[Secure-testing-commits] r11290 - data/CVE

2009-03-01 Thread joeyh 
Author: joeyh
Date: 2009-03-01 09:14:12 + (Sun, 01 Mar 2009)
New Revision: 11290

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2009-03-01 07:09:39 UTC (rev 11289)
+++ data/CVE/list   2009-03-01 09:14:12 UTC (rev 11290)
@@ -7927,7 +7927,7 @@
NOT-FOR-US: Oracle
 CVE-2008-3699 (The MagnatuneBrowser::listDownloadComplete function in ...)
- amarok 1.4.10-1 (unimportant; bug #494765)
-[etch] - amarok 
+   [etch] - amarok 
NOTE: The code in question doesn't dereference the symlink, tested with 
Etch
NOTE: and Lenny. Given that it only takes a minute to test this, it's 
surprising
NOTE: that at least one vendor issued an advisory and upstream pushed a 
new release...
@@ -27856,8 +27856,8 @@
- samba 3.0.25-1 (high)
 CVE-2007-2445 (The png_handle_tRNS function in pngrutil.c in libpng before 
1.0.25 and ...)
{DSA-1613-1}
-- libgd2 2.0.35.dfsg-1 (low)
-[etch] - libgd2 2.0.33-5.2etch1 (low)
+   - libgd2 2.0.35.dfsg-1 (low)
+   [etch] - libgd2 2.0.33-5.2etch1 (low)
- libpng 1.2.15~beta5-2 (unimportant)
- libpng3  (unimportant)
NOTE: Only a crash, no code injection. Calling this DoS stretches 
things rather far


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r11291 - data/CVE

2009-03-01 Thread white 
Author: white
Date: 2009-03-01 09:39:24 + (Sun, 01 Mar 2009)
New Revision: 11291

