Author: nion
Date: 2009-03-14 10:28:26 +0000 (Sat, 14 Mar 2009)
New Revision: 11393
Modified:
data/CVE/list
Log:
- NFUs
- CVE-2009-0660 fixed in mahara 1.1.2-1
- CVE-2009-0537 does not affect glibc
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-03-14 09:14:15 UTC (rev 11392)
+++ data/CVE/list 2009-03-14 10:28:26 UTC (rev 11393)
@@ -29,23 +29,23 @@
CVE-2009-0859 (The shm_get_stat function in ipc/shm.c in the shm subsystem in
the ...)
TODO: check
CVE-2009-0858 (The response_addname function in response.c in Daniel J.
Bernstein ...)
- TODO: check
+ NOT-FOR-US: bts
CVE-2009-0857 (Cross-site scripting (XSS) vulnerability in /prm/reports in the
...)
- TODO: check
+ NOT-FOR-US: SunMC
CVE-2009-0856 (Multiple cross-site scripting (XSS) vulnerabilities in sample
...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere
CVE-2009-0855 (Cross-site scripting (XSS) vulnerability in the administrative
console ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere
CVE-2009-0853 (login.php in CelerBB 0.0.2, when magic_quotes_gpc is disabled,
allows ...)
- TODO: check
+ NOT-FOR-US: CelerBB
CVE-2009-0852 (showme.php in CelerBB 0.0.2 allows remote attackers to obtain
...)
- TODO: check
+ NOT-FOR-US: CelerBB
CVE-2009-0851 (Multiple SQL injection vulnerabilities in CelerBB 0.0.2, when
...)
- TODO: check
+ NOT-FOR-US: CelerBB
CVE-2009-0850 (Cross-site scripting (XSS) vulnerability in BitDefender
Internet ...)
- TODO: check
+ NOT-FOR-US: BitDefender
CVE-2009-0849 (Stack-based buffer overflow in the DtbClsLogin function in
NovaStor ...)
- TODO: check
+ NOT-FOR-US: NovaNET
CVE-2009-0848 (Untrusted search path vulnerability in GTK2 in OpenSUSE 11.0
and 11.1 ...)
TODO: check
CVE-2009-0847
@@ -67,7 +67,7 @@
CVE-2009-0839
RESERVED
CVE-2009-0838 (The crypto pseudo device driver in Sun Solaris 10, and
OpenSolaris ...)
- TODO: check
+ NOT-FOR-US: Solaris
CVE-2009-0837 (Stack-based buffer overflow in Foxit Reader 3.0 before Build
1506, ...)
NOT-FOR-US: Foxit Reader
CVE-2009-0836 (Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506,
...)
@@ -161,7 +161,7 @@
CVE-2009-0826 (BlogHelper stores common_db.inc under the web root with
insufficient ...)
NOT-FOR-US: BlogHelper
CVE-2009-0825 (SQL injection vulnerability in system/rss.php in TinX/cms 3.x
before ...)
- TODO: check
+ NOT-FOR-US: TinX/cms
CVE-2009-0824
RESERVED
CVE-2009-0823
@@ -678,9 +678,9 @@
CVE-2009-0714
RESERVED
CVE-2009-0713 (Unspecified vulnerability in WMI Mapper for HP Systems Insight
Manager ...)
- TODO: check
+ NOT-FOR-US: WMI Mapper
CVE-2009-0712 (Unspecified vulnerability in WMI Mapper for HP Systems Insight
Manager ...)
- TODO: check
+ NOT-FOR-US: WMI Mapper
CVE-2009-0711 (filter.php in PHPFootball 1.6 and earlier allows remote
attackers to ...)
NOT-FOR-US: PHPFootball
CVE-2009-0710 (Multiple cross-site scripting (XSS) vulnerabilities in
PHPFootball 1.6 ...)
@@ -792,7 +792,7 @@
RESERVED
CVE-2009-0660 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara
1.0 ...)
{DSA-1736-1}
- TODO: check
+ - mahara 1.1.2-1 (low)
CVE-2009-0659 (Stack-based buffer overflow in the GetStatsFromLine function in
TPTEST ...)
NOT-FOR-US: TPTEST
CVE-2009-0658 (Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat
9.0 and ...)
@@ -1370,7 +1370,9 @@
CVE-2009-0538
RESERVED
CVE-2009-0537 (Integer overflow in the fts_build function in fts.c in libc in
(1) ...)
- TODO: check
+ - glibc <not-affected> (Vulnerable code not present)
+ NOTE: glibc checks the comlete path length being not longer than
USHRT_MAX
+ NOTE: and closes the directory path + free of structures in case ,
io/fts.c line 727
CVE-2009-0536 (at in bos.rte.cron on IBM AIX 5.2.0, 5.3.0 through 5.3.9, and
6.1.0 ...)
NOT-FOR-US: IBM AIX
CVE-2009-0535 (Directory traversal vulnerability in export.php in Thyme 1.3
and ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
