[Secure-testing-commits] r11714 - data/CVE

Joey Hess joeyh at alioth.debian.org
Fri Apr 24 21:14:19 UTC 2009


Author: joeyh
Date: 2009-04-24 21:14:19 +0000 (Fri, 24 Apr 2009)
New Revision: 11714

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-04-24 21:06:56 UTC (rev 11713)
+++ data/CVE/list	2009-04-24 21:14:19 UTC (rev 11714)
@@ -1,3 +1,71 @@
+CVE-2009-1402
+	RESERVED
+CVE-2009-1401
+	RESERVED
+CVE-2009-1400
+	RESERVED
+CVE-2009-1399
+	RESERVED
+CVE-2009-1398
+	RESERVED
+CVE-2009-1397
+	RESERVED
+CVE-2009-1396
+	RESERVED
+CVE-2009-1395
+	RESERVED
+CVE-2009-1394
+	RESERVED
+CVE-2009-1393
+	RESERVED
+CVE-2009-1392
+	RESERVED
+CVE-2009-1391
+	RESERVED
+CVE-2009-1390
+	RESERVED
+CVE-2009-1389
+	RESERVED
+CVE-2009-1388
+	RESERVED
+CVE-2009-1387
+	RESERVED
+CVE-2009-1386
+	RESERVED
+CVE-2009-1385
+	RESERVED
+CVE-2009-1384
+	RESERVED
+CVE-2009-1383
+	RESERVED
+CVE-2009-1382
+	RESERVED
+CVE-2009-1381
+	RESERVED
+CVE-2009-1380
+	RESERVED
+CVE-2009-1379
+	RESERVED
+CVE-2009-1378
+	RESERVED
+CVE-2009-1377
+	RESERVED
+CVE-2009-1376
+	RESERVED
+CVE-2009-1375
+	RESERVED
+CVE-2009-1374
+	RESERVED
+CVE-2009-1373
+	RESERVED
+CVE-2009-1365
+	RESERVED
+CVE-2009-1364
+	RESERVED
+CVE-2009-1363
+	RESERVED
+CVE-2009-1360 (The __inet6_check_established function in net/ipv6/inet6_hashtables.c ...)
+	TODO: check
 CVE-2009-1411
 	NOT-FOR-US: Seditio CMS
 CVE-2009-1410
@@ -16,21 +84,21 @@
 	NOT-FOR-US: PastelCMS
 CVE-2009-1403
 	NOT-FOR-US: CRE Loaded
-CVE-2009-1370
+CVE-2009-1370 (Stack-based buffer overflow in ape_plugin.plg in Xilisoft Video ...)
 	NOT-FOR-US: Xilisoft Video Converter
-CVE-2009-1369
+CVE-2009-1369 (moziloCMS 1.11 allows remote attackers to obtain sensitive information ...)
 	NOT-FOR-US: moziloCMS
-CVE-2009-1368
+CVE-2009-1368 (Directory traversal vulnerability in index.php in moziloCMS 1.11 ...)
 	NOT-FOR-US: moziloCMS
-CVE-2009-1367
+CVE-2009-1367 (Cross-site scripting (XSS) vulnerability in index.php in moziloCMS ...)
 	NOT-FOR-US: moziloCMS
-CVE-2009-1366
+CVE-2009-1366 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: DotNetNuke
-CVE-2009-1362
+CVE-2009-1362 (SQL injection vulnerability in administration/index.php in chCounter ...)
 	NOT-FOR-US: chCounter
-CVE-2009-1361
+CVE-2009-1361 (dig.php in GScripts.net DNS Tools allows remote attackers to execute ...)
 	NOT-FOR-US: GScripts.net DNS Tools
-CVE-2009-1359
+CVE-2009-1359 (Unspecified vulnerability in the SCTP sockets implementation in Sun ...)
 	NOT-FOR-US: Sun OpenSolaris
 CVE-2008-6752
 	NOT-FOR-US: Twitter Clone (TClone) plugin for ReVou Micro Blogging
@@ -42,17 +110,17 @@
 	NOT-FOR-US: FlexPHPDirectory
 CVE-2008-6748
 	NOT-FOR-US: Megacubo
-CVE-2008-6747
+CVE-2008-6747 (dotProject before 2.1.2 does not properly restrict access to ...)