Modified:
   data/CVE/list
Log:
NFUs

Modified: data/CVE/list
===
--- data/CVE/list   2009-03-01 09:14:12 UTC (rev 11290)
+++ data/CVE/list   2009-03-01 09:39:24 UTC (rev 11291)
@@ -260,89 +260,89 @@
 CVE-2008-6255 (Multiple SQL injection vulnerabilities in vBulletin 3.7.4 allow 
remote ...)
NOT-FOR-US: vBulletin
 CVE-2008-6254 (SQL injection vulnerability in scripts/documents.php in Jadu 
Galaxies ...)
-   TODO: check
+   NOT-FOR-US: Jadu Galaxies
 CVE-2008-6253 (Directory traversal vulnerability in 
data/inc/lib/pcltar.lib.php in ...)
TODO: check
 CVE-2008-6252 (Stack-based buffer overflow in the smc program in smcFanControl 
2.1.2 ...)
-   TODO: check
+   NOT-FOR-US: smcFanControl
 CVE-2008-6251 (PHP remote file inclusion vulnerability in includes/init.php in 
phpFan ...)
-   TODO: check
+   NOT-FOR-US: phpFan
 CVE-2008-6250 (SQL injection vulnerability in Comdev Web Blogger 4.1.3 and 
earlier ...)
-   TODO: check
+   NOT-FOR-US: Comdev Web Blogger
 CVE-2008-6249 (SQL injection vulnerability in plugins/users/index.php in 
Galatolo ...)
-   TODO: check
+   NOT-FOR-US: Galatolo WebManager
 CVE-2008-6248 (Cross-site scripting (XSS) vulnerability in all.php in Galatolo 
...)
-   TODO: check
+   NOT-FOR-US: Galatolo WebManager
 CVE-2008-6247 (SQL injection vulnerability in topsite.php in Scripts For Sites 
(SFS) ...)
-   TODO: check
+   NOT-FOR-US: Scripts For Sites 
 CVE-2008-6246 (SQL injection vulnerability in category.php in Scripts For 
Sites (SFS) ...)
-   TODO: check
+   NOT-FOR-US: Scripts For Sites 
 CVE-2008-6245 (SQL injection vulnerability in track.php in Scripts For Sites 
(SFS) EZ ...)
-   TODO: check
+   NOT-FOR-US: Scripts For Sites 
 CVE-2008-6244 (SQL injection vulnerability in view_reviews.php in Scripts for 
Sites ...)
-   TODO: check
+   NOT-FOR-US: Scripts For Sites 
 CVE-2008-6243 (SQL injection vulnerability in showcategory.php in Scripts For 
Sites ...)
-   TODO: check
+   NOT-FOR-US: Scripts For Sites 
 CVE-2008-6242 (SQL injection vulnerability in SearchResults.php in Scripts For 
Sites ...)
-   TODO: check
+   NOT-FOR-US: Scripts For Sites 
 CVE-2008-6241 (Multiple SQL injection vulnerabilities in admin/usercheck.php 
in ...)
-   TODO: check
+   NOT-FOR-US: FlexPHPSite
 CVE-2008-6240 (Cross-site scripting (XSS) vulnerability in 
data/views/index.html in ...)
-   TODO: check
+   NOT-FOR-US: OpenEdit Digital Asset Management
 CVE-2008-6239 (Cross-site request forgery (CSRF) vulnerability in OpenEdit 
Digital ...)
-   TODO: check
+   NOT-FOR-US: OpenEdit Digital Asset Management
 CVE-2008-6238 (Cross-site scripting (XSS) vulnerability in ...)
-   TODO: check
+   NOT-FOR-US: OpenEdit Digital Asset Management
 CVE-2008-6237 (SQL injection vulnerability in software-description.php in 
Scripts For ...)
-   TODO: check
+   NOT-FOR-US: Scripts For Sites 
 CVE-2008-6236 (SQL injection vulnerability in login.php in Simple Document 
Management ...)
-   TODO: check
+   NOT-FOR-US: Simple Document Management System
 CVE-2008-6235 (The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows 
user-assisted ...)
TODO: check
 CVE-2008-6234 (SQL injection vulnerability in the com_musica module in Joomla! 
and ...)
-   TODO: check
+   NOT-FOR-US: Joomla
 CVE-2008-6233 (SQL injection vulnerability in index.php in Five Dollar Scripts 
Drinks ...)
-   TODO: check
+   NOT-FOR-US: Five Dollar Scripts Drinks script
 CVE-2008-6232 (Pre Shopping Mall allows remote attackers to bypass 
authentication and ...)
-   TODO: check
+   NOT-FOR-US: Pre Shopping Mall
 CVE-2008-6231 (Pre Classified Listing PHP allows remote attackers to bypass 
...)
-   TODO: check
+   NOT-FOR-US: Pre Classified Listing PHP
 CVE-2008-6230 (SQL injection vulnerability in Tour.php in Pre Projects Pre 
Podcast ...)
-   TODO: check
+   NOT-FOR-US: Pre Projects Pre Podcast Portal
 CVE-2008-6229 (Cross-site scripting (XSS) vulnerability in the administrative 
...)
TODO: check
 CVE-2008-6228 (Pre Multi-Vendor Shopping Malls allows remote attackers to 
bypass ...)
-   TODO: check
+   NOT-FOR-US: Pre Multi-Vendor Shopping Malls
 CVE-2008-6227 (SQL injection vulnerability in buyer_detail.php in Pre 
Multi-Vendor ...)
-   TODO: check
+   NOT-FOR-US: Pre Multi-Vendor Shopping Malls 
 CVE-2008-6226 (SQL injection vulnerability in moreinfo.php in Pre Projects PHP 
Auto ...)
-   TODO: check
+   NOT-FOR-US: Pre Projects PHP Auto Listings Script
 CVE-2008-6225 (** DISPUTED ** ...)
-   TODO: check
+   NOT-FOR-US: Mole Group Airline Ticket Sale Script
 CVE-2008-6224 (Directory traversal vulnerability in visualizza.php in Way Of 
The ...)
-   TODO: check
+

[Secure-testing-commits] r11292 - data/CVE

2009-03-01 Thread white 
Author: white
Date: 2009-03-01 09:50:23 + (Sun, 01 Mar 2009)
New Revision: 11292

Modified:
   data/CVE/list
Log:
tor issue unimportant

Modified: data/CVE/list
===
--- data/CVE/list   2009-03-01 09:39:24 UTC (rev 11291)
+++ data/CVE/list   2009-03-01 09:50:23 UTC (rev 11292)
@@ -180,7 +180,8 @@
 CVE-2009-0655 (Lenovo Veriface III allows physically proximate attackers to 
login to ...)
NOT-FOR-US: Lenovo Veriface
 CVE-2009-0654 (Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote 
...)
-   TODO: check
+   - tor  (unimportant)
+   NOTE: attacker already controls entry and exit node at this stage
 CVE-2009-0653 (OpenSSL, probably 0.9.6, does not verify the Basic Constraints 
for an ...)
TODO: check
 CVE-2009-0652 (Mozilla Firefox 3.0.6 does not properly prevent the literal 
rendering ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r11293 - data/CVE

