Author: derevko-guest
Date: 2009-05-15 08:17:12 +0000 (Fri, 15 May 2009)
New Revision: 11898
Modified:
data/CVE/list
data/DSA/list
Log:
NFUs
CVE-2009-0195 already covered by DSA-1790-1
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-05-14 21:14:11 UTC (rev 11897)
+++ data/CVE/list 2009-05-15 08:17:12 UTC (rev 11898)
@@ -3,33 +3,33 @@
CVE-2009-1628
RESERVED
CVE-2009-1627 (Stack-based buffer overflow in Streaming Download Project (SDP)
...)
- TODO: check
+ NOT-FOR-US: Streaming Download Project (SDP)
CVE-2009-1626 (SQL injection vulnerability in public/specific.php in EZ-Blog
before ...)
- TODO: check
+ NOT-FOR-US: EZ-Blog
CVE-2009-1625 (Directory traversal vulnerability in index.php in Thickbox
Gallery 2 ...)
- TODO: check
+ NOT-FOR-US: Thickbox Gallery 2
CVE-2009-1624 (Directory traversal vulnerability in index.php in
Dew-NewPHPLinks 2.0 ...)
- TODO: check
+ NOT-FOR-US: Dew-NewPHPLinks 2.0
CVE-2009-1623 (Cross-site scripting (XSS) vulnerability in index.php in ...)
- TODO: check
+ NOT-FOR-US: Dew-NewPHPLinks 2.0
CVE-2009-1622 (SQL injection vulnerability in user.php in EcShop 2.5.0 allows
remote ...)
- TODO: check
+ NOT-FOR-US: EcShop 2.5.0
CVE-2009-1621 (Directory traversal vulnerability in index.php in OpenCart
1.1.8 ...)
- TODO: check
+ NOT-FOR-US: OpenCart
CVE-2009-1620 (Multiple cross-site scripting (XSS) vulnerabilities in
input.php in ...)
- TODO: check
+ NOT-FOR-US: MataChat
CVE-2009-1619 (Teraway FileStream 1.0 allows remote attackers to bypass ...)
- TODO: check
+ NOT-FOR-US: Teraway FileStream
CVE-2009-1618 (Teraway LiveHelp 2.0 allows remote attackers to bypass
authentication ...)
- TODO: check
+ NOT-FOR-US: Teraway LiveHelp
CVE-2009-1617 (Teraway LinkTracker 1.0 allows remote attackers to bypass ...)
- TODO: check
+ NOT-FOR-US: Teraway LinkTracker
CVE-2008-6808 (SQL injection vulnerability in links.php in Scripts for Sites
(SFS) EZ ...)
- TODO: check
+ NOT-FOR-US: SFS Link Directory
CVE-2008-6807 (PHP remote file inclusion vulnerability in ListRecords.php in
osprey ...)
- TODO: check
+ NOT-FOR-US: osprey
CVE-2008-6806 (Unrestricted file upload vulnerability in
includes/imageupload.php in ...)
- TODO: check
+ NOT-FOR-US: 7Shop
CVE-2009-1616 (Cross-site scripting (XSS) vulnerability in docs/showdoc.php in
...)
NOT-FOR-US: Coppermine Photo Gallery
CVE-2009-1615 (Unrestricted file upload vulnerability in Leap CMS 0.1.4 allows
remote ...)
@@ -1766,7 +1766,7 @@
CVE-2009-1138
RESERVED
CVE-2009-1137 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3
allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2009-1136
RESERVED
CVE-2009-1135
@@ -1778,13 +1778,13 @@
CVE-2009-1132
RESERVED
CVE-2009-1131 (Multiple stack-based buffer overflows in Microsoft Office
PowerPoint ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2009-1130 (Heap-based buffer overflow in Microsoft Office PowerPoint 2002
SP3 and ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2009-1129 (Multiple stack-based buffer overflows in the PowerPoint 95
importer ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2009-1128 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3
allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2009-1127
RESERVED
CVE-2009-1126
@@ -5324,21 +5324,21 @@
CVE-2009-0228
RESERVED
CVE-2009-0227 (Stack-based buffer overflow in the PowerPoint 4.2 conversion
filter ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2009-0226 (Stack-based buffer overflow in the PowerPoint 4.2 conversion
filter in ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2009-0225 (Microsoft Office PowerPoint 2002 SP3 allows remote attackers to
...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2009-0224 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and
2007 SP1 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2009-0223 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3
allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2009-0222 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3
allows ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2009-0221 (Integer overflow in Microsoft Office PowerPoint 2002 SP3 and
2003 SP3 ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2009-0220 (Multiple stack-based buffer overflows in the PowerPoint 4.0
importer ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2009-0219 (The PDF distiller in the Attachment Service in Research in
Motion ...)
NOT-FOR-US: BlackBerry
CVE-2009-0218 (Insecure method vulnerability in Particle Software IntraLaunch
...)
@@ -5389,7 +5389,8 @@
{DTSA-198-1}
- ghostscript 8.64~dfsg-1.1 (medium; bug #524803)
CVE-2009-0195 (Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS
1.3.9, ...)
- TODO: check
+ - xpdf <unfixed> (medium; bug #524809)
+ TODO: check poppler cups kdegraphics swftools
CVE-2009-0194 (The domain-locking implementation in the ...)
NOT-FOR-US: Garmin Communicator Plug-In
CVE-2009-0193 (Heap-based buffer overflow in Adobe Acrobat Reader 9 before
9.1, 8 ...)
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2009-05-14 21:14:11 UTC (rev 11897)
+++ data/DSA/list 2009-05-15 08:17:12 UTC (rev 11898)
@@ -32,7 +32,7 @@
{CVE-2009-1482}
[lenny] - moin 1.7.1-3+lenny2
[05 May 2009] DSA-1790-1 xpdf - multiple vulnerabilities
- {CVE-2009-0146 CVE-2009-0147 CVE-2009-0165 CVE-2009-0166 CVE-2009-0799
CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182
CVE-2009-1183}
+ {CVE-2009-0146 CVE-2009-0147 CVE-2009-0165 CVE-2009-0166 CVE-2009-0799
CVE-2009-0800 CVE-2009-1179 CVE-2009-1180 CVE-2009-1181 CVE-2009-1182
CVE-2009-1183 CVE-2009-0195}
[etch] - xpdf 3.01-9.1+etch6
[lenny] - xpdf 3.02-1.4+lenny1
[04 May 2009] DSA-1789-1 php5 - several vulnerabilities
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