 	NOT-FOR-US: dotProject
-CVE-2008-6746
+CVE-2008-6746 (Cross-site scripting (XSS) vulnerability in the contact display view ...)
 	NOT-FOR-US: Turba Contact Manager
-CVE-2008-6745
+CVE-2008-6745 (index.php in BlogPHP 2.0 allows remote attackers to gain administrator ...)
 	NOT-FOR-US: BlogPHP
-CVE-2008-6744
+CVE-2008-6744 (Cross-site request forgery (CSRF) vulnerability in Cybozu Office 6, ...)
 	NOT-FOR-US: Cybozu Office
-CVE-2008-6743
+CVE-2008-6743 (RSMScript 1.21 allows remote attackers to bypass authentication and ...)
 	NOT-FOR-US: RSMScript
-CVE-2009-1357
+CVE-2009-1357 (CRLF injection vulnerability in da/DA/Login in Sun Java System ...)
 	NOT-FOR-US: Sun Java System Delegated Administrator
 CVE-2009-1356 (Stack-based buffer overflow in Elecard AVC HD Player allows remote ...)
 	NOT-FOR-US: Elecard AVC HD Player
@@ -131,16 +199,13 @@
 	RESERVED
 CVE-2009-1339
 	RESERVED
-CVE-2009-1338 [Kernel: limit kill sig to caller namespace]
-	RESERVED
+CVE-2009-1338 (The kill_something_info function in kernel/signal.c in the Linux ...)
 	- linux-2.6 <unfixed>
 	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
-CVE-2009-1337 [Kernel: exit notify cap check]
-	RESERVED
+CVE-2009-1337 (The exit_notify function in kernel/exit.c in the Linux kernel before ...)
 	- linux-2.6 <unfixed>
 	- linux-2.6.24 <removed>
-CVE-2009-1336 [Kernel: NFS Dos]
-	RESERVED
+CVE-2009-1336 (fs/nfs/client.c in the Linux kernel before 2.6.23 does not properly ...)
 	- linux-2.6 2.6.23-1
 	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
 CVE-2009-1335 (Microsoft Internet Explorer 7 and 8 on Windows XP and Vista allows ...)
@@ -202,48 +267,37 @@
 	NOT-FOR-US: Web File Explorer
 CVE-2009-1313
 	RESERVED
-CVE-2009-1312 [MFSA 2009-22: Firefox allows Refresh header to redirect to javascript: URIs]
-	RESERVED
+CVE-2009-1312 (Mozilla Firefox before 3.0.9 and SeaMonkey do not block javascript: ...)
 	- xulrunner 1.9.0.9-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
-CVE-2009-1311 [MFSA 2009-21: POST data sent to wrong site when saving web page with embedded frame]
-	RESERVED
+CVE-2009-1311 (Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow ...)
 	- xulrunner 1.9.0.9-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
-CVE-2009-1310 [MFSA 2009-22: Firefox allows Refresh header to redirect to javascript: URIs]
-	RESERVED
+CVE-2009-1310 (Cross-site scripting (XSS) vulnerability in the MozSearch plugin ...)
 	- iceweasel 3.0.9-1
 	[etch] - iceweasel <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
-CVE-2009-1309 [MFSA 2009-19: Same-origin violations in XMLHttpRequest and XPCNativeWrapper.toString]
-	RESERVED
+CVE-2009-1309 (Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not ...)
 	- xulrunner 1.9.0.9-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
-CVE-2009-1308 [MFSA 2009-18: XSS hazard using third-party stylesheets and XBL bindings]
-	RESERVED
+CVE-2009-1308 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...)
 	- xulrunner 1.9.0.9-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
-CVE-2009-1307 [MFSA 2009-17: Same-origin violations when Adobe Flash loaded via view-source: scheme]
-	RESERVED
+CVE-2009-1307 (The view-source: URI implementation in Mozilla Firefox before 3.0.9, ...)
 	- xulrunner 1.9.0.9-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
-CVE-2009-1306 [MFSA 2009-16: jar: scheme ignores the content-disposition: header on the inner URI]
-	RESERVED
+CVE-2009-1306 (The jar: URI implementation in Mozilla Firefox before 3.0.9, ...)
 	- xulrunner 1.9.0.9-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
-CVE-2009-1305 [Firefox crashes with evidence of memory corruption]
-	RESERVED
+CVE-2009-1305 (The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird ...)