2009-03-01 Thread white 
Author: white
Date: 2009-03-01 09:51:11 + (Sun, 01 Mar 2009)
New Revision: 11293

Modified:
   data/CVE/list
Log:
NFU: Pluck CMS

Modified: data/CVE/list
===
--- data/CVE/list   2009-03-01 09:50:23 UTC (rev 11292)
+++ data/CVE/list   2009-03-01 09:51:11 UTC (rev 11293)
@@ -263,7 +263,7 @@
 CVE-2008-6254 (SQL injection vulnerability in scripts/documents.php in Jadu 
Galaxies ...)
NOT-FOR-US: Jadu Galaxies
 CVE-2008-6253 (Directory traversal vulnerability in 
data/inc/lib/pcltar.lib.php in ...)
-   TODO: check
+   NOT-FOR-US: Pluck CMS
 CVE-2008-6252 (Stack-based buffer overflow in the smc program in smcFanControl 
2.1.2 ...)
NOT-FOR-US: smcFanControl
 CVE-2008-6251 (PHP remote file inclusion vulnerability in includes/init.php in 
phpFan ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r11294 - data/CVE

2009-03-01 Thread white 
Author: white
Date: 2009-03-01 13:09:33 + (Sun, 01 Mar 2009)
New Revision: 11294

Modified:
   data/CVE/list
Log:
Some NFUs

Modified: data/CVE/list
===
--- data/CVE/list   2009-03-01 09:51:11 UTC (rev 11293)
+++ data/CVE/list   2009-03-01 13:09:33 UTC (rev 11294)
@@ -728,9 +728,9 @@
- proftpd 1.3.2-1 (medium; bug #516388)
- proftpd-basic 1.3.2-1 (medium; bug #516388)
 CVE-2009-0541 (Multiple cross-site scripting (XSS) vulnerabilities in Magento 
1.2.0 ...)
-   TODO: check
+   NOT-FOR-US: Magento
 CVE-2009-0540 (Cross-site scripting (XSS) vulnerability in Libero 5.3 SP5, and 
...)
-   TODO: check
+   NOT-FOR-US: Libero
 CVE-2009-0539
RESERVED
 CVE-2009-0538
@@ -871,9 +871,9 @@
 CVE-2009-0507
RESERVED
 CVE-2009-0506 (Unspecified vulnerability in IBM WebSphere Application Server 
(WAS) ...)
-   TODO: check
+   NOT-FOR-US: IBM WebSphere Application Server
 CVE-2009-0505 (The CICS listener in IBM TXSeries for Multiplatforms 6.2 GA 
waits for ...)
-   TODO: check
+   NOT-FOR-US: IBM TXSeries
 CVE-2009-0504 (WSPolicy in the Web Services component in IBM WebSphere 
Application ...)
NOT-FOR-US: IBM WebSphere Application Server
 CVE-2009-0503 (IBM WebSphere Message Broker 6.1.x before 6.1.0.2 writes a 
database ...)
@@ -1055,9 +1055,9 @@
 CVE-2009-0441 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: Technote
 CVE-2009-0440 (IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does 
not ...)
-   TODO: check
+   NOT-FOR-US: IBM WebSphere Partner Gateway
 CVE-2009-0439 (Unspecified vulnerability in the queue manager in IBM WebSphere 
MQ ...)
-   TODO: check
+   NOT-FOR-US: IBM WebSphere
 CVE-2009-0438 (IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on 
Windows ...)
NOT-FOR-US: IBM WebSphere
 CVE-2009-0437 (The Installation Factory installation process for IBM WebSphere 
...)
@@ -1924,7 +1924,7 @@
 CVE-2009-0239
RESERVED
 CVE-2009-0238 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 
SP1; ...)
-   TODO: check
+   NOT-FOR-US: Microsoft
 CVE-2009-0237
RESERVED
 CVE-2009-0236
@@ -20844,7 +20844,7 @@
 CVE-2007-5290 (Multiple cross-site scripting (XSS) vulnerabilities in MailBee 
WebMail ...)
NOT-FOR-US: MailBee WebMail Pro
 CVE-2007-5289 (HP Mercury Quality Center (QC) 9.2 and earlier, and possibly 
...)
-   TODO: check
+   NOT-FOR-US: HP Mercury Quality Center
 CVE-2007-5301 (Buffer overflow in the vorbis_stream_info function in ...)
{DSA-1538-1 DTSA-66-1}
- alsaplayer 0.99.80~rc4-1 (low; bug #446034)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r11295 - data/CVE

