Author: jmm-guest
Date: 2010-02-07 18:03:23 +0000 (Sun, 07 Feb 2010)
New Revision: 14051
Modified:
data/CVE/list
Log:
Revert commit: The flash plugin is _not_ shipped by Debian.
Having it installed through the installer script is in
no way covered by security support
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-02-07 06:37:10 UTC (rev 14050)
+++ data/CVE/list 2010-02-07 18:03:23 UTC (rev 14051)
@@ -462,7 +462,7 @@
CVE-2010-0379 (Multiple unspecified vuilnerabilities in the Macromedia Flash
ActiveX ...)
NOT-FOR-US: Macromedia Flash ActiveX
CVE-2010-0378 (Use-after-free vulnerability in Adobe Flash Player 6.0.79, as
...)
- - flashplugin-nonfree <undetermined>
+ NOT-FOR-US: Adobe Flash
CVE-2010-0377 (SQL injection vulnerability in modules/arcade/index.php in PHP
MySpace ...)
NOT-FOR-US: PHP MySpace Gold Edition
CVE-2010-0376 (Cross-site scripting (XSS) vulnerability in product_list.php in
...)
@@ -3463,19 +3463,19 @@
NOTE: but the "fixes" linked from the advisory only change code in
kdelibs
NOTE: more info at oss-sec threads
CVE-2009-3800 (Multiple unspecified vulnerabilities in Adobe Flash Player
before ...)
- - flashplugin-nonfree <undetermined>
+ NOT-FOR-US: Adobe Flash
CVE-2009-3799 (Integer overflow in the Verifier::parseExceptionHandlers
function in ...)
- - flashplugin-nonfree <undetermined>
+ NOT-FOR-US: Adobe Flash
CVE-2009-3798 (Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3
might ...)
- - flashplugin-nonfree <undetermined>
+ NOT-FOR-US: Adobe Flash
CVE-2009-3797 (Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before
1.5.3 ...)
- - flashplugin-nonfree <undetermined>
+ NOT-FOR-US: Adobe Flash
CVE-2009-3796 (Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3
might ...)
- - flashplugin-nonfree <undetermined>
+ NOT-FOR-US: Adobe Flash
CVE-2009-3795
RESERVED
CVE-2009-3794 (Heap-based buffer overflow in Adobe Flash Player before
10.0.42.34 and ...)
- - flashplugin-nonfree <undetermined>
+ NOT-FOR-US: Adobe Flash
CVE-2009-3793
RESERVED
CVE-2009-3792 (Directory traversal vulnerability in Adobe Flash Media Server
(FMS) ...)
@@ -9697,23 +9697,23 @@
CVE-2009-1871
RESERVED
CVE-2009-1870 (Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18,
and ...)
- - flashplugin-nonfree <undetermined>
+ NOT-FOR-US: Adobe Flash
CVE-2009-1869 (Integer overflow in the ActionScript Virtual Machine 2 (AVM2)
abcFile ...)
- - flashplugin-nonfree <undetermined>
+ NOT-FOR-US: Adobe Flash
CVE-2009-1868 (Heap-based buffer overflow in Adobe Flash Player before
9.0.246.0 and ...)
- - flashplugin-nonfree <undetermined>
+ NOT-FOR-US: Adobe Flash
CVE-2009-1867 (Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18,
and ...)
- - flashplugin-nonfree <undetermined>
+ NOT-FOR-US: Adobe Flash
CVE-2009-1866 (Stack-based buffer overflow in Adobe Flash Player before
9.0.246.0 and ...)
- - flashplugin-nonfree <undetermined>
+ NOT-FOR-US: Adobe Flash
CVE-2009-1865 (Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18,
and ...)
- - flashplugin-nonfree <undetermined>
+ NOT-FOR-US: Adobe Flash
CVE-2009-1864 (Heap-based buffer overflow in Adobe Flash Player before
9.0.246.0 and ...)
- - flashplugin-nonfree <undetermined>
+ NOT-FOR-US: Adobe Flash
CVE-2009-1863 (Unspecified vulnerability in Adobe Flash Player before
9.0.246.0 and ...)
