[Secure-testing-commits] r11605 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Fri Apr 10 21:14:15 UTC 2009
Author: joeyh
Date: 2009-04-10 21:14:15 +0000 (Fri, 10 Apr 2009)
New Revision: 11605
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-04-10 14:45:24 UTC (rev 11604)
+++ data/CVE/list 2009-04-10 21:14:15 UTC (rev 11605)
@@ -1,3 +1,29 @@
+CVE-2009-1284 (Buffer overflow in BibTeX 0.99 allows context-dependent attackers to ...)
+ TODO: check
+CVE-2009-1283 (glFusion before 1.1.3 performs authentication with a user-provided ...)
+ TODO: check
+CVE-2009-1282 (SQL injection vulnerability in private/system/lib-session.php in ...)
+ TODO: check
+CVE-2009-1281 (Cross-site scripting (XSS) vulnerability in glFusion before 1.1.3 ...)
+ TODO: check
+CVE-2009-1280 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
+ TODO: check
+CVE-2009-1279 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 ...)
+ TODO: check
+CVE-2009-1278 (Static code injection vulnerability in forms/ajax/configure.php in ...)
+ TODO: check
+CVE-2009-1277 (SQL injection vulnerability in index.php in Gravity Board X (GBX) 2.0 ...)
+ TODO: check
+CVE-2009-1276 (XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and ...)
+ TODO: check
+CVE-2009-1275 (Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other ...)
+ TODO: check
+CVE-2008-6682 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts ...)
+ TODO: check
+CVE-2008-6681 (Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo ...)
+ TODO: check
+CVE-2007-6726 (Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and ...)
+ TODO: check
CVE-2009-1273 (pam_ssh 1.92 and possibly other versions, as used when PAM is compiled ...)
TODO: check
CVE-2009-1272 (The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x ...)
@@ -524,18 +550,18 @@
RESERVED
CVE-2009-1161
RESERVED
-CVE-2009-1160
- RESERVED
-CVE-2009-1159
- RESERVED
-CVE-2009-1158
- RESERVED
-CVE-2009-1157
- RESERVED
-CVE-2009-1156
- RESERVED
-CVE-2009-1155
- RESERVED
+CVE-2009-1160 (Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security ...)
+ TODO: check
+CVE-2009-1159 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...)
+ TODO: check
+CVE-2009-1158 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...)
+ TODO: check
+CVE-2009-1157 (Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 Series ...)
+ TODO: check
+CVE-2009-1156 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...)
+ TODO: check
+CVE-2009-1155 (Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security ...)
+ TODO: check
CVE-2009-1154
RESERVED
CVE-2009-1153
@@ -563,8 +589,8 @@
NOT-FOR-US: VmWare
CVE-2009-1145
RESERVED
-CVE-2009-1144
- RESERVED
+CVE-2009-1144 (Untrusted search path vulnerability in the Gentoo package of Xpdf ...)
+ TODO: check
CVE-2009-1143
RESERVED
CVE-2009-1142
@@ -1691,10 +1717,11 @@
- linux-2.6.24 <unfixed>
CVE-2009-0794
RESERVED
-CVE-2009-0793
+CVE-2009-0793 (cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK ...)
+ TODO: check
+CVE-2009-0792 [integer overflows in argyll]
RESERVED
-CVE-2009-0792 [integer overflows in argyll]
- - argyll <unfixed> (low; bug #523427)
+ - argyll <unfixed> (low; bug #523427)
CVE-2009-0791
RESERVED
CVE-2009-0790 (The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before ...)
@@ -3547,7 +3574,7 @@
CVE-2009-0366 (The uncompress_buffer function in src/server/simple_wml.cpp in Wesnoth ...)
{DSA-1737-1}
- wesnoth 1:1.4.7-4
-CVE-2009-0365 (The dbus request handler in NetworkManager, possibly before 0.7.1, ...)
+CVE-2009-0365 (nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an ...)
- network-manager-applet 0.7.0.99-1 (medium)
- network-manager 0.7.0.99-1 (medium)
CVE-2009-0364 (Format string vulnerability in the mini_calendar component in ...)
@@ -3718,7 +3745,7 @@
- ffmpeg-debian 0.svn20080206-16
- ffmpeg <removed>
- mplayer 1.0~rc2-14
- - xine-lib <unfixed> (medium; bug #523475)
+ - xine-lib <unfixed> (medium; bug #523475)
NOTE: MPlayer links against libavformat since 1.0~rc2-14, etch Mplayer still needs a fix
NOTE: http://git.ffmpeg.org/?p=ffmpeg;a=commitdiff;h=72e715fb798f2cb79fd24a6d2eaeafb7c6eeda17
CVE-2009-0318 (Untrusted search path vulnerability in the GObject Python interpreter ...)
@@ -4134,8 +4161,8 @@
RESERVED
CVE-2009-0198
RESERVED
-CVE-2009-0197
- RESERVED
+CVE-2009-0197 (Integer overflow in the FORMATS Plugin before 4.23 for IrfanView ...)
+ TODO: check
CVE-2009-0196
RESERVED
CVE-2009-0195
@@ -5438,8 +5465,8 @@
NOT-FOR-US: Avira AntiVir
CVE-2008-5520 (AhnLab V3 2008.12.4.1 and possibly 2008.9.13.0, when Internet Explorer ...)
NOT-FOR-US: AhnLab V3
-CVE-2008-5519
- RESERVED
+CVE-2008-5519 (The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat ...)
+ TODO: check
CVE-2008-5518
RESERVED
CVE-2008-5517 (The web interface in git (gitweb) 1.5.x before 1.5.6 allows remote ...)
@@ -13944,8 +13971,8 @@
NOT-FOR-US: RSA Authentication Agent
CVE-2008-2026 (Cross-site scripting (XSS) vulnerability in WebID/IISWebAgentIF.dll in ...)
NOT-FOR-US: RSA Authentication Agent
-CVE-2008-2025
- RESERVED
+CVE-2008-2025 (Cross-site scripting (XSS) vulnerability in Apache Struts before ...)
+ TODO: check
CVE-2008-2024 (Cross-site scripting (XSS) vulnerability in index.php in miniBB 2.2, ...)
NOT-FOR-US: miniBB
CVE-2008-2023 (Multiple SQL injection vulnerabilities in PD9 Software MegaBBS 2.2 ...)
More information about the Secure-testing-commits
mailing list