2009-03-01 Thread white 
Author: white
Date: 2009-03-01 13:12:27 + (Sun, 01 Mar 2009)
New Revision: 11295

Modified:
   data/CVE/list
Log:
cups CVE is RedHat specific

Modified: data/CVE/list
===
--- data/CVE/list   2009-03-01 13:09:33 UTC (rev 11294)
+++ data/CVE/list   2009-03-01 13:12:27 UTC (rev 11295)
@@ -651,7 +651,7 @@
 CVE-2009-0578
RESERVED
 CVE-2009-0577 (Integer overflow in the WriteProlog function in texttops in 
CUPS ...)
-   TODO: check
+   NOT-FOR-US: RedHat specific, because they had a problem applying the 
fix for CVE-2008-3640
 CVE-2009-0576 (Unspecified vulnerability in Sun Java System Directory Server 
5.2 p6 ...)
NOT-FOR-US: Sun Java System Directory Server
 CVE-2009-0575 (Cross-site scripting (XSS) vulnerability in the ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r11296 - data/CVE

2009-03-01 Thread white 
Author: white
Date: 2009-03-01 13:18:18 + (Sun, 01 Mar 2009)
New Revision: 11296

Modified:
   data/CVE/list
Log:
Requested CVE id for dkim-milter

Modified: data/CVE/list
===
--- data/CVE/list   2009-03-01 13:12:27 UTC (rev 11295)
+++ data/CVE/list   2009-03-01 13:18:18 UTC (rev 11296)
@@ -2,6 +2,7 @@
- dkim-milter 2.6.0.dfsg-2 (low)
[lenny] - dkim-milter 2.6.0.dfsg-1+lenny1
NOTE: 
http://sourceforge.net/tracker/index.php?func=detail&aid=2508602&group_id=139420&atid=744358
+   NOTE: CVE id requested
 CVE-2009- [optipng array overflow]
- optipng 0.6.2.1-1 (low)
NOTE: http://secunia.com/advisories/34035/


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r11297 - data/CVE

2009-03-01 Thread fw 
Author: fw
Date: 2009-03-01 17:03:19 + (Sun, 01 Mar 2009)
New Revision: 11297

Modified:
   data/CVE/list
Log:
new znc issue


Modified: data/CVE/list
===
--- data/CVE/list   2009-03-01 13:18:18 UTC (rev 11296)
+++ data/CVE/list   2009-03-01 17:03:19 UTC (rev 11297)
@@ -1,3 +1,5 @@
+CVE-2009- [znc: authenticated users can obtain shell access]
+   - znc 0.066-1 (bug #516950)
 CVE-2009- [dkim-milter: crash on revoked keys]
- dkim-milter 2.6.0.dfsg-2 (low)
[lenny] - dkim-milter 2.6.0.dfsg-1+lenny1


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r11298 - data/CVE

2009-03-01 Thread fw 
Author: fw
Date: 2009-03-01 17:36:09 + (Sun, 01 Mar 2009)
New Revision: 11298

Modified:
   data/CVE/list
Log:
NFUs
CVE-2009-0737: mediawiki CVE assigned
CVE-2009-0676: linux-2.6 et al.


