diff options
author | Raphael Geissert <geissert@debian.org> | 2009-11-26 16:03:57 +0000 |
---|---|---|
committer | Raphael Geissert <geissert@debian.org> | 2009-11-26 16:03:57 +0000 |
commit | fd2765ced9f2060c0fe238e81a7b47d06fdc218c (patch) | |
tree | 6a8fdcf98b580f1d7ca3ec32026bc6d1ed619fcb /data | |
parent | 7982aa496c1181ffa90fdafbaa2ac19d54bc0124 (diff) |
cacti CVEified
add missing CVE fixed in recent php5 DSA
CVE-2009-2626 not fixed in etch
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@13384 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list | 13 | ||||
-rw-r--r-- | data/DSA/list | 2 |
2 files changed, 10 insertions, 5 deletions
diff --git a/data/CVE/list b/data/CVE/list index b1ff8735d0..01b92d3a79 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -52,7 +52,13 @@ CVE-2009-4048 (Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote authentic TODO: check CVE-2009-4047 (Multiple cross-site scripting (XSS) vulnerabilities in PHD Help Desk ...) TODO: check -CVE-2009-XXXX [Cacti Multiple Script Insertion Vulnerabilities] +CVE-2009-XXXX [Cacti priviledge scalation] + - cacti <unfixed> (low) + TODO: check + NOTE: 4B0E1566.1070509@moritz-naumann.com in bugtraq + NOTE: low or maybe even unimportant as one requires admin access + NOTE: to cacti +CVE-2009-4032 [Cacti Multiple Script Insertion Vulnerabilities] - cacti <unfixed> TODO: check NOTE: http://docs.cacti.net/#cross-site_scripting_fixes @@ -85,8 +91,6 @@ CVE-2009-4034 RESERVED CVE-2009-4033 RESERVED -CVE-2009-4032 - RESERVED CVE-2009-4031 [linux-2.6/kvm dos] RESERVED - linux-2.6 <unfixed> (low) @@ -4273,10 +4277,11 @@ CVE-2009-XXXX [xscreensaver: local screen lock bypassable via low resolution vid [etch] - xscreensaver <no-dsa> (Minor issue) [lenny] - xscreensaver <no-dsa> (Minor issue) TODO: next point release [lenny] - xscreensaver 5.05-3+lenny1 -CVE-2009-2626 [php5: remote information disclosure] +CVE-2009-2626 [php5: remote memory disclosure] RESERVED {DSA-1940-1} - php5 5.2.11.dfsg.1-1 (low; bug #540605) + [etch] - php5 <no-dsa> (too risky to fix it there) TODO: check php4 NOTE: requires the script itself to set and then restore a config var CVE-2009-XXXX [php5: 'open_basedir' bypass] diff --git a/data/DSA/list b/data/DSA/list index 978f60e4dd..54ffa45f24 100644 --- a/data/DSA/list +++ b/data/DSA/list @@ -2,7 +2,7 @@ {CVE-2009-0755 CVE-2009-3603 CVE-2009-3604 CVE-2009-3605 CVE-2009-3606 CVE-2009-3607 CVE-2009-3608 CVE-2009-3609 CVE-2009-3938} [lenny] - poppler 0.8.7-3 [25 Nov 2009] DSA-1940-1 php5 - multiple issues - {CVE-2009-2626 CVE-2009-2687 CVE-2009-3291 CVE-2009-3292} + {CVE-2009-2626 CVE-2009-2687 CVE-2009-3291 CVE-2009-3292 CVE-2009-4017} [etch] - php5 5.2.0+dfsg-8+etch16 [lenny] - php5 5.2.6.dfsg.1-1+lenny4 [24 Nov 2009] DSA-1939-1 libvorbis - several vulnerabilities |