 	- xulrunner 1.9.0.9-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
-CVE-2009-1304 [Firefox crashes with evidence of memory corruption]
-	RESERVED
+CVE-2009-1304 (The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird ...)
 	- xulrunner 1.9.0.9-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
-CVE-2009-1303 [Firefox crashes with evidence of memory corruption]
-	RESERVED
+CVE-2009-1303 (The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before ...)
 	- xulrunner 1.9.0.9-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
-CVE-2009-1302 [Firefox crashes with evidence of memory corruption]
-	RESERVED
+CVE-2009-1302 (The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird ...)
 	- xulrunner 1.9.0.9-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
 CVE-2009-1301 (Integer signedness error in the store_id3_text function in the ID3v2 ...)
@@ -283,12 +337,12 @@
 	NOT-FOR-US: Novell Access Manager
 CVE-2008-6721 (SQL injection vulnerability in index.php in AJ Square AJ Article ...)
 	NOT-FOR-US: AJ Square AJ Article
-CVE-2009-1371 [clamav: UPack crash]
+CVE-2009-1371 (The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before ...)
 	- clamav 0.95.1+dfsg-1
 	[etch] - clamav 0.90.1dfsg-4-etch19
 	[lenny] - clamav 0.94.dfsg.2-1lenny2
 	NOTE: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1552
-CVE-2009-1372 [clamav: cli_url_canon]
+CVE-2009-1372 (Stack-based buffer overflow in the cli_url_canon function in ...)
 	- clamav 0.95.1+dfsg-1
 	[etch] - clamav <not-affected> (vulnerable code not present)
 	[lenny] - clamav <not-affected> (vulnerable code not present)
@@ -836,17 +890,15 @@
 	RESERVED
 CVE-2009-1192
 	RESERVED
-CVE-2009-1191
-	RESERVED
+CVE-2009-1191 (mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server ...)
+	TODO: check
 CVE-2009-1190
 	RESERVED
 CVE-2009-1189
 	RESERVED
-CVE-2009-1188 [pdf vulnerabilities]
-	RESERVED
+CVE-2009-1188 (Integer overflow in the JBIG2 decoding feature in Poppler before ...)
 	- poppler 0.10.6-1 (medium; bug #524806)
-CVE-2009-1187 [pdf vulnerabilities]
-	RESERVED
+CVE-2009-1187 (Integer overflow in the JBIG2 decoding feature in Poppler before ...)
 	- poppler 0.10.6-1 (medium; bug #524806)
 CVE-2009-1186 (Buffer overflow in the util_path_encode function in ...)
 	{DSA-1772-1}
@@ -856,28 +908,23 @@
 	- udev 0.141-1 (medium)
 CVE-2009-1184
 	RESERVED
-CVE-2009-1183 [pdf vulnerabilities]
-	RESERVED
+CVE-2009-1183 (The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and ...)
 	- poppler 0.10.6-1 (medium; bug #524806)
 	- xpdf <unfixed> (medium; bug #524809)
 	- kdegraphics 4.0-1 (medium; bug #524810)
-CVE-2009-1182 [pdf vulnerabilites]
-	RESERVED
+CVE-2009-1182 (Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and ...)
 	- poppler 0.10.6-1 (medium; bug #524806)
 	- xpdf <unfixed> (medium; bug #524809)
 	- kdegraphics 4.0-1 (medium; bug #524810)
-CVE-2009-1181 [pdf vulnerabilities]
-	RESERVED
+CVE-2009-1181 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...)
 	- poppler 0.10.6-1 (medium; bug #524806)
 	- xpdf <unfixed> (medium; bug #524809)
 	- kdegraphics 4.0-1 (medium; bug #524810)
-CVE-2009-1180 [pdf vulnerabilities]
-	RESERVED
+CVE-2009-1180 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...)
 	- poppler 0.10.6-1 (medium; bug #524806)
 	- xpdf <unfixed> (medium; bug #524809)
 	- kdegraphics 4.0-1 (medium; bug #524810)
-CVE-2009-1179 [pdf vulnerabilities]
-	RESERVED
+CVE-2009-1179 (Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, ...)
 	- poppler 0.10.6-1 (medium; bug #524806)
 	- xpdf <unfixed> (medium; bug #524809)
 	- kdegraphics 4.0-1 (medium; bug #524810)
@@ -2125,13 +2172,11 @@
 CVE-2009-0801 (Squid, when transparent interception mode is enabled, uses the HTTP ...)