Modified: data/CVE/list
===
--- data/CVE/list   2009-03-01 17:03:19 UTC (rev 11297)
+++ data/CVE/list   2009-03-01 17:36:09 UTC (rev 11298)
@@ -15,9 +15,7 @@
 CVE-2009-0739 (SQL injection vulnerability in login.php in MyNews 0.10 allows 
remote ...)
NOT-FOR-US: MyNews
 CVE-2009-0738 (SQL injection vulnerability in login.php in Auth Php 1.0 allows 
remote ...)
-   TODO: check
-CVE-2009-0737 (Multiple cross-site scripting (XSS) vulnerabilities in the 
web-based ...)
-   TODO: check
+   NOT-FOR-US: Auth Php
 CVE-2009-0736 (Cross-site scripting (XSS) vulnerability in Pebble before 2.3.2 
allows ...)
NOT-FOR-US: Pebble
 CVE-2009-0735 (Directory traversal vulnerability in 
lib/classes/message_class.php in ...)
@@ -139,7 +137,12 @@
 CVE-2009-0677 (avatarlist.php in the Your Account module, reached through ...)
NOT-FOR-US: RavenNuke
 CVE-2009-0676 (The sock_getsockopt function in net/core/sock.c in the Linux 
kernel ...)
-   TODO: check
+   - linux-2.6  (low)
+   - linux-2.6.24  (low)
+   NOTE: Original fix was incomplete/risky, see:
+   NOTE: 
+   NOTE: Reproducer in 
+   NOTE: lacks initialzer for len.  Leak confirmed with fixed reproducer.
 CVE-2009-0675 (The skfp_ioctl function in drivers/net/skfp/skfddi.c in the 
Linux ...)
TODO: check
 CVE-2009-0674 (images/captcha.php in Raven Web Services RavenNuke 2.30, when 
...)
@@ -833,10 +836,9 @@
 CVE-2009- [konqueror: potential exploits via application launchers]
- kdebase  (low; bug #515106)
NOTE: need to submit a request for CVE id
-CVE-2009- [mediawiki XSS in installer scripts]
+CVE-2009-0737 (Multiple cross-site scripting (XSS) vulnerabilities in the 
web-based ...)
- mediawiki  (low; bug #514547)
[lenny] - mediawiki 1:1.12.0-2lenny3
-   NOTE: CVE id was requested on oss-sec
 CVE-2009-0524
RESERVED
 CVE-2009-0523


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r11299 - data/CVE

2009-03-01 Thread fw 
Author: fw
Date: 2009-03-01 17:50:38 + (Sun, 01 Mar 2009)
New Revision: 11299

Modified:
   data/CVE/list
Log:
NFUs
CVE-2008-6125: moodle fixed


Modified: data/CVE/list
===
--- data/CVE/list   2009-03-01 17:36:09 UTC (rev 11298)
+++ data/CVE/list   2009-03-01 17:50:38 UTC (rev 11299)
@@ -223,9 +223,9 @@
 CVE-2008-6277 (SQL injection vulnerability in product.php in RakhiSoftware 
Price ...)
NOT-FOR-US: RakhiSoftware Price Comparison Script
 CVE-2008-6276 (Multiple SQL injection vulnerabilities in the User Karma module 
5.x ...)
-   TODO: check
+   NOT-FOR-US: User Karma module for Drupal
 CVE-2008-6275 (Cross-site scripting (XSS) vulnerability in the User Karma 
module 5.x ...)
-   TODO: check
+   NOT-FOR-US: User Karma module for Drupal
 CVE-2008-6274 (Multiple SQL injection vulnerabilities in index.php in 
FamilyProject ...)
NOT-FOR-US: FamilyProject
 CVE-2008-6273 (Directory traversal vulnerability in configuration_script.php 
in ...)
@@ -317,7 +317,7 @@
 CVE-2008-6230 (SQL injection vulnerability in Tour.php in Pre Projects Pre 
Podcast ...)
NOT-FOR-US: Pre Projects Pre Podcast Portal
 CVE-2008-6229 (Cross-site scripting (XSS) vulnerability in the administrative 
...)
-   TODO: check
+   NOT-FOR-US: CCK module for Drupal
 CVE-2008-6228 (Pre Multi-Vendor Shopping Malls allows remote attackers to 
bypass ...)
NOT-FOR-US: Pre Multi-Vendor Shopping Malls
 CVE-2008-6227 (SQL injection vulnerability in buyer_detail.php in Pre 
Multi-Vendor ...)
@@ -800,7 +800,8 @@
 CVE-2008-6126 (Multiple directory traversal vulnerabilities in moziloCMS 
1.10.2 and ...)
NOT-FOR-US: moziloCMS
 CVE-2008-6125 (Unspecified vulnerability in the user editing interface in 
Moodle ...)
-   TODO: check
+   {DSA-1691-1}
+   - moodle 1.8.2.dfsg-2
 CVE-2008-6124 (SQL injection vulnerability in the 
hotpot_delete_selected_attempts ...)
{DSA-1691-1}
- moodle 1.8.2.dfsg-2


