Author: nion
Date: 2009-10-13 15:27:38 +0000 (Tue, 13 Oct 2009)
New Revision: 13006
Modified:
data/CVE/list
Log:
- viewvc xss fixed in 1.0.9-1
- vmware-package has been removed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-10-13 10:32:32 UTC (rev 13005)
+++ data/CVE/list 2009-10-13 15:27:38 UTC (rev 13006)
@@ -1310,7 +1310,7 @@
CVE-2008-7183 (PHP remote file inclusion vulnerability in eva/index.php in EVA
CMS ...)
NOT-FOR-US: EVA CMS
CVE-2009-XXXX [viewvc: XSS and illegal characters while printing name-value
pairs]
- - viewvc <unfixed> (low; bug #545779)
+ - viewvc 1.0.9-1 (low; bug #545779)
NOTE: CVE id has been requested, fixed in 1.1.2
CVE-2009-3082 (SQL injection vulnerability in wcategory.php in Snow Hall
Silurus ...)
NOT-FOR-US: Snow Hall Silurus System
@@ -21202,7 +21202,7 @@
CVE-2008-2101 (The VMware Consolidated Backup (VCB) command-line utilities in
VMware ...)
NOT-FOR-US: VMware ESX
CVE-2008-2100 (Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build
93057 on ...)
- - vmware-package <unfixed> (low; bug #485919)
+ - vmware-package <removed> (low; bug #485919)
[etch] - vmware-package <no-dsa> (Contrib not supported)
NOTE: vmware-package just builds vmware from downloaded tarballs, the
package itself
NOTE: does not download them, however it needs to update its hashes for
upstream tarballs
@@ -21210,7 +21210,7 @@
- vmware-package <not-affected> (Windows issue according to CVE)
[etch] - vmware-package <no-dsa> (Contrib not supported)
CVE-2008-2098 (Heap-based buffer overflow in the VMware Host Guest File System
(HGFS) ...)
- - vmware-package <unfixed> (low; bug #484491)
+ - vmware-package <removed> (low; bug #484491)
[etch] - vmware-package <no-dsa> (Contrib not supported)
NOTE: vmware-package just builds vmware from downloaded tarballs, the
package itself
NOTE: does not download them, however it needs to update its hashes for
upstream tarballs
@@ -22872,7 +22872,7 @@
- plone3 <unfixed> (low; bug #473571; bug #486333)
[lenny] - plone3 <no-dsa> (Only an issue if not following best
practices, see bug #473571)
CVE-2008-1392 (The default configuration of VMware Workstation 6.0.2, VMware
Player ...)
- - vmware-package <unfixed> (low; bug #486177)
+ - vmware-package <removed> (low; bug #486177)
[etch] - vmware-package <no-dsa> (Contrib not supported)
NOTE: vmware-package just builds vmware from downloaded tarballs, the
package itself
NOTE: does not download them, however it needs to update its hashes for
upstream tarballs
@@ -22979,7 +22979,7 @@
CVE-2008-1365 (Stack-based buffer overflow in Trend Micro OfficeScan Corporate
...)
NOT-FOR-US: Trend Micro OfficeScan Corporate Edition
CVE-2008-1364 (Unspecified vulnerability in the DHCP service in VMware
Workstation ...)
- - vmware-package <unfixed> (low; bug #486177)
+ - vmware-package <removed> (low; bug #486177)
[etch] - vmware-package <no-dsa> (Contrib not supported)
NOTE: vmware-package just builds vmware from downloaded tarballs, the
package itself
NOTE: does not download them, however it needs to update its hashes for
upstream tarballs
@@ -23029,7 +23029,7 @@
CVE-2008-1341 (SQL injection vulnerability in SearchResults.aspx in LaGarde
...)
NOT-FOR-US: LaGarde StoreFront
CVE-2008-1340 (Virtual Machine Communication Interface (VMCI) in VMware
Workstation ...)
- - vmware-package <unfixed> (low; bug #486177)
+ - vmware-package <removed> (low; bug #486177)
[etch] - vmware-package <no-dsa> (Contrib not supported)
NOTE: vmware-package just builds vmware from downloaded tarballs, the
package itself
NOTE: does not download them, however it needs to update its hashes for
upstream tarballs
@@ -23963,7 +23963,7 @@
CVE-2008-0968
RESERVED
CVE-2008-0967 (Untrusted search path vulnerability in vmware-authd in VMware
...)
- - vmware-package <unfixed> (low; bug #486110)
+ - vmware-package <removed> (low; bug #486110)
[etch] - vmware-package <no-dsa> (Contrib not supported)
NOTE: vmware-package just builds vmware from downloaded tarballs, the
package itself
NOTE: does not download them, however it needs to update its hashes for
upstream tarballs
@@ -29323,7 +29323,7 @@
CVE-2007-5620 (Directory traversal vulnerability in admin/inc/help.php in ...)
NOT-FOR-US: ZZ:FlashChat
CVE-2007-5619 (Unspecified vulnerability in VMware Server before 1.0.4 causes
user ...)
- - vmware-package <unfixed> (low; bug #486177)
+ - vmware-package <removed> (low; bug #486177)
[etch] - vmware-package <no-dsa> (Contrib not supported)
NOTE: vmware-package just builds vmware from downloaded tarballs, the
package itself
NOTE: does not download them, however it needs to update its hashes for
upstream tarballs
@@ -29331,7 +29331,7 @@
- vmware-package <not-affected> (Only vulnerable on windows hosted
systems)
[etch] - vmware-package <no-dsa> (Contrib not supported)
CVE-2007-5617 (Unspecified vulnerability in VMware Player 1.0.x before 1.0.5
and 2.0 ...)
- - vmware-package <unfixed> (low; bug #486177)
+ - vmware-package <removed> (low; bug #486177)
[etch] - vmware-package <no-dsa> (Contrib not supported)
NOTE: vmware-package just builds vmware from downloaded tarballs, the
package itself
NOTE: does not download them, however it needs to update its hashes for
upstream tarballs
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
