[Secure-testing-commits] r13340 - data/CVE

Giuseppe Iuculano Sat, 21 Nov 2009 05:39:29 -0800

Author: derevko-guest
Date: 2009-11-21 13:39:13 +0000 (Sat, 21 Nov 2009)
New Revision: 13340


Modified:
   data/CVE/list
Log:
NFUs
CVE-2009-3978 fixed in xulrunner 1.9.1.5-1
CVE-2009-3941, CVE-2009-3942, msmtp and mpop are not affected
CVE-2009-3940: fixed in virtualbox-guest-additions 3.0.10-1


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2009-11-21 11:46:20 UTC (rev 13339)
+++ data/CVE/list       2009-11-21 13:39:13 UTC (rev 13340)
@@ -19,7 +19,7 @@
 CVE-2009-4007
        RESERVED
 CVE-2009-4006 (Stack-based buffer overflow in the TEA decoding algorithm in 
RhinoSoft ...)
-       TODO: check
+       NOT-FOR-US: Serv-U FTP server
 CVE-2009-4005 (The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c 
in the ...)
        - linux-2.6 <unfixed>
        - linux-2.6.24 <removed>
@@ -75,36 +75,36 @@
 CVE-2009-3979
        RESERVED
 CVE-2009-3978 (The nsGIFDecoder2::GifWrite function in 
decoders/gif/nsGIFDecoder2.cpp ...)
-       - xulrunner <unfixed>
+       - xulrunner 1.9.1.5-1
        TODO: check
 CVE-2009-3977 (Multiple buffer overflows in a certain ActiveX control in ...)
-       TODO: check
+       NOT-FOR-US: HP OpenView Network Node Manager
 CVE-2009-3976 (Buffer overflow in Labtam ProFTP 2.9 allows remote FTP servers 
to ...)
-       TODO: check
+       NOT-FOR-US: Labtam ProFTP 
 CVE-2009-3975 (SQL injection vulnerability in index.php in Moa Gallery 1.1.0 
and ...)
-       TODO: check
+       NOT-FOR-US: Moa Gallery
 CVE-2009-3974 (Multiple SQL injection vulnerabilities in Invision Power Board 
(IPB or ...)
        NOT-FOR-US: Invision Power Board
 CVE-2009-3973 (SQL injection vulnerability in index.php in Turnkey Arcade 
Script ...)
-       TODO: check
+       NOT-FOR-US: Turnkey Arcade Script
 CVE-2009-3972 (SQL injection vulnerability in the Q-Proje Siirler Bileseni ...)
-       TODO: check
+       NOT-FOR-US: component for Joomla!
 CVE-2009-3971 (SQL injection vulnerability in the jTips (com_jtips) component 
1.0.7 ...)
-       TODO: check
+       NOT-FOR-US: component for Joomla!
 CVE-2009-3970 (SQL injection vulnerability in index.php in PHP Dir Submit (aka 
...)
-       TODO: check
+       NOT-FOR-US: PHP Dir Submit
 CVE-2009-3969 (Stack-based buffer overflow in Faslo Player 7.0 allows remote 
...)
-       TODO: check
+       NOT-FOR-US: Faslo Player
 CVE-2009-3968 (Multiple SQL injection vulnerabilities in ITechBids 8.0 allow 
remote ...)
-       TODO: check
+       NOT-FOR-US: ITechBids
 CVE-2009-3967 (SQL injection vulnerability in browse.php in Ed Charkow 
SuperCharged ...)
-       TODO: check
+       NOT-FOR-US: Ed Charkow SuperCharged Linking
 CVE-2009-3966 (Arcade Trade Script 1.0 allows remote attackers to bypass ...)
-       TODO: check
+       NOT-FOR-US: Arcade Trade Script
 CVE-2009-3965 (SQL injection vulnerability in rating.php in New 5 star Rating 
1.0 ...)
-       TODO: check
+       NOT-FOR-US: New 5 star Rating
 CVE-2009-3964 (SQL injection vulnerability in the NinjaMonials 
(com_ninjacentral) ...)
-       TODO: check
+       NOT-FOR-US: component for Joomla!
 CVE-2009-XXXX [ngingx webdav directory traversal]
        - nginx <unfixed> (low)
        TODO: check
@@ -173,12 +173,11 @@
 CVE-2009-3943 (Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 
through ...)
        NOT-FOR-US: Microsoft Internet Explorer
 CVE-2009-3942 (Martin Lambers msmtp before 1.4.19, when OpenSSL is used, does 
not ...)
-       TODO: check
+       - msmtp <not-affected> (uses GnuTLS and not OpenSSL; bug #557324) 
 CVE-2009-3941 (Martin Lambers mpop before 1.0.19, when OpenSSL is used, does 
not ...)
-       TODO: check
+       - mpop <not-affected> (uses GnuTLS and not OpenSSL; bug #557326)
 CVE-2009-3940 (Unspecified vulnerability in Guest Additions in Sun xVM 
VirtualBox ...)
-       - virtualbox-guest-additions
-       TODO: check
+       - virtualbox-guest-additions 3.0.10-1
 CVE-2009-3939 (The poll_mode_io file for the megaraid_sas driver in the Linux 
kernel ...)
        - linux-2.6 <unfixed> (low)
        - linux-2.6.24 <removed> (low)
@@ -297,11 +296,9 @@
 CVE-2009-3893
        RESERVED
 CVE-2009-3891 (Cross-site scripting (XSS) vulnerability in 
wp-admin/press-this.php in ...)
-       - wordpress 2.8.6-1
-       TODO: check
+       - wordpress 2.8.6-1 (low)
 CVE-2009-3890 (Unrestricted file upload vulnerability in the wp_check_filetype 
...)
-       - wordpress 2.8.6-1
-       TODO: check
+       - wordpress 2.8.6-1 (low)
 CVE-2009-3889 (The dbg_lvl file for the megaraid_sas driver in the Linux 
kernel ...)
        - linux-2.6 2.6.27-1 (low)
        - linux-2.6.24 <removed> (low)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r13340 - data/CVE

Reply via email to