Author: derevko-guest
Date: 2010-01-02 15:01:04 +0000 (Sat, 02 Jan 2010)
New Revision: 13697
Modified:
data/CVE/list
data/ospu-candidates.txt
data/spu-candidates.txt
Log:
NFUs and ITPs
two minor network-manager issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-01-02 09:30:05 UTC (rev 13696)
+++ data/CVE/list 2010-01-02 15:01:04 UTC (rev 13697)
@@ -8,35 +8,35 @@
TODO: check stable and oldstable (i.e. gaim)
NOTE:
http://events.ccc.de/congress/2009/Fahrplan/attachments/1483_26c3_ipv4_fuckups.pdf
CVE-2009-4458 (Multiple cross-site scripting (XSS) vulnerabilities in FreePBX
2.5.2 ...)
- TODO: check
+ - freepbx <itp> (bug #464926)
CVE-2009-4457 (Multiple unspecified vulnerabilities in the Vsftpd Webmin
module ...)
- TODO: check
+ - webmin <itp> (bug #377948)
CVE-2009-4456 (SQL injection vulnerability in news_detail.php in Green
Desktiny ...)
- TODO: check
+ NOT-FOR-US: Green Desktiny
CVE-2009-4455 (The default configuration of Cisco ASA 5500 Series Adaptive
Security ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2009-4454 (vccleaner in VideoCache 1.9.2 allows local users with Squid
proxy user ...)
- TODO: check
+ - videocache <itp> (bug #505329)
CVE-2009-4453 (Insecure method vulnerability in SoftCab Sound Converter
ActiveX ...)
- TODO: check
+ NOT-FOR-US: SoftCab Sound Converter ActiveX
CVE-2009-4452 (Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x;
...)
- TODO: check
+ NOT-FOR-US: Kaspersky Anti-Viru
CVE-2009-4451 (Unrestricted file upload vulnerability in upper.php in kandalf
upper ...)
- TODO: check
+ NOT-FOR-US: kandalf upper
CVE-2009-4450 (Multiple cross-site scripting (XSS) vulnerabilities in map.php
in ...)
- TODO: check
+ NOT-FOR-US: LiveZilla
CVE-2009-4449 (Directory traversal vulnerability in MyBB (aka MyBulletinBoard)
...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2009-4448 (inc/functions_time.php in MyBB (aka MyBulletinBoard) 1.4.10,
and ...)
- TODO: check
+ NOT-FOR-US: MyBB
CVE-2009-4447 (Jax Guestbook 3.5.0 allows remote attackers to bypass
authentication ...)
- TODO: check
+ NOT-FOR-US: Jax Guestbook
CVE-2009-4446 (Cross-site scripting (XSS) vulnerability in admin.php in ...)
- TODO: check
+ NOT-FOR-US: phpInstantGallery
CVE-2009-4445 (Microsoft Internet Information Services (IIS), when used in ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2009-4444 (Microsoft Internet Information Services (IIS) 5.x and 6.x uses
only ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2009-4443 (Unspecified vulnerability in the psearch (aka persistent
search) ...)
NOT-FOR-US: Sun Java System Directory Server Enterprise Edition
CVE-2009-4442 (Directory Proxy Server (DPS) in Sun Java System Directory
Server ...)
@@ -88,7 +88,7 @@
CVE-2009-4421 (Directory traversal vulnerability in languages_cgi.php in
Simple PHP ...)
NOT-FOR-US: Simple PHP Blog
CVE-2009-4420 (Buffer overflow in the bd daemon in F5 Networks BIG-IP
Application ...)
- TODO: check
+ NOT-FOR-US: F5 Networks BIG-IP Application Security Manager (ASM) and
Protocol Security Manager (PSM)
CVE-2009-4419 (Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets in
the ...)
NOT-FOR-US: Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets
CVE-2009-4418 (The unserialize function in PHP 5.3.0 and earlier allows ...)
@@ -626,6 +626,10 @@
- xpat2 <unfixed> (unimportant; bug #560087)
CVE-2009-4144 (NetworkManager (NM) 0.7.2 does not ensure that the configured
...)
- network-manager-applet <unfixed> (low; bug #560067)
+ - network-manager 0.6.5-1 (low)
+ [lenny] - network-manager-applet <no-dsa> (minor issue)
+ [etch] - network-manager <no-dsa> (minor issue)
+ NOTE: network-manager in lenny not affected, because it is in
network-manager-applet
CVE-2009-XXXX [unsafe xfs]
- xfs 1:1.0.8-6 (low; bug #521107)
[etch] - xfs <no-dsa> (minor issue)
@@ -929,8 +933,11 @@
CVE-2009-4146 (The _rtld function in the Run-Time Link-Editor (rtld) in ...)
TODO: check
CVE-2009-4145 (nm-connection-editor in NetworkManager (NM) 0.7.x exports
connection ...)
- - network-manager-applet <unfixed>
- TODO: check
+ - network-manager-applet <unfixed> (low; bug #563371)
+ - network-manager 0.6.5-1 (low)
+ [lenny] - network-manager-applet <no-dsa> (minor issue)
+ [etch] - network-manager <no-dsa> (minor issue)
+ NOTE: network-manager in lenny not affected, because it is in
network-manager-applet
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=546117
CVE-2009-4143 (PHP before 5.2.12 does not properly handle session data, which
has ...)
- php5 <unfixed> (low)
Modified: data/ospu-candidates.txt
===================================================================
--- data/ospu-candidates.txt 2010-01-02 09:30:05 UTC (rev 13696)
+++ data/ospu-candidates.txt 2010-01-02 15:01:04 UTC (rev 13697)
@@ -544,6 +544,16 @@
--
+network-manager (CVE-2009-4144)
+#560067
+notified maintainer through initial bugreport
+
+CVE-2009-4145
+#563371
+notified maintainer through initial bugreport
+
+--
+
nfs-utils (CVE-2008-4552)
notified maintainer
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2010-01-02 09:30:05 UTC (rev 13696)
+++ data/spu-candidates.txt 2010-01-02 15:01:04 UTC (rev 13697)
@@ -239,6 +239,16 @@
--
+network-manager-applet (CVE-2009-4144)
+#560067
+notified maintainer through initial bugreport
+
+CVE-2009-4145
+#563371
+notified maintainer through initial bugreport
+
+--
+
ntop (CVE-2009-2732)
#543312
notified maintainer through initial bugreport
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
