Author: geissert
Date: 2009-10-15 23:17:21 +0000 (Thu, 15 Oct 2009)
New Revision: 13025
Modified:
data/CVE/list
Log:
Two openoffice.org, one amsn and one kvirc issues to be verified
NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-10-15 21:51:42 UTC (rev 13024)
+++ data/CVE/list 2009-10-15 23:17:21 UTC (rev 13025)
@@ -1,5 +1,5 @@
CVE-2009-3699 (Stack-based buffer overflow in libcsa.a (aka the calendar
daemon ...)
- TODO: check
+ NOT-FOR-US: IBM AIX
CVE-2009-3698 (An unspecified function in the Dalvik API in Android 1.5 and
earlier ...)
NOT-FOR-US: Dalvik API in Android
CVE-2009-3697 [phpMyAdmin XSS/SQL inj PMASA-2009-6]
@@ -544,7 +544,7 @@
CVE-2009-3460
RESERVED
CVE-2009-3459 (Unspecified vulnerability in Adobe Reader and Acrobat 9.1.3 and
...)
- TODO: check
+ NOT-FOR-US: Adobe Acrobat
CVE-2009-3458
RESERVED
CVE-2009-3457 (Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall
(WAF) ...)
@@ -1047,6 +1047,7 @@
CVE-2009-3240 (Cross-site scripting (XSS) vulnerability in the Happy Linux
XF-Section ...)
NOT-FOR-US: module for XOOPS
CVE-2009-3239 (Buffer overflow in the EMF parser implementation in
OpenOffice.org ...)
+ - openoffice.org <unfixed>
TODO: check
CVE-2009-3238 (The get_random_int function in drivers/char/random.c in the
Linux ...)
TODO: check
@@ -1364,7 +1365,7 @@
CVE-2009-3127
RESERVED
CVE-2009-3126 (Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1,
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-3162 (Cross-site scripting (XSS) vulnerability in Multi Website 1.5
allows ...)
NOT-FOR-US: Multi Website
CVE-2009-3161 (The server in IBM WebSphere MQ 7.0.0.1, 7.0.0.2, and 7.0.1.0
allows ...)
@@ -1793,9 +1794,9 @@
CVE-2009-3031
RESERVED
CVE-2009-3030 (Cross-site scripting (XSS) vulnerability in Symantec ...)
- TODO: check
+ NOT-FOR-US: Symantec SecurityExpressions Audit and Compliance Server
CVE-2009-3029 (Cross-site scripting (XSS) vulnerability in the console in
Symantec ...)
- TODO: check
+ NOT-FOR-US: Symantec SecurityExpressions Audit and Compliance Server
CVE-2009-3028
RESERVED
CVE-2009-3027
@@ -2106,6 +2107,7 @@
CVE-2008-7071 (SQL injection vulnerability in authenticate.php in Chipmunk
Topsites ...)
NOT-FOR-US: Chipmunk Topsites
CVE-2008-7070 (Argument injection vulnerability in the URI handler in KVIrc
3.4.2 ...)
+ - kvirc <unfixed>
TODO: check
CVE-2008-7069 (All Club CMS (ACCMS) 0.0.2 and earlier stores sensitive
information ...)
NOT-FOR-US: All Club CMS (ACCMS)
@@ -2354,9 +2356,9 @@
CVE-2009-2899
RESERVED
CVE-2009-2898 (Cross-site scripting (XSS) vulnerability in the Alerts list
feature in ...)
- TODO: check
+ NOT-FOR-US: SpringSource Hyperic HQ
CVE-2009-2897 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
- TODO: check
+ NOT-FOR-US: SpringSource Hyperic HQ
CVE-2009-2896 (Buffer overflow in KMplayer 2.9.4.1433 and earlier allows
remote ...)
NOT-FOR-US: KMPlayer: http://www.kmplayer.com
CVE-2009-2895 (SQL injection vulnerability in rss.php in Ultimate Regnow
Affiliate ...)
@@ -3177,7 +3179,7 @@
CVE-2009-2685
RESERVED
CVE-2009-2684 (Multiple cross-site scripting (XSS) vulnerabilities in
Jetdirect and ...)
- TODO: check
+ NOT-FOR-US: Embedded Web Server in HP printers
CVE-2009-2683 (Unspecified vulnerability in the Sender module in HP Remote
Graphics ...)
NOT-FOR-US: HP Remote Graphics
CVE-2009-2682 (Unspecified vulnerability in Role-Based Access Control (RBAC)
in HP ...)
@@ -3663,23 +3665,23 @@
CVE-2009-2533 (rmserver in RealNetworks Helix Server and Helix Mobile Server
before ...)
NOT-FOR-US: RealNetworks Helix Server and Helix Mobile Server
CVE-2009-2532 (Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008
Gold ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows Vista
CVE-2009-2531 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not
properly ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2530 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not
properly ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2529 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does
not ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2528 (GDI+ in Microsoft Office XP SP3 does not properly handle
malformed ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office XP
CVE-2009-2527 (Heap-based buffer overflow in Microsoft Windows Media Player
6.4 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows Media Player
CVE-2009-2526 (Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold
and ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows Vista
CVE-2009-2525 (Microsoft Windows Media Runtime, as used in DirectShow WMA
Voice ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows Media Runtime
CVE-2009-2524 (Integer underflow in the NTLM authentication feature in the
Local ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows XP
CVE-2009-2523
RESERVED
CVE-2009-2522
@@ -3691,13 +3693,13 @@
CVE-2009-2519 (The DHTML Editing Component ActiveX control in Microsoft
Windows 2000 ...)
