diff options
| author | Giuseppe Iuculano <giuseppe@iuculano.it> | 2009-10-21 18:43:24 +0000 |
|---|---|---|
| committer | Giuseppe Iuculano <giuseppe@iuculano.it> | 2009-10-21 18:43:24 +0000 |
| commit | d22af6a500651e6d2158f77f569f3eaf2a2950c2 (patch) | |
| tree | 2081e1c0126f452060a4ac085b76a12c07594fc0 | |
| parent | b254970d1fb005dc6d6c1b6cb76264d126ebe4d8 (diff) | |
NFUs
s/security-tracker.debian.net/security-tracker.debian.org
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@13058 e39458fd-73e7-0310-bf30-c45bca0a0e42
| -rwxr-xr-x | bin/report-vuln | 2 | ||||
| -rw-r--r-- | data/CVE/list | 97 | ||||
| -rw-r--r-- | doc/narrative_introduction | 2 |
3 files changed, 51 insertions, 50 deletions
diff --git a/bin/report-vuln b/bin/report-vuln index c83177480a..5164c88edc 100755 --- a/bin/report-vuln +++ b/bin/report-vuln @@ -19,7 +19,7 @@ def gen_index(ids): ret = '' for cnt, id in enumerate(ids): ret += '\n[' + str(cnt) + '] http://cve.mitre.org/cgi-bin/cvename.cgi?name=' + id + '\n' - ret += ' http://security-tracker.debian.net/tracker/' + id + ret += ' http://security-tracker.debian.org/tracker/' + id return ret diff --git a/data/CVE/list b/data/CVE/list index 6e7acc72c5..0313749944 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -19,37 +19,37 @@ CVE-2009-3721 CVE-2009-3720 RESERVED CVE-2009-3719 (Cross-site scripting (XSS) vulnerability in comment.asp in Battle Blog ...) - TODO: check + NOT-FOR-US: Battle Blog CVE-2009-3718 (SQL injection vulnerability in admin/authenticate.asp in Battle Blog ...) - TODO: check + NOT-FOR-US: Battle Blog CVE-2009-3717 (Heap-based buffer overflow in LucVil PatPlayer 3.9 allows remote ...) - TODO: check + NOT-FOR-US: LucVil PatPlayer CVE-2009-3716 (Unrestricted file upload vulnerability in admin.php in MCshoutbox 1.1 ...) - TODO: check + NOT-FOR-US: MCshoutbox CVE-2009-3715 (Multiple SQL injection vulnerabilities in scr_login.php in MCshoutbox ...) - TODO: check + NOT-FOR-US: MCshoutbox CVE-2009-3714 (Cross-site scripting (XSS) vulnerability in admin_login.php in ...) - TODO: check + NOT-FOR-US: MCshoutbox CVE-2009-3713 (SQL injection vulnerability in fichero.php in MorcegoCMS 1.7.6 and ...) - TODO: check + NOT-FOR-US: MorcegoCMS CVE-2009-3712 (Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote ...) - TODO: check + NOT-FOR-US: Ebay Clone 2009 CVE-2009-3711 (Stack-based buffer overflow in the h_handlepeer function in http.cpp ...) - TODO: check + NOT-FOR-US: httpdx CVE-2009-3710 (RioRey RIOS 4.6.6 and 4.7.0 uses an undocumented, hard-coded username ...) - TODO: check + NOT-FOR-US: RioRey RIOS CVE-2009-3709 (Stack-based buffer overflow in the Meta Content Optimizer in Konae ...) - TODO: check + NOT-FOR-US: Konae Technologies Alleycode HTML Editor CVE-2009-3708 (Stack-based buffer overflow in the Meta Content Optimizer in Konae ...) - TODO: check + NOT-FOR-US: Konae Technologies Alleycode HTML Editor CVE-2009-3707 (VMware Authentication Daemon 1.0 in vmware-authd.exe 6.5.3.8888 in the ...) - TODO: check + NOT-FOR-US: VMware CVE-2009-3706 (Unspecified vulnerability in the ZFS filesystem in Sun Solaris 10, and ...) - TODO: check + NOT-FOR-US: ZFS filesystem in Sun Solaris CVE-2009-3705 (PHP remote file inclusion vulnerability in debugger.php in Achievo ...) - TODO: check + NOT-FOR-US: Achievo CVE-2009-3704 (ZoIPer 2.22, and possibly other versions before 2.24 Library 5324, ...) - TODO: check + NOT-FOR-US: ZoIPer CVE-2009-3703 RESERVED CVE-2009-3702 @@ -611,15 +611,15 @@ CVE-2009-3464 CVE-2009-3463 RESERVED CVE-2009-3462 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-3461 (Unspecified vulnerability in Adobe Acrobat 9.x before 9.2 allows ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-3460 (Adobe Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-3459 (Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before ...) NOT-FOR-US: Adobe Acrobat CVE-2009-3458 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-3457 (Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) ...) NOT-FOR-US: Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) CVE-2009-3456 (Google Chrome, possibly 3.0.195.21 and earlier, does not properly ...) @@ -1008,9 +1008,9 @@ CVE-2009-3284 (Directory traversal vulnerability in phpspot PHP BBS, PHP Image . CVE-2009-3283 (Cross-site scripting (XSS) vulnerability in phpspot PHP BBS, PHP Image ...) NOT-FOR-US: phpspot Products CVE-2009-3282 (Integer overflow in the vmx86 kernel extension in VMware Fusion before ...) - TODO: check + NOT-FOR-US: VMware Fusion CVE-2009-3281 (The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 ...) - TODO: check + NOT-FOR-US: VMware Fusion CVE-2009-3280 (Integer signedness error in the find_ie function in ...) - linux-2.6 2.6.31-1 (medium) - linux-2.6.24 <not-affected> (vulnerable code not present) @@ -2009,7 +2009,7 @@ CVE-2008-7108 (Multiple cross-site scripting (XSS) vulnerabilities in Carmosa ph CVE-2008-7107 (easdrv.sys in ESET Smart Security 3.0.667.0 allows local users to ...) NOT-FOR-US: ESET Smart Security CVE-2009-2999 (The com.android.phone process in Android 1.5 CRBxx allows remote ...) - TODO: check + NOT-FOR-US: Android CVE-2009-XXXX [serveez: