[Secure-testing-commits] r11671 - data/CVE

Joey Hess joeyh at alioth.debian.org
Mon Apr 20 21:14:20 UTC 2009 

Author: joeyh
Date: 2009-04-20 21:14:20 +0000 (Mon, 20 Apr 2009)
New Revision: 11671

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-04-20 20:48:25 UTC (rev 11670)
+++ data/CVE/list	2009-04-20 21:14:20 UTC (rev 11671)
@@ -1,3 +1,25 @@
+CVE-2009-1341
+	RESERVED
+CVE-2009-1340
+	RESERVED
+CVE-2009-1339
+	RESERVED
+CVE-2009-1338
+	RESERVED
+CVE-2009-1337
+	RESERVED
+CVE-2009-1336
+	RESERVED
+CVE-2009-1335 (Microsoft Internet Explorer 7 and 8 on Windows XP and Vista allows ...)
+	TODO: check
+CVE-2009-1334 (Cross-site scripting (XSS) vulnerability in login/FilepathLogin.html ...)
+	TODO: check
+CVE-2009-1333 (Cross-site scripting (XSS) vulnerability in refresh_rate.htm in the ...)
+	TODO: check
+CVE-2009-1332 (The Online Help feature in Sun Java System Directory Server 5.2 and ...)
+	TODO: check
+CVE-2009-1331 (Integer overflow in Microsoft Windows Media Player (WMP) ...)
+	TODO: check
 CVE-2009-XXXX [linux-2.6: /dev/mem rootkit vulnerability]
 	- linux-2.6 2.6.29-1 (low; bug #524373)
 	NOTE: according to the kernel team (see bug report), they have no interest in backporting a
@@ -102,8 +124,8 @@
 	NOT-FOR-US: AJ Square AJ Article
 CVE-2009-XXXX [clamav: UPack crash]
 	- clamav 0.95.1+dfsg-1
-        [etch] - clamav 0.90.1dfsg-4-etch19
-        [lenny] - clamav 0.94.dfsg.2-1lenny2
+	[etch] - clamav 0.90.1dfsg-4-etch19
+	[lenny] - clamav 0.94.dfsg.2-1lenny2
 	NOTE: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1552
 CVE-2009-XXXX [clamav: cli_url_canon]
 	- clamav 0.95.1+dfsg-1
@@ -235,6 +257,7 @@
 	- php5 5.2.6.dfsg.1-3
 	- php4 <not-affected> (this is caused by the fix for CVE-2008-5658, which was not applied to php4)
 CVE-2009-1271 (The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before ...)
+	{DSA-1775-1}
 	- php5 5.2.9.dfsg.1-1
 	- php4 <not-affected> (the JSON extension was introduced in php5.2)
 	- php-json-ext <unfixed>
@@ -406,9 +429,9 @@
 	NOT-FOR-US: Versalsoft HTTP Image Uploader ActiveX 
 CVE-2008-6637 (Multiple cross-site scripting (XSS) vulnerabilities in forgotPW.php in ...)
 	NOT-FOR-US: Library Video Company SAFARI Montage
-CVE-2008-6636 (SQL injection vulnerability in skins/default.php in Geody Labs Dagger ...)
+CVE-2008-6636 (PHP remote file inclusion vulnerability in skins/default.php in Geody ...)
 	NOT-FOR-US: Geody Labs Dagger
-CVE-2008-6635 (SQL injection vulnerability in skins/default.php in Geody Labs Dagger ...)
+CVE-2008-6635 (PHP remote file inclusion vulnerability in skins/default.php in Geody ...)
 	NOT-FOR-US: Geody Labs Dagger
 CVE-2008-6634 (SQL injection vulnerability in RoomPHPlanning 1.5 allows remote ...)
 	NOT-FOR-US: RoomPHPlanning
@@ -668,12 +691,10 @@
 CVE-2009-1187 [pdf vulnerabilities]
 	RESERVED
 	- poppler <unfixed> (medium; bug #524806)
-CVE-2009-1186 [udev: buffer overflow in util_path_encode]
-	RESERVED
+CVE-2009-1186 (Buffer overflow in the util_path_encode function in ...)
 	{DSA-1772-1}
 	- udev <unfixed> (medium)
-CVE-2009-1185 [udev: missing origin check for NETLINK messages]
-	RESERVED
+CVE-2009-1185 (udev before 1.4.1 does not verify whether a NETLINK message originates ...)
 	{DSA-1772-1}
 	- udev <unfixed> (medium)
 CVE-2009-1184
@@ -5506,10 +5527,10 @@
 	{DSA-1750-1}
 	- pngcrush 1.6.15-1
 	- libpng 1.2.35-1 (bug #516256)
-CVE-2009-0039
-	RESERVED
-CVE-2009-0038
-	RESERVED
+CVE-2009-0039 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...)
+	TODO: check
+CVE-2009-0038 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
+	TODO: check
 CVE-2009-0037 (The redirect implementation in curl and libcurl 5.11 through 7.19.3, ...)
 	{DSA-1738-1}
 	- curl 7.18.2-8.1 (bug #518423)
@@ -5746,8 +5767,8 @@
 	NOT-FOR-US: AhnLab V3
 CVE-2008-5519 (The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat ...)
 	- tomcat5.5 <unfixed>
-CVE-2008-5518
-	RESERVED
+CVE-2008-5518 (Multiple directory traversal vulnerabilities in the web administration ...)
+	TODO: check
 CVE-2008-5517 (The web interface in git (gitweb) 1.5.x before 1.5.6 allows remote ...)
 	{DSA-1708-1}
 	- git-core 1:1.5.6.5-2 (low; bug #512330)

More information about the Secure-testing-commits mailing list