[Secure-testing-commits] r11571 - data/CVE

Joey Hess joeyh at alioth.debian.org
Mon Apr 6 21:14:20 UTC 2009 

Author: joeyh
Date: 2009-04-06 21:14:20 +0000 (Mon, 06 Apr 2009)
New Revision: 11571

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-04-06 17:28:18 UTC (rev 11570)
+++ data/CVE/list	2009-04-06 21:14:20 UTC (rev 11571)
@@ -1,3 +1,53 @@
+CVE-2009-1241 (Unspecified vulnerability in ClamAV before 0.95 allows remote ...)
+	TODO: check
+CVE-2009-1240 (Unspecified vulnerability in the IBM Proventia engine 4.9.0.0.44 ...)
+	TODO: check
+CVE-2009-1239 (IBM DB2 9.1 before FP7 returns incorrect query results in certain ...)
+	TODO: check
+CVE-2008-6604 (Directory traversal vulnerability in index.php in PicoFlat CMS 0.5.9 ...)
+	TODO: check
+CVE-2008-6603 (MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when ...)
+	TODO: check
+CVE-2008-6602 (Unspecified vulnerability in Download Center Lite before 2.1 has ...)
+	TODO: check
+CVE-2008-6601 (Unspecified vulnerability in Epona 1.5rc3 allows remote attackers to ...)
+	TODO: check
+CVE-2008-6600 (Cross-site scripting (XSS) vulnerability in the search feature in ...)
+	TODO: check
+CVE-2008-6599 (cookiecheck.php in CookieCheck 1.0 stores tmp/cc_sessions under the ...)
+	TODO: check
+CVE-2008-6598 (Multiple race conditions in WANPIPE before 3.3.6 have unknown impact ...)
+	TODO: check
+CVE-2008-6597 (Cross-site scripting (XSS) vulnerability in upload/install/index.php ...)
+	TODO: check
+CVE-2008-6596 (SQL injection vulnerability in admin/index.php in PHCDownload 1.1 ...)
+	TODO: check
+CVE-2008-6595 (SQL injection vulnerability in the pmk_rssnewsexport extension for ...)
+	TODO: check
+CVE-2008-6594 (SQL injection vulnerability in the cm_rdfexport extension for TYPO3 ...)
+	TODO: check
+CVE-2008-6593 (SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy ...)
+	TODO: check
+CVE-2008-6592 (thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy "no database" ...)
+	TODO: check
+CVE-2008-6591 (LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite ...)
+	TODO: check
+CVE-2008-6590 (Multiple directory traversal vulnerabilities in LightNEasy "no ...)
+	TODO: check
+CVE-2008-6589 (Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no ...)
+	TODO: check
+CVE-2008-6588 (Aztech ADSL2/2+ 4-port router has a default "isp" account with a ...)
+	TODO: check
+CVE-2008-6587 (Cross-site request forgery (CSRF) vulnerability in index.tmpl in Vuze ...)
+	TODO: check
+CVE-2008-6586 (Cross-site request forgery (CSRF) vulnerability in gui/index.php in ...)
+	TODO: check
+CVE-2008-6585 (Cross-site request forgery (CSRF) vulnerability in html/admin.php in ...)
+	TODO: check
+CVE-2008-6584 (html/index.php in TorrentFlux 2.3 allows remote authenticated users to ...)
+	TODO: check
+CVE-2008-6583 (Buffer overflow in BS.player 2.27 build 959 allows remote attackers to ...)
+	TODO: check
 CVE-2009-XXXX [xine quicktime atom parser integer overflow]
 	- xine-lib <unfixed> (medium; bug #522811)
 	NOTE: http://trapkit.de/advisories/TKADV2009-005.txt
@@ -2425,6 +2475,7 @@
 CVE-2009-0591 (The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is ...)
 	- openssl <not-affected> (vulnerable versions not uploaded to Debian)
 CVE-2009-0590 (The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows ...)
+	{DSA-1763-1}
 	- openssl 0.9.8g-16 (low; bug #522002)
 CVE-2009-0589
 	REJECTED
@@ -2504,8 +2555,8 @@
 	RESERVED
 CVE-2009-0557
 	RESERVED
-CVE-2009-0556
-	RESERVED
+CVE-2009-0556 (Unspecified vulnerability in Microsoft Office PowerPoint 2000 SP3, ...)
+	TODO: check
 CVE-2009-0555
 	RESERVED
 CVE-2009-0554
@@ -12786,7 +12837,7 @@
 	NOTE: pam_pgsql is not configured as "sufficient" in Debian default configuration
 CVE-2008-2424 (Unspecified vulnerability in the 404 error page for the &quot;Standard ...)
 	- interchange 5.5.1 (low; bug #482636)
-CVE-2008-2423 (Unspecified vulnerability in Interchange before 5.6.0 allows remote ...)
+CVE-2008-2423 (Unspecified vulnerability in Interchange before 5.6.0 and before 5.5.2 ...)
 	- interchange 5.5.1 (low; bug #482636)
 CVE-2008-2420 (The OCSP functionality in stunnel before 4.24 does not properly search ...)
 	- stunnel4 3:4.22-1.1 (low; bug #482644)
@@ -15321,7 +15372,7 @@
 CVE-2008-1332 (Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, ...)
 	{DSA-1525-1}
 	- asterisk 1:1.4.18.1~dfsg-1 (medium)
-CVE-2008-1331 (Unspecified vulnerability in OmniPCX Office with Internet Access ...)
+CVE-2008-1331 (cgi-data/FastJSData.cgi in OmniPCX Office with Internet Access ...)
 	NOT-FOR-US: OmniPCX Office
 CVE-2008-1330 (Unspecified vulnerability in the Windows client API in Novell ...)
 	NOT-FOR-US: Novell Groupwise

More information about the Secure-testing-commits mailing list