buffer overflow in header parser] - serveez <removed> (low) [lenny] - serveez <no-dsa> (Fringe package, mostly unused) @@ -2017,45 +2017,45 @@ CVE-2009-XXXX [serveez: buffer overflow in header parser] [etch] - serveez <no-dsa> (Fringe package, mostly unused) TODO: next point release [etch] - serveez 0.1.5-2+etch1 CVE-2009-2998 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-2997 (Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-2996 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-2995 (Integer overflow in Adobe Acrobat 7.x before 7.1.4, 8.x before 8.1.7, ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-2994 (Buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-2993 (The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-2992 (An unspecified ActiveX control in Adobe Reader and Acrobat 9.x before ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-2991 (Unspecified vulnerability in the Mozilla plug-in in Adobe Reader and ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-2990 (Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-2989 (Integer overflow in Adobe Acrobat 9.x before 9.2, 8.x before 8.1.7, ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-2988 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-2987 (Unspecified vulnerability in an ActiveX control in Adobe Reader and ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-2986 (Multiple heap-based buffer overflows in Adobe Reader and Acrobat 7.x ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-2985 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-2984 (Unspecified vulnerability in the image decoder in Adobe Acrobat 9.x ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-2983 (Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-2982 (An unspecified certificate in Adobe Reader and Acrobat 9.x before 9.2, ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-2981 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-2980 (Integer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-2979 (Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and ...) - TODO: check + NOT-FOR-US: Adobe CVE-2009-2978 (SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and ...) NOT-FOR-US: SugarCRM CVE-2009-2977 (The Cisco Security Monitoring, Analysis and Response System (CS-MARS) ...) @@ -2099,7 +2099,7 @@ CVE-2008-7095 (The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller d CVE-2009-2971 RESERVED CVE-2009-2970 (Stack-based buffer overflow in the GetUiDllVersion function in an ...) - TODO: check + NOT-FOR-US: UiTV UiPlayer CVE-2009-2969 RESERVED CVE-2009-2968 (Directory traversal vulnerability in a support component in the web ...) @@ -2485,6 +2485,7 @@ CVE-2009-3369 (CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are - backuppc 3.1.0-8 (low; bug #542218) [etch] - backuppc <not-affected> (No configuration GUI) [lenny] - backuppc <no-dsa> (Requires access) + TODO: next point release: [lenny] - backuppc 3.1.0-4lenny2 CVE-2009-XXXX [burn: Insecure escaping of file names] - burn 0.4.5-1 (low; bug #542329) [lenny] - burn 0.4.3-2.1+lenny1 @@ -2502,7 +2503,7 @@ CVE-2009-2876 CVE-2009-2875 RESERVED CVE-2009-2874 (The TimesTenD process in Cisco Unified Presence 1.x, 6.x before ...) - TODO: check + NOT-FOR-US: Cisco Unified Presence CVE-2009-2873 (Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco ...) NOT-FOR-US: Cisco IOS CVE-2009-2872 (Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco ...) @@ -3003,9 +3004,9 @@ CVE-2009-2736 (Static code injection vulnerability in admin.php in sun-jester .. CVE-2009-2735 (SQL injection vulnerability in admin.php in sun-jester OpenNews 1.0, ...) NOT-FOR-US: OpenNews CVE-2009-2734 (SQL injection vulnerability in the get_employee function in ...) - TODO: check + NOT-FOR-US: Achievo CVE-2009-2733 (Multiple cross-site scripting (XSS) vulnerabilities in Achievo before ...) - TODO: check + NOT-FOR-US: Achievo CVE-2009-2732 (The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier ...) - ntop 3:3.3-12 (low; bug #543312) [lenny] - ntop <no-dsa> (Minor issue) @@ -45392,7 +45393,7 @@ CVE-2006-6406 (Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to bypass CVE-2006-6405 (BitDefender Mail Protection for SMB 2.0 allows remote attackers to ...) NOT-FOR-US: BitDefender CVE-2006-6404 (Innovation Data Processing FDR allows remote attackers to cause a ...) - TODO: check + NOT-FOR-US: Innovation Data Processing's FDR Backup CVE-2006-6403 (mystats.php in MyStats 1.0.8 and earlier allows remote attackers to ...) NOT-FOR-US: MyStats CVE-2006-6402 (SQL injection vulnerability in mystats.php in MyStats 1.0.8 and ...) diff --git a/doc/narrative_introduction b/doc/narrative_introduction index e7083b3a69..01fb203380 100644 --- a/doc/narrative_introduction +++ b/doc/narrative_introduction @@ -413,7 +413,7 @@ All of this tracking information gets automatically parsed and compared against madison to determine what has been fixed and what is still waiting, this results in this website: -http://security-tracker.debian.net/ +http://security-tracker.debian.org/ It incorporates package lists and parses distribution lists and can thus be used to |