- - flashplugin-nonfree <undetermined>
+ NOT-FOR-US: Adobe Flash
CVE-2009-1862 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x
through ...)
- - flashplugin-nonfree <undetermined>
+ NOT-FOR-US: Adobe Flash
CVE-2009-1861 (Multiple heap-based buffer overflows in Adobe Reader 7 and
Acrobat 7 ...)
NOT-FOR-US: Adobe Reader
CVE-2009-1860 (Unspecified vulnerability in Adobe Shockwave Player before
11.5.0.600 ...)
@@ -14762,13 +14762,13 @@
CVE-2009-0523 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp
Server 6 ...)
NOT-FOR-US: Adobe RoboHelp
CVE-2009-0522 (Adobe Flash Player 9.x before 9.0.159.0 and 10.x before
10.0.22.87 on ...)
- - flashplugin-nonfree <undetermined>
+ NOT-FOR-US: Adobe Flash
CVE-2009-0521 (Untrusted search path vulnerability in Adobe Flash Player 9.x
before ...)
- - flashplugin-nonfree <undetermined>
+ NOT-FOR-US: Adobe Flash
CVE-2009-0520 (Adobe Flash Player 9.x before 9.0.159.0 and 10.x before
10.0.22.87 ...)
- - flashplugin-nonfree <undetermined>
+ NOT-FOR-US: Adobe Flash
CVE-2009-0519 (Unspecified vulnerability in Adobe Flash Player 9.x before
9.0.159.0 ...)
- - flashplugin-nonfree <undetermined>
+ NOT-FOR-US: Adobe Flash
CVE-2009-0518 (VI Client in VMware VirtualCenter before 2.5 Update 4, VMware
ESXi 3.5 ...)
NOT-FOR-US: VMware
CVE-2009-0517 (Eval injection vulnerability in index.php in phpSlash 0.8.1.1
and ...)
@@ -17459,7 +17459,7 @@
- iceape 1.1.14-1
- xulrunner 1.9.0.5-1
CVE-2008-5499 (Unspecified vulnerability in Adobe Flash Player for Linux
10.0.12.36, ...)
- - flashplugin-nonfree <undetermined>
+ NOT-FOR-US: Adobe Flash
CVE-2008-5498 (Array index error in the imageRotate function in PHP 5.2.8 and
earlier ...)
- php5 <not-affected> (php5 links to the shared lib)
- libgd2 <not-affected> (code is specific to php's libgd)
@@ -17772,11 +17772,11 @@
CVE-2008-5364 (Stack-based buffer overflow in the getPlus ActiveX control in
gp.ocx ...)
NOT-FOR-US: getPlus
CVE-2008-5363 (The ActionScript 2 virtual machine in Adobe Flash Player 10.x
before ...)
- - flashplugin-nonfree <undetermined>
+ NOT-FOR-US: Adobe Flash
CVE-2008-5362 (The DefineConstantPool action in the ActionScript 2 virtual
machine in ...)
- - flashplugin-nonfree <undetermined>
+ NOT-FOR-US: Adobe Flash
CVE-2008-5361 (The ActionScript 2 virtual machine in Adobe Flash Player 10.x
before ...)
- - flashplugin-nonfree <undetermined>
+ NOT-FOR-US: Adobe Flash
CVE-2008-5617 (The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1
does ...)
- rsyslog 3.18.6-1 (bug #508027)
CVE-2008-5624 (PHP 5 before 5.2.7 does not properly initialize the page_uid
and ...)
@@ -19156,17 +19156,17 @@
CVE-2008-4824 (Multiple unspecified vulnerabilities in Adobe Flash Player 10.x
before ...)
NOT-FOR-US: Adobe Flash Player
CVE-2008-4823 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player
...)
- - flashplugin-nonfree <undetermined>
+ NOT-FOR-US: Adobe Flash
CVE-2008-4822 (Adobe Flash Player 9.0.124.0 and earlier does not properly
interpret ...)
- - flashplugin-nonfree <undetermined>
+ NOT-FOR-US: Adobe Flash
CVE-2008-4821 (Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla
browser is ...)