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r11300 - data/CVE

2009-03-01 Thread fw 
Author: fw
Date: 2009-03-01 17:52:32 + (Sun, 01 Mar 2009)
New Revision: 11300

Modified:
   data/CVE/list
Log:
bug numbers


Modified: data/CVE/list
===
--- data/CVE/list   2009-03-01 17:50:38 UTC (rev 11299)
+++ data/CVE/list   2009-03-01 17:52:32 UTC (rev 11300)
@@ -724,7 +724,7 @@
NOT-FOR-US: ZeroShell
 CVE-2009-0544 (Buffer overflow in the PyCrypto ARC2 module 2.0.1 allows remote 
...)
{DSA-1726-1}
-   - python-crypto  (bug filed)
+   - python-crypto  (bug #516660)
 CVE-2009-0543 (ProFTPD Server 1.3.1, with NLS support enabled, allows remote 
...)
{DSA-1727-1}
- proftpd 1.3.2-1 (medium; bug #516388)
@@ -806,7 +806,7 @@
{DSA-1691-1}
- moodle 1.8.2.dfsg-2
 CVE-2008-6123 (The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in 
net-snmp ...)
-   - net-snmp  (bug filed)
+   - net-snmp  (bug #516801)
 CVE-2008-6122 (The web management interface in Netgear WGR614v9 allows remote 
...)
NOT-FOR-US: Netgear WGR614v9
 CVE-2008-6121 (CRLF injection vulnerability in SocialEngine (SE) 2.7 and 
earlier ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r11301 - data/CVE

2009-03-01 Thread fw 
Author: fw
Date: 2009-03-01 18:54:57 + (Sun, 01 Mar 2009)
New Revision: 11301

Modified:
   data/CVE/list
Log:
CVE-2008-4392: remove "check"


Modified: data/CVE/list
===
--- data/CVE/list   2009-03-01 17:52:32 UTC (rev 11300)
+++ data/CVE/list   2009-03-01 18:54:57 UTC (rev 11301)
@@ -6086,7 +6086,6 @@
 CVE-2008-4393 (Cross-site scripting (XSS) vulnerability in VeriSign Kontiki 
Delivery ...)
NOT-FOR-US: VeriSign Kontiki
 CVE-2008-4392 (dnscache in Daniel J. Bernstein djbdns 1.05 does not prevent 
...)
-   TODO: check
- djbdns  (high)
 CVE-2008-4391 (Stack-based buffer overflow in the SetSource method in the ...)
NOT-FOR-US: Cisco Linksys WVC54GC


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r11302 - data/CVE

2009-03-01 Thread fw 
Author: fw
Date: 2009-03-01 20:37:09 + (Sun, 01 Mar 2009)
New Revision: 11302

Modified:
   data/CVE/list
Log:
NFU


Modified: data/CVE/list
===
--- data/CVE/list   2009-03-01 18:54:57 UTC (rev 11301)
+++ data/CVE/list   2009-03-01 20:37:09 UTC (rev 11302)
@@ -1620,7 +1620,7 @@
 CVE-2009-0311 (The Backbone service (ftbackbone.exe) in EMC AutoStart before 
5.3 SP2 ...)
NOT-FOR-US: EMC AutoStart
 CVE-2009-0310 (Buffer overflow in SUSE blinux (aka sbl) in SUSE openSUSE 10.3 
through ...)
-   TODO: check
+   NOT-FOR-US: SuSE blinux
 CVE-2009-0309
RESERVED
 CVE-2009-0308


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r11303 - data/CVE

2009-03-01 Thread joeyh 
Author: joeyh
Date: 2009-03-01 21:14:10 + (Sun, 01 Mar 2009)
New Revision: 11303

