Author: jmm-guest
Date: 2010-08-01 04:22:33 +0000 (Sun, 01 Aug 2010)
New Revision: 15088
Modified:
data/CVE/list
Log:
- NFUs
- new ghostscript issue (already fixed in sid)
- kernel fix pending
- new minor gv issue
- not-so-new ghostscript issue unfixed in sid, working
on a patch right now
- cacti unimportant
- new clvm issue
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-08-01 01:25:32 UTC (rev 15087)
+++ data/CVE/list 2010-08-01 04:22:33 UTC (rev 15088)
@@ -666,13 +666,13 @@
CVE-2009-4929 (admin/manage_users.php in TotalCalendar 2.4 does not require
...)
NOT-FOR-US: TotalCalendar
CVE-2009-4928 (PHP remote file inclusion vulnerability in config.php in
TotalCalendar ...)
- TODO: check
+ NOT-FOR-US: TotalCalendar
CVE-2009-4927 (WB News 2.1.2 allows remote attackers to bypass authentication
and ...)
- TODO: check
+ NOT-FOR-US: WB News
CVE-2009-4926 (Multiple cross-site scripting (XSS) vulnerabilities in Online
Contact ...)
- TODO: check
+ NOT-FOR-US: Online Contact Manager
CVE-2009-4925 (Multiple SQL injection vulnerabilities in Portale e-commerce
Creasito ...)
- TODO: check
+ NOT-FOR-US: Portale e-commerce Creasito
CVE-2010-2652 (Google Chrome before 5.0.375.99 does not properly implement
modal ...)
- webkit <not-affected> (chromium specific issue)
- chromium-browser 5.0.375.99~r51029-1
@@ -749,21 +749,21 @@
CVE-2010-2628
RESERVED
CVE-2010-2627 (Multiple directory traversal vulnerabilities in the Refractor 2
...)
- TODO: check
+ NOT-FOR-US: Refractor 2
CVE-2010-2626 (index.pl in Miyabi CGI Tools SEO Links 1.02 allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: Miyabi CGI Tools SEO Links
CVE-2010-2625 (Unspecified vulnerability in the Client Service for DPM in
Hitachi ...)
- TODO: check
+ NOT-FOR-US: Hitachi ServerConductor
CVE-2010-2624 (Multiple SQL injection vulnerabilities in iScripts EasySnaps 2.0
allow ...)
- TODO: check
+ NOT-FOR-US: iScripts EasySnaps
CVE-2010-2623 (SQL injection vulnerability in pages.php in Internet DM
Specialist Bed ...)
- TODO: check
+ NOT-FOR-US: Internet DM Specialist Bed and Breakfast
CVE-2010-2622 (SQL injection vulnerability in the Joomanager component,
possibly ...)
- TODO: check
+ NOT-FOR-US: Joomanager
CVE-2010-2621 (The QSslSocketBackendPrivate::transmit function in ...)
- qt4-x11 <unfixed> (bug #587711)
CVE-2010-2620 (Open&Compact FTP Server (Open-FTPD) 1.2 and earlier
allows remote ...)
- TODO: check
+ NOT-FOR-US: Open&Compact FTP Server
CVE-2010-2619 (Citrix XenServer 5.0 Update 2 and earlier, and 5.5 Update 1 and
...)
NOT-FOR-US: Citrix XenServer (it''s based on Xen, likely a duplicate
of an existing Xen issue)
CVE-2009-4924 (Dan Pascu python-cjson 1.0.5 does not properly handle a
[''/''] argument ...)
@@ -981,14 +981,15 @@
- freetype 2.4.0-1
CVE-2010-2526
RESERVED
+ - clvm <unfixed> (bug filed)
CVE-2010-2525
RESERVED
CVE-2010-2524
RESERVED
CVE-2010-2523 (Multiple buffer overflows in ha.c in the mipv6 daemon in UMIP
0.4 ...)
- TODO: check
+ NOT-FOR-US: UMIP
CVE-2010-2522 (The mipv6 daemon in UMIP 0.4 does not verify that netlink
messages ...)
- TODO: check
+ NOT-FOR-US: UMIP
CVE-2010-2521
RESERVED
CVE-2010-2520 [freetype]
@@ -1559,7 +1560,7 @@
CVE-2009-4898
RESERVED
CVE-2009-4897 (Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and
earlier ...)
- TODO: check
+ - ghostscript 8.70~dfsg-1
CVE-2009-4896
RESERVED
{DSA-2073-1}
@@ -1756,8 +1757,7 @@
- tomcat6 6.0.28-1 (bug #588813)
CVE-2010-2226 [xfs SWAPEXT ioctl permissions bypass]
RESERVED
- - linux-2.6 <unfixed>
- NOTE: https://bugzilla.redhat.com/CVE-2010-2226
+ - linux-2.6 2.6.32-19
CVE-2010-2225 (Use-after-free vulnerability in the SplObjectStorage
unserializer in ...)
- php5 <unfixed>
NOTE: some vectors mitigated by suhosin patch, but more info is needed
@@ -2196,9 +2196,10 @@
CVE-2010-2057
RESERVED
CVE-2010-2056 (GNU gv before 3.7.0 allows local users to overwrite arbitrary
files ...)
- TODO: check
+ - gv 1:3.7.1-1 (low)
+ [lenny] - gv <no-dsa> (Minor issue)
CVE-2010-2055 (Ghostscript 8.71 and earlier reads initialization files from the
...)
- TODO: check
+ - ghostscript <unfixed>
CVE-2010-2054 (Integer overflow in httpAdapter.c in httpAdapter in SBLIM SFCB
1.3.4 ...)
NOT-FOR-US: SBLIM SFCB
CVE-2010-2053 (emesenelib/ProfileManager.py in emesene before 1.6.2 allows
local ...)
@@ -9577,12 +9578,9 @@
CVE-2009-4047 (Multiple cross-site scripting (XSS) vulnerabilities in PHD Help
Desk ...)
NOT-FOR-US: PHD Help Desk
CVE-2009-4112 (Cacti 0.8.7e and earlier allows remote authenticated
administrators to ...)
- - cacti <unfixed> (low; bug #561339)
- [etch] - cacti <no-dsa> (Minor issue, workaround explained in DSA)
- [lenny] - cacti <no-dsa> (Minor issue, workaround explained in DSA)
+ - cacti <unfixed> (unimportant; bug #561339)
NOTE: 4B0E1566.1070509 at moritz-naumann.com in bugtraq
- NOTE: low or maybe even unimportant as one requires admin access
- NOTE: to cacti, upstream will implement a whitelist
+ NOTE: as one requires admin access to cacti, upstream will implement a
whitelist
CVE-2009-4032 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti
0.8.7e ...)
{DSA-1954-1}
- cacti 0.8.7e-1.1 (low; bug #561338)