- - flashplugin-nonfree <undetermined>
+ NOT-FOR-US: Adobe Flash
CVE-2008-4820 (Unspecified vulnerability in the Flash Player ActiveX control
in Adobe ...)
- - flashplugin-nonfree <undetermined>
+ NOT-FOR-US: Adobe Flash
CVE-2008-4819 (Unspecified vulnerability in Adobe Flash Player 9.0.124.0 and
earlier ...)
- - flashplugin-nonfree <undetermined>
+ NOT-FOR-US: Adobe Flash
CVE-2008-4818 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player
...)
- - flashplugin-nonfree <undetermined>
+ NOT-FOR-US: Adobe Flash
CVE-2008-4817 (The Download Manager in Adobe Acrobat Professional and Reader
8.1.2 ...)
NOT-FOR-US: Adobe Acrobat
CVE-2008-4816 (Unspecified vulnerability in the Download Manager in Adobe
Reader ...)
@@ -19826,7 +19826,7 @@
CVE-2008-4547 (Heap-based buffer overflow in the PdvrAtl.PdvrOcx.1 ActiveX
control ...)
NOT-FOR-US: DVRHOST Web CMS
CVE-2008-4546 (Adobe Flash Player 9.0.45.0, 9.0.112.0, 9.0.124.0, and
10.0.12.10 ...)
- - flashplugin-nonfree <undetermined>
+ NOT-FOR-US: Adobe Flash
CVE-2008-4558 (Array index error in VLC media player 0.9.2 allows remote
attackers to ...)
- vlc 0.9.3-1 (medium; bug #502314)
[etch] - vlc <not-affected> (introduced in 0.9.0)
@@ -19923,7 +19923,7 @@
CVE-2008-4504 (Heap-based buffer overflow in Mplayer.exe in Herosoft Inc. Hero
DVD ...)
NOT-FOR-US: Herosoft Inc. Hero DVD Player
CVE-2008-4503 (The Settings Manager in Adobe Flash Player 9.0.124.0 and
earlier ...)
- - flashplugin-nonfree <undetermined>
+ NOT-FOR-US: Adobe Flash
CVE-2008-4482 (The XML parser in Xerces-C++ before 3.0.0 allows
context-dependent ...)
- xerces-c2 <unfixed> (unimportant; bug #502102)
NOTE: Hardly a security issue, anyone who's concerned about this should
use Xerces 3
@@ -20135,9 +20135,7 @@
- ibackup <removed> (low; bug #496432)
[etch] - ibackup <no-dsa> (Minor issues)
CVE-2008-4401 (ActionScript in Adobe Flash Player 9.0.124.0 and earlier does
not ...)
- - flashplugin-nonfree 1.7.2
- [etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
- [lenny] - flashplugin-nonfree <no-dsa> (Contrib not supported)
+ NOT-FOR-US: Adobe Flash
CVE-2008-4400 (Unspecified vulnerability in asdbapi.dll in CA ARCserve Backup
...)
NOT-FOR-US: CA ARCserve Backup
CVE-2008-4399 (Unspecified vulnerability in the database engine service in ...)
@@ -21466,11 +21464,9 @@
CVE-2008-3874 (Cross-site scripting (XSS) vulnerability in account.php in
Lussumo ...)
NOT-FOR-US: Lussumo Vanilla
CVE-2008-3873 (The System.setClipboard method in ActionScript in Adobe Flash
Player ...)
- - flashplugin-nonfree <undetermined>
+ NOT-FOR-US: Adobe Flash
CVE-2008-3872 (Adobe Flash Player 8.0.39.0 and earlier, and 9.x up to
9.0.115.0, ...)
- - flashplugin-nonfree 1:1.4
- [etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
- NOTE: automatically downloads latest update from adobe which is
9.0.124.0 currently
+ NOT-FOR-US: Adobe Flash
CVE-2008-3871 (Multiple format string vulnerabilities in UltraISO 9.3.1.2633,
and ...)
NOT-FOR-US: UltraISO
CVE-2008-3870 (Integer overflow in sadmind in Sun Solaris 8 and 9 allows
remote ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
