Author: derevko-guest
Date: 2009-08-16 12:38:43 +0000 (Sun, 16 Aug 2009)
New Revision: 12605
Modified:
data/CVE/list
Log:
- NFUs
- wordpress password reset got a CVE id
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-08-16 02:30:36 UTC (rev 12604)
+++ data/CVE/list 2009-08-16 12:38:43 UTC (rev 12605)
@@ -2,10 +2,8 @@
RESERVED
CVE-2009-XXXX [logrotate insecure tempfile]
- logrotate 3.7.8-4 (low)
-CVE-2009-2762 (wp-login.php in WordPress 2.8.3 and earlier allows remote
attackers to ...)
- TODO: check
CVE-2008-6973 (Multiple unspecified vulnerabilities in IBM WebSphere Commerce
6.0 ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere
CVE-2008-6961 (mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey
before ...)
TODO: check
CVE-2009-XXXX [XSS in drupal printing module]
@@ -215,13 +213,11 @@
NOT-FOR-US: TaskDriver 1.3
CVE-2008-6918 (Unrestricted file upload vulnerability in admin/galeria.php in
...)
NOT-FOR-US: ThePortal2
-CVE-2009-XXXX [wordpress password reset]
+CVE-2009-2762 (wp-login.php in WordPress 2.8.3 and earlier allows remote
attackers to ...)
- wordpress 2.8.3-2 (unimportant; bug #541102)
[lenny] - wordpress <not-affected> (Vulnerable code not present)
[etch] - wordpress <not-affected> (Vulnerable code not present)
NOTE: not really a security issue in my opinion, just an annoying bug
- NOTE: attacker can gain access to wordpress accounts, which is
undesirable,
- NOTE: but not horribly useful or bad for the rest of the system
CVE-2009-XXXX [libxerces2-java: xml-based firewall bypass / port scanning]
- libxerces2-java <unfixed> (low; bug #540862)
[etch] - libxerces2-java <no-dsa> (minor issue)
@@ -2068,25 +2064,25 @@
CVE-2009-2095 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: Mundi Mail
CVE-2009-2094 (Unspecified vulnerability in IBM WebSphere Commerce 6.0
Enterprise ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere Commerce
CVE-2009-2093 (SQL injection vulnerability in the console in IBM WebSphere
Partner ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere
CVE-2009-2092 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 does
not ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere
CVE-2009-2091 (The System Management/Repository component in IBM WebSphere ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere
CVE-2009-2090 (Unspecified vulnerability in wsadmin in the System ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere
CVE-2009-2089 (The Migration component in IBM WebSphere Application Server
(WAS) 6.1 ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere
CVE-2009-2088 (The Servlet Engine/Web Container component in IBM WebSphere ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere
CVE-2009-2087 (The Web Services functionality in IBM WebSphere Application
Server ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere
CVE-2009-2086
REJECTED
CVE-2009-2085 (The Security component in IBM WebSphere Application Server
(WAS) 6.1 ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere
CVE-2009-2084 (Simple Linux Utility for Resource Management (SLURM) 1.2 and
1.3 ...)
{DSA-1776-1}
- slurm-llnl 1.3.15-1 (bug #524980)
@@ -5879,7 +5875,7 @@
CVE-2009-0907
REJECTED
CVE-2009-0906 (The Service Component Architecture (SCA) feature pack for IBM
...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere
CVE-2009-0905
RESERVED
CVE-2009-0904 (The IBM Stax XMLStreamWriter in the Web Services component in
IBM ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
