[Secure-testing-commits] r14426 - data/CVE

Raphael Geissert Wed, 07 Apr 2010 10:51:25 -0700

Author: geissert
Date: 2010-04-07 17:51:15 +0000 (Wed, 07 Apr 2010)
New Revision: 14426


Modified:
   data/CVE/list
Log:
embedded copies TODOs; there are probably more


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2010-04-07 17:43:57 UTC (rev 14425)
+++ data/CVE/list       2010-04-07 17:51:15 UTC (rev 14426)
@@ -3128,6 +3128,7 @@
 CVE-2010-0205 (The png_decompress_chunk function in pngrutil.c in libpng 1.0.x 
before ...)
        - libpng 1.2.43-1 (low; bug #572308)
        [lenny] - libpng <no-dsa> (Minor issue)
+       TODO: check freeimage, tuxonice-userui
        NOTE: http://www.kb.cert.org/vuls/id/576029
 CVE-2010-0204
        RESERVED
@@ -3619,10 +3620,8 @@
        {DSA-1997-1}
        - mysql-dfsg-5.0 <removed> (medium)
        - mysql-dfsg-5.1 5.1.41-4 (medium)
-       TODO: check yassl and other packages embedding it
        NOTE: 
http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html
        NOTE: 
http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1
-       NOTE: maintainer working on updates
 CVE-2009-4483 (Unspecified vulnerability in LDAP3A.exe in MailSite 8.0.4 
allows ...)
        NOT-FOR-US: MailSite
 CVE-2009-4482 (Buffer overflow in MediaServer.exe in TVersity 1.6 allows 
remote ...)
@@ -10644,6 +10643,7 @@
 CVE-2009-2347 (Multiple integer overflows in inter-color spaces conversion 
tools in ...)
        {DSA-1835-1}
        - tiff 3.8.2-13
+       TODO: check freeimage
 CVE-2009-2346 (The IAX2 protocol implementation in Asterisk Open Source 1.2.x 
before ...)
        - asterisk 1:1.6.2.0~dfsg~beta3-1 (bug #539473)
        [etch] - asterisk <end-of-life> (Etch Packages no longer covered by 
security support)
@@ -10831,6 +10831,7 @@
 CVE-2009-2285 (Buffer underflow in the LZWDecodeCompat function in libtiff 
3.8.2 ...)
        {DSA-1835-1}
        - tiff 3.8.2-12 (low; bug #534137)
+       TODO: check freeimage
        NOTE: this doesn't allow code execution, only a crash.
 CVE-2009-2283 (Multiple cross-site scripting (XSS) vulnerabilities in the help 
jsp ...)
        NOT-FOR-US: Sun Java Web Console in Solaris 
@@ -11491,6 +11492,7 @@
        [etch] - libpng <no-dsa> (Minor issue, only exploitable in rare setups)
        [lenny] - libpng <no-dsa> (Minor issue, only exploitable in rare setups)
        - xulrunner <not-affected> (xulrunner dynamically linked against 
libpng; embeded code copy not used)
+       TODO: check freeimage, tuxonice-userui
 CVE-2009-2041 (Cross-site scripting (XSS) vulnerability in A51 D.O.O. 
activeCollab ...)
        NOT-FOR-US: activeCollab
 CVE-2009-2040 (admin/options.php in Grestul 1.2 does not properly restrict 
access, ...)
@@ -12326,12 +12328,15 @@
 CVE-2009-1722 (Heap-based buffer overflow in the compression implementation in 
...)
        {DSA-1842-1}
        - openexr 1.6.1-1 (medium; bug #540424)
+       TODO: check freeimage
 CVE-2009-1721 (The decompression implementation in the Imf::hufUncompress 
function in ...)
        {DSA-1842-1}
        - openexr 1.6.1-4.1 (medium; bug #540424)
+       TODO: check freeimage
 CVE-2009-1720 (Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow ...)
        {DSA-1842-1}
        - openexr 1.6.1-4.1 (medium; bug #540424)
+       TODO: check freeimage
 CVE-2009-1719 (The Aqua Look and Feel for Java implementation in Java 1.5 on 
Mac OS X ...)
        NOT-FOR-US: Aqua Look and Feel for Java implementation in Java 1.5 on 
Mac OS X
 CVE-2009-1718 (WebKit in Apple Safari before 4.0 allows user-assisted remote 
...)
@@ -16555,6 +16560,7 @@
 CVE-2008-6218 (Memory leak in the png_handle_tEXt function in pngrutil.c in 
libpng ...)
        {DSA-1750-1}
        - libpng 1.2.33-1
+       TODO: check freeimage, tuxonice-userui
 CVE-2008-6217 (Cross-site scripting (XSS) vulnerability in index.php in 
Extrakt ...)
        NOT-FOR-US: Extrakt Framework
 CVE-2008-6216 (SQL injection vulnerability in cadena_ofertas_ext.php in 
Venalsur ...)
@@ -18571,6 +18577,7 @@
 CVE-2008-5907 (The png_check_keyword function in pngwutil.c in libpng before 
1.0.42, ...)
        {DSA-1750-1}
        - libpng 1.2.35-1 (bug #512665)
+       TODO: check freeimage, tuxonice-userui
        NOTE: Only an issues when using libpng to create out-of-spec images
 CVE-2008-5906 (Eval injection vulnerability in the web interface plugin in 
KTorrent ...)
        - ktorrent2.2 2.2.8.dfsg.1-1 (bug #504178)
@@ -19462,6 +19469,7 @@
        - icedove 2.0.0.22-1 (bug #535124)
        [squeeze] - icedove 2.0.0.22-0lenny1
        - libpng 1.2.35-1 (bug #516256)
+       TODO: check freeimage, tuxonice-userui
 CVE-2009-0039 (Multiple cross-site request forgery (CSRF) vulnerabilities in 
the web ...)
        - geronimo <itp> (bug #481869)
 CVE-2009-0038 (Multiple cross-site scripting (XSS) vulnerabilities in the web 
...)
@@ -27605,6 +27613,7 @@
 CVE-2008-2327 (Multiple buffer underflows in the (1) LZWDecode, (2) 
LZWDecodeCompat, ...)
        {DSA-1632-1 DTSA-160-1}
        - tiff 3.8.2-11 (medium)
+       TODO: check freeimage
 CVE-2008-2326 (mDNSResponder in the Bonjour Namespace Provider in Apple 
Bonjour for ...)
        NOT-FOR-US: Apple Bonjour for Windows
 CVE-2008-2325 (QuickLook in Apple Mac OS X 10.4.11 and 10.5.4 allows remote 
attackers ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r14426 - data/CVE

Reply via email to