Author: derevko-guest
Date: 2009-09-23 07:06:01 +0000 (Wed, 23 Sep 2009)
New Revision: 12873
Modified:
data/CVE/list
data/ospu-candidates.txt
data/spu-candidates.txt
Log:
- NFUs
- planet issue no-dsa
- chromium itp
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-09-23 06:31:44 UTC (rev 12872)
+++ data/CVE/list 2009-09-23 07:06:01 UTC (rev 12873)
@@ -1,57 +1,57 @@
CVE-2009-3270 (Microsoft Internet Explorer 7 through 7.0.6000.16711 allows
remote ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer 7
CVE-2009-3269 (Opera 9.52 and earlier allows remote attackers to cause a
denial of ...)
- TODO: check
+ NOT-FOR-US: Opera
CVE-2009-3268 (Google Chrome 1.0.154.48 and earlier allows remote attackers to
cause ...)
- TODO: check
+ - chromium-browser <itp> (bug #520324)
CVE-2009-3267 (Microsoft Internet Explorer 6 through 6.0.2900.2180, and ...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-3266 (Unspecified vulnerability in Opera 9 and 10 allows remote
attackers to ...)
- TODO: check
+ NOT-FOR-US: Opera
CVE-2009-3265 (Cross-site scripting (XSS) vulnerability in Opera 9 and 10
allows ...)
- TODO: check
+ NOT-FOR-US: Opera
CVE-2009-3264 (The getSVGDocument method in Google Chrome before 3.0.195.21
omits an ...)
- TODO: check
+ - chromium-browser <itp> (bug #520324)
CVE-2009-3263 (Cross-site scripting (XSS) vulnerability in Google Chrome 2.x
and 3.x ...)
- TODO: check
+ - chromium-browser <itp> (bug #520324)
CVE-2009-3262 (Cross-site scripting (XSS) vulnerability in the Self Service UI
(SSUI) ...)
- TODO: check
+ NOT-FOR-US: IBM Tivoli Identity Manager
CVE-2009-3261 (update/update_0.1.2_to_0.2.php in LiveStreet 0.2 does not
require ...)
- TODO: check
+ NOT-FOR-US: LiveStreet
CVE-2009-3260 (Cross-site scripting (XSS) vulnerability in LiveStreet 0.2
allows ...)
- TODO: check
+ NOT-FOR-US: LiveStreet
CVE-2009-3259 (Multiple SQL injection vulnerabilities in RASH Quote Management
System ...)
- TODO: check
+ NOT-FOR-US: RASH Quote Management System (RQMS)
CVE-2009-3258 (vtiger CRM before 5.1.0 allows remote authenticated users, with
...)
- TODO: check
+ NOT-FOR-US: vtiger CRM
CVE-2009-3257 (vtiger CRM before 5.1.0 allows remote authenticated users to
bypass ...)
- TODO: check
+ NOT-FOR-US: vtiger CRM
CVE-2009-3256 (Cross-site scripting (XSS) vulnerability in
include/ajax/blogInfo.php ...)
- TODO: check
+ NOT-FOR-US: LiveStreet
CVE-2009-3255 (SQL injection vulnerability in RASH Quote Management System
(RQMS) ...)
- TODO: check
+ NOT-FOR-US: RASH Quote Management System (RQMS)
CVE-2009-3254 (Multiple stack-based buffer overflows in Ultimate Player 1.56
beta ...)
- TODO: check
+ NOT-FOR-US: Ultimate Player
CVE-2009-3253 (Stack-based buffer overflow in TriceraSoft Swift Ultralite
1.032 ...)
- TODO: check
+ NOT-FOR-US: TriceraSoft Swift Ultralite
CVE-2009-3252 (Multiple SQL injection vulnerabilities in news.php in Rock Band
CMS ...)
- TODO: check
+ NOT-FOR-US: Rock Band CMS
CVE-2009-3251 (include/utils/ListViewUtils.php in vtiger CRM before 5.1.0
allows ...)
- TODO: check
+ NOT-FOR-US: vtiger CRM
CVE-2009-3250 (The saveForwardAttachments procedure in the Compose Mail
functionality ...)
- TODO: check
+ NOT-FOR-US: vtiger CRM
CVE-2009-3249 (Multiple directory traversal vulnerabilities in vtiger CRM
5.0.4 allow ...)
- TODO: check
+ NOT-FOR-US: vtiger CRM
CVE-2009-3248 (Cross-site request forgery (CSRF) vulnerability in the RSS
module in ...)
- TODO: check
+ NOT-FOR-US: vtiger CRM
CVE-2009-3247 (Cross-site scripting (XSS) vulnerability in the Activities
module in ...)
- TODO: check
+ NOT-FOR-US: vtiger CRM
CVE-2009-3246 (SQL injection vulnerability in spnews.php in MyBuxScript
PTC-BUX ...)
- TODO: check
+ NOT-FOR-US: MyBuxScript PTC-BUX
CVE-2008-7246 (Google Chrome 0.2.149.29 and earlier allows remote attackers to
cause ...)
- TODO: check
+ - chromium-browser <itp> (bug #520324)
CVE-2008-7245 (Opera 9.52 and earlier allows remote attackers to cause a
denial of ...)
- TODO: check
+ NOT-FOR-US: Opera
CVE-2008-7244 (Mozilla Firefox 3.0.1 and earlier allows remote attackers to
cause a ...)
TODO: check
CVE-2009-3245
@@ -1181,7 +1181,13 @@
CVE-2009-2938
RESERVED
CVE-2009-2937 (Cross-site scripting (XSS) vulnerability in Planet 2.0 and
Planet ...)
- TODO: check
+ - planet <removed> (low; bug #546178)
+ [lenny] - planet <no-dsa> (Minor issue)
+ [etch] - planet <no-dsa> (Minor issue)
+ - planet-venus <unfixed> (low; bug #546179)
+ [lenny] - planet-venus <no-dsa> (Minor issue)
+ [etch] - planet-venus <no-dsa> (Minor issue)
+
CVE-2009-2936
RESERVED
CVE-2009-2935 (Google V8, as used in Google Chrome before 2.0.172.43, allows
remote ...)
@@ -1822,7 +1828,7 @@
CVE-2009-2742
RESERVED
CVE-2009-2741 (Unspecified vulnerability in the wberuntimeear application in
the test ...)
- TODO: check
+ NOT-FOR-US: IBM WebSphere Business Events
CVE-2009-2740 (kmxIds.sys before 7.3.1.18 in CA Host-Based Intrusion
Prevention ...)
NOT-FOR-US: CA Host-Based Intrusion Prevention System (HIPS)
CVE-2009-2739 (Cross-site scripting (XSS) vulnerability in FreeNAS before
0.69.2 ...)
Modified: data/ospu-candidates.txt
===================================================================
--- data/ospu-candidates.txt 2009-09-23 06:31:44 UTC (rev 12872)
+++ data/ospu-candidates.txt 2009-09-23 07:06:01 UTC (rev 12873)
@@ -551,6 +551,11 @@
--
+planet (CVE-2009-2937)
+bug #546178
+
+--
+
pptp-linux (no CVE)
#523476
Ola will prepare a fix in a point update
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2009-09-23 06:31:44 UTC (rev 12872)
+++ data/spu-candidates.txt 2009-09-23 07:06:01 UTC (rev 12873)
@@ -267,6 +267,17 @@
--
+planet (CVE-2009-2937)
+bug #546178
+notified maintainer through initial bugreport
+
+--
+
+planet-venus (CVE-2009-2937)
+bug #546179
+
+--
+
webkit (CVE-2008-4724)
#520052
asked maintainer
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