NOT-FOR-US: Microsoft Windows
CVE-2009-2518 (Integer overflow in GDI+ in Microsoft Office XP SP3 allows
remote ...)
- TODO: check
+ NOT-FOR-US: Microsoft Office XP
CVE-2009-2517 (The kernel in Microsoft Windows Server 2003 SP2 does not
properly ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows Server 2003
CVE-2009-2516 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3,
Server 2003 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows 2000
CVE-2009-2515 (Integer underflow in the kernel in Microsoft Windows 2000 SP4,
XP SP2 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows 2000
CVE-2009-2514
RESERVED
CVE-2009-2513
@@ -3705,35 +3707,35 @@
CVE-2009-2512
RESERVED
CVE-2009-2511 (Integer overflow in the CryptoAPI component in Microsoft
Windows 2000 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows 2000
CVE-2009-2510 (The CryptoAPI component in Microsoft Windows 2000 SP4, Windows
XP SP2 ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows 2000
CVE-2009-2509
RESERVED
CVE-2009-2508
RESERVED
CVE-2009-2507 (A certain ActiveX control in the Indexing Service in Microsoft
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2009-2506
RESERVED
CVE-2009-2505
RESERVED
CVE-2009-2504 (Multiple integer overflows in unspecified APIs in GDI+ in
Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft products
CVE-2009-2503 (GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and
SP3, ...)
- TODO: check
+ NOT-FOR-US: Microsoft products
CVE-2009-2502 (Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1,
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft products
CVE-2009-2501 (Heap-based buffer overflow in GDI+ in Microsoft Internet
Explorer 6 ...)
- TODO: check
+ NOT-FOR-US: Microsoft products
CVE-2009-2500 (Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1,
Windows ...)
- TODO: check
+ NOT-FOR-US: Microsoft products
CVE-2009-2499 (Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and
Microsoft ...)
NOT-FOR-US: Microsoft Windows Media Format Runtime
CVE-2009-2498 (Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and
Windows ...)
NOT-FOR-US: Microsoft Windows Media Format Runtime
CVE-2009-2497 (The Common Language Runtime (CLR) in Microsoft .NET Framework
2.0, 2.0 ...)
- TODO: check
+ NOT-FOR-US: Microsoft products
CVE-2009-2496 (Heap-based buffer overflow in the Office Web Components ActiveX
...)
NOT-FOR-US: Microsoft Office XP
CVE-2009-2495 (The Active Template Library (ATL) in Microsoft Visual Studio
.NET 2003 ...)
@@ -4767,6 +4769,7 @@
CVE-2008-6833 (Directory traversal vulnerability in commsrss.php in fuzzylime
(cms) ...)
NOT-FOR-US: fuzzylime
CVE-2009-2140 (Multiple heap-based buffer overflows in ...)
+ - openoffice.org <unfixed>
TODO: check
CVE-2009-2139 (Heap-based buffer overflow in
svtools/source/filter.vcl/wmf/enhwmf.cxx ...)
{DSA-1880-1}
@@ -6364,7 +6367,7 @@
NOTE: fixed over a year ago in debian; but fedora finally got around to
addressing the issue recently
NOTE: FEDORA-2009-3639 (http://lwn.net/Articles/331605)
CVE-2009-1547 (Unspecified vulnerability in Microsoft Internet Explorer 5.01
SP4, 6, ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-1546 (Integer overflow in Avifil32.dll in the Windows Media file
handling ...)
NOT-FOR-US: Microsoft Windows
CVE-2009-1545 (Unspecified vulnerability in Avifil32.dll in the Windows Media
file ...)
@@ -10321,7 +10324,7 @@
CVE-2009-0556 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3,
and ...)
NOT-FOR-US: Microsoft Office
CVE-2009-0555 (Microsoft Windows Media Runtime, as used in DirectShow WMA
Voice ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2009-0554 (Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows
XP SP2 ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-0553 (Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2
and SP3, ...)
@@ -12057,9 +12060,9 @@
CVE-2009-0092
RESERVED
CVE-2009-0091 (Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not
properly ...)
- TODO: check
+ NOT-FOR-US: Microsoft .NET Framework
CVE-2009-0090 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not
...)
- TODO: check
+ NOT-FOR-US: Microsoft .NET Framework
CVE-2009-0089 (Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000
SP4, XP ...)
NOT-FOR-US: Microsoft Windows
CVE-2009-0088 (The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in
Microsoft ...)
@@ -38295,8 +38298,8 @@
CVE-2007-2196 (** DISPUTED ** ...)
NOT-FOR-US: Jambook module for Mambo and Joomla
CVE-2007-2195 (aMSN (aka Alvaro's Messenger) 0.96 and earlier allows remote
attackers ...)
+ - amsn <unfixed>
TODO: check
- NOTE: package amsn
CVE-2007-2194 (Stack-based buffer overflow in XnView 1.90.3 allows
user-assisted ...)
NOT-FOR-US: XnView
CVE-2007-2193 (Stack-based buffer overflow in the ID_X.apl plugin in ACDSee
9.0 Build ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