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===
--- data/CVE/list   2009-03-01 20:37:09 UTC (rev 11302)
+++ data/CVE/list   2009-03-01 21:14:10 UTC (rev 11303)
@@ -800,7 +800,6 @@
 CVE-2008-6126 (Multiple directory traversal vulnerabilities in moziloCMS 
1.10.2 and ...)
NOT-FOR-US: moziloCMS
 CVE-2008-6125 (Unspecified vulnerability in the user editing interface in 
Moodle ...)
-   {DSA-1691-1}
- moodle 1.8.2.dfsg-2
 CVE-2008-6124 (SQL injection vulnerability in the 
hotpot_delete_selected_attempts ...)
{DSA-1691-1}


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r11304 - data/CVE

2009-03-01 Thread thomasbl-guest 
Author: thomasbl-guest
Date: 2009-03-01 22:15:13 + (Sun, 01 Mar 2009)
New Revision: 11304

Modified:
   data/CVE/list
Log:
NFU


Modified: data/CVE/list
===
--- data/CVE/list   2009-03-01 21:14:10 UTC (rev 11303)
+++ data/CVE/list   2009-03-01 22:15:13 UTC (rev 11304)
@@ -2146,7 +2146,7 @@
 CVE-2009-0142 (Race condition in AFP Server in Apple Mac OS X 10.5.6 allows 
local ...)
NOT-FOR-US: Apple Mac OS X
 CVE-2009-0141 (XTerm in Apple Mac OS X 10.4.11 and 10.5.6, when used with 
luit, ...)
-   TODO: check
+   NOT-FOR-US: XTerm in Apple Mac OS X
 CVE-2009-0140 (Unspecified vulnerability in the SMB component in Apple Mac OS 
X ...)
NOT-FOR-US: Apple Mac OS X
 CVE-2009-0139 (Integer overflow in the SMB component in Apple Mac OS X 10.5.6 
allows ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r11305 - data/CVE

2009-03-01 Thread white 
Author: white
Date: 2009-03-02 02:17:18 + (Mon, 02 Mar 2009)
New Revision: 11305

Modified:
   data/CVE/list
Log:
New avahi issue, CVE id requested

Modified: data/CVE/list
===
--- data/CVE/list   2009-03-01 22:15:13 UTC (rev 11304)
+++ data/CVE/list   2009-03-02 02:17:18 UTC (rev 11305)
@@ -1,3 +1,6 @@
+CVE-2009- [avahi-daemon: denial of service]
+   - avahi  (bug #517683)
+   NOTE: CVE id requested
 CVE-2009- [znc: authenticated users can obtain shell access]
- znc 0.066-1 (bug #516950)
 CVE-2009- [dkim-milter: crash on revoked keys]


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r11306 - data/CVE

2009-03-01 Thread white 
Author: white
Date: 2009-03-02 02:22:29 + (Mon, 02 Mar 2009)
New Revision: 11306

Modified:
   data/CVE/list
Log:
new openssl issue, probably minor, asked maintainers via bugreport

Modified: data/CVE/list
===
--- data/CVE/list   2009-03-02 02:17:18 UTC (rev 11305)
+++ data/CVE/list   2009-03-02 02:22:29 UTC (rev 11306)
@@ -192,7 +192,7 @@
- tor  (unimportant)
NOTE: attacker already controls entry and exit node at this stage
 CVE-2009-0653 (OpenSSL, probably 0.9.6, does not verify the Basic Constraints 
for an ...)
-   TODO: check
+   - openssl  (bug #517791)
 CVE-2009-0652 (Mozilla Firefox 3.0.6 does not properly prevent the literal 
rendering ...)
TODO: check
 CVE-2009-0651 (Unspecified vulnerability in the Veritas network daemon (aka 
vnetd) in ...)


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r11307 - data/CVE

2009-03-01 Thread white 
Author: white
Date: 2009-03-02 02:33:07 + (Mon, 02 Mar 2009)
New Revision: 11307

Modified:
   data/CVE/list
Log:
New xine-lib issue reported to BTS

Modified: data/CVE/list
===
--- data/CVE/list   2009-03-02 02:22:29 UTC (rev 11306)
+++ data/CVE/list   2009-03-02 02:33:07 UTC (rev 11307)
@@ -96,7 +96,7 @@
 CVE-2009-0699 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Plunet BusinessManager
 CVE-2009-0698 (Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in 
xine-lib ...)
-   TODO: check
+   - xine-lib  (bug #517792; medium)
 CVE-2009-0697
RESERVED
 CVE-2009-0696


___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits