385 (The mail component in Mozilla SeaMonkey before 1.1.19 does not
...)
 	{DSA-1922-1}
 	- xulrunner 1.9.0.15-1
@@ -11683,7 +11685,8 @@
 CVE-2008-7221 (Cross-site request forgery (CSRF) vulnerability in RunCMS 1.6.1
allows ...)
 	NOT-FOR-US: RunCMS
 CVE-2009-3166 (token.cgi in Bugzilla 3.4rc1 through 3.4.1 places a password in
a URL ...)
-	- bugzilla <not-affected> (only 3.4.x is affected)
+	- bugzilla 3.4.7.0-1
+	[lenny] - bugzilla <not-affected> (Only Bugzilla >= 3.3 is affected)
 CVE-2009-3165 (SQL injection vulnerability in the Bug.create WebService
function in ...)
 	{DSA-1913-1}
 	- bugzilla 3.2.5.0-1 (low; bug #547132)
@@ -11945,7 +11948,8 @@
 CVE-2009-3146 (Cross-site scripting (XSS) vulnerability in search_advance.php
in ...)
 	NOT-FOR-US: ArticleFriend Script
 CVE-2009-3125 (SQL injection vulnerability in the Bug.search WebService
function in ...)
-	- bugzilla <not-affected> (Only 3.3.x and 3.4.x are affected)
+	- bugzilla 3.4.7.0-1
+	[lenny] - bugzilla <not-affected> (Only Bugzilla >= 3.3 is affected)
 CVE-2009-3124 (Directory traversal vulnerability in get_message.cgi in
QuarkMail ...)
 	NOT-FOR-US: QuarkMail
 CVE-2009-3123 (Directory traversal vulnerability in gallery/gallery.php in
Wap-Motor ...)
Secure testing commits - Jul 2010 - r14997 - data/CVE

[Secure-testing-commits] r14997 - data/CVE
