Author: nion
Date: 2009-05-05 14:11:37 +0000 (Tue, 05 May 2009)
New Revision: 11791
Modified:
data/CVE/list
Log:
- NFUs
- new libmodplug issue (CVE-2009-1438), also present in gst-plugins-bad0.10 as
it embeds libmodplug
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-05-05 13:14:46 UTC (rev 11790)
+++ data/CVE/list 2009-05-05 14:11:37 UTC (rev 11791)
@@ -4,41 +4,41 @@
[etch] - file <not-affected> (Vulnerable code not present)
NOTE: code introduced in 5.xx series
CVE-2009-1512 (Static code injection vulnerability in X-Forum 0.6.2 allows
remote ...)
- TODO: check
+ NOT-FOR-US: X-Forum
CVE-2009-1511 (GDI+ in Microsoft Windows XP SP3 allows remote attackers to
cause a ...)
- TODO: check
+ NOT-FOR-US: Microsoft Windows
CVE-2009-1510 (Multiple directory traversal vulnerabilities in KoschtIT Image
Gallery ...)
- TODO: check
+ NOT-FOR-US: KoschtIT Image Gallery
CVE-2009-1509 (SQL injection vulnerability in ajaxp_backend.php in MyioSoft
...)
- TODO: check
+ NOT-FOR-US: MyioSoft AjaxPortal
CVE-2009-1508 (SQL injection vulnerability in the xforum_validateUser function
in ...)
- TODO: check
+ NOT-FOR-US: X-Forum
CVE-2009-1507 (The Node Access User Reference module 5.x before 5.x-2.0-beta4
and 6.x ...)
- TODO: check
+ NOT-FOR-US: Node Access User Reference module for Drupal
CVE-2009-1506 (SQL injection vulnerability in classes/Xp.php in eLitius 1.0
allows ...)
- TODO: check
+ NOT-FOR-US: eLitius
CVE-2009-1505 (SQL injection vulnerability in News Page 5.x before 5.x-1.2
module, a ...)
- TODO: check
+ NOT-FOR-US: News Page module for Drupal
CVE-2009-1504 (Absolute Form Processor XE 1.5 allows remote attackers to
bypass ...)
- TODO: check
+ NOT-FOR-US: Absolute Form Processor XE
CVE-2009-1503 (Multiple SQL injection vulnerabilities in login.php in Tiger
Document ...)
- TODO: check
+ NOT-FOR-US: Tiger Document Management System
CVE-2009-1502 (Directory traversal vulnerability in plugin.php in S-Cms 1.1
Stable ...)
- TODO: check
+ NOT-FOR-US: S-Cms
CVE-2009-1501 (Cross-site scripting (XSS) vulnerability in the Exif module
5.x-1.x ...)
- TODO: check
+ NOT-FOR-US: EXIF module for Drupal
CVE-2009-1500 (SQL injection vulnerability in index.php in ProjectCMS 1.0 Beta
allows ...)
- TODO: check
+ NOT-FOR-US: ProjectCMS
CVE-2009-1499 (SQL injection vulnerability in the MailTo (aka com_mailto)
component ...)
- TODO: check
+ NOT-FOR-US: com_mailto component for Joomla!
CVE-2009-1498 (Directory traversal vulnerability in inc/profilemain.php in
Game Maker ...)
- TODO: check
+ NOT-FOR-US: Game Maker 2k Internet Discussion Boards
CVE-2009-1497 (Stack-based buffer overflow in srt2smi.exe in Gretech Online
Movie ...)
- TODO: check
+ NOT-FOR-US: GOM Player
CVE-2009-1496 (Directory traversal vulnerability in the Cmi Marketplace ...)
- TODO: check
+ NOT-FOR-US: com_cmimarketplace component for Joomla!
CVE-2009-1495 (Web File Explorer 3.1 stores sensitive information under the
web root ...)
- TODO: check
+ NOT-FOR-US: Web File Explorer
CVE-2008-6787 (SQL injection vulnerability in administrator/index.php in
Lizardware ...)
TODO: check
CVE-2008-6786 (Multiple directory traversal vulnerabilities in geekigeeki.py
in ...)
@@ -229,7 +229,8 @@
- linux-2.6 <unfixed>
- linux-2.6.24 <removed>
CVE-2009-1438 (Integer overflow in the CSoundFile::ReadMed function ...)
- TODO: check
+ - libmodplug <unfixed> (low; bug #526657; bug #527076)
+ - gst-plugins-bad0.10 <unfixed> (low; bug #527075)
CVE-2009-1437 (Stack-based buffer overflow in PortableApps CoolPlayer Portable
(aka ...)
NOT-FOR-US: CoolPlayer
CVE-2009-1436 (The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