 	- squid <unfixed> (low; bug #521053)
 	- squid3 <unfixed> (low; bug #521052)
-CVE-2009-0800 [pdf vulnerabilities]
-	RESERVED
+CVE-2009-0800 (Multiple &quot;input validation flaws&quot; in the JBIG2 decoder in Xpdf 3.02pl2 ...)
 	- poppler 0.10.6-1 (medium; bug #524806)
 	- xpdf <unfixed> (medium; bug #524809)
 	- kdegraphics 4.0  (medium; bug #524810)
-CVE-2009-0799 [pdf vulnerabilities]
-	RESERVED
+CVE-2009-0799 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...)
 	- poppler 0.10.6-1 (medium; bug #524806)
 	- xpdf <unfixed> (medium; bug #524809)
 	- kdegraphics 4.0 (medium; bug #524810)
@@ -2693,12 +2738,12 @@
 	RESERVED
 CVE-2009-0665
 	RESERVED
-CVE-2009-0664
-	RESERVED
+CVE-2009-0664 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0.x ...)
 	{DSA-1778-1}
+	TODO: check
 CVE-2009-0663
 	RESERVED
-CVE-2009-0662
+CVE-2009-0662 (The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product ...)
 	NOT-FOR-US: PlonePAS
 CVE-2009-0661 (Wee Enhanced Environment for Chat (WeeChat) 0.2.6 allows remote ...)
 	{DSA-1744-1}
@@ -2722,7 +2767,7 @@
 	NOTE: attacker already controls entry and exit node at this stage
 CVE-2009-0653 (OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an ...)
 	- openssl 0.9.8-1 (bug #517791)
-CVE-2009-0652 (Mozilla Firefox 3.0.6 does not properly prevent the literal rendering ...)
+CVE-2009-0652 (The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox ...)
 	- xulrunner 1.9.0.9-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
 CVE-2009-0651 (Unspecified vulnerability in the Veritas network daemon (aka vnetd) in ...)
@@ -4213,7 +4258,7 @@
 	RESERVED
 CVE-2009-0308
 	RESERVED
-CVE-2009-0307
+CVE-2009-0307 (Cross-site scripting (XSS) vulnerability in the &quot;Customize Statistics ...)
 	NOT-FOR-US: Motion (RIM) BlackBerry Enterprise Server
 CVE-2009-0306
 	RESERVED
@@ -4602,8 +4647,8 @@
 	NOT-FOR-US: IrfanView
 CVE-2009-0196 (Heap-based buffer overflow in the big2_decode_symbol_dict function ...)
 	- ghostscript 8.64~dfsg-1.1 (medium; bug #524803)
-CVE-2009-0195
-	RESERVED
+CVE-2009-0195 (Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, ...)
+	TODO: check
 CVE-2009-0194
 	RESERVED
 CVE-2009-0193 (Heap-based buffer overflow in Adobe Acrobat Reader 9 before 9.1, 8 ...)
@@ -4687,22 +4732,20 @@
 	NOT-FOR-US: ppdmgr in Sun Solaris 10 and OpenSolaris
 CVE-2009-0167 (Unspecified vulnerability in lpadmin in Sun Solaris 10 and OpenSolaris ...)
 	NOT-FOR-US: lpadmin in Sun Solaris 10 and OpenSolaris
-CVE-2009-0166 [pdftops filter vulnerability]
-	RESERVED
+CVE-2009-0166 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...)
 	- poppler <unfixed> (medium; bug #524806)
 	- cups <not-affected> (Uses poppler's pdftops)
 	- xpdf <unfixed> (medium; bug #524809)
 	- kdegraphics <unfixed> (medium; bug #524810)
-CVE-2009-0165
-	RESERVED
+CVE-2009-0165 (Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as ...)
+	TODO: check
 CVE-2009-0164 [cups web interface DNS rebinding issue]
 	RESERVED
 	- cups 1.3.10-1 (low)
 	[lenny] - cups <no-dsa> (Minor issue, needs several prerequirements for attack)
 	- cupsys <removed>
 	[etch] - cupsys <no-dsa> (Minor issue, needs several prerequirements for attack)
-CVE-2009-0163 [integer overflow in cups imagetops filter]
-	RESERVED
+CVE-2009-0163 (Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and ...)
 	{DSA-1773-1}
 	- cups 1.3.10-1
 	- cupsys <removed>
@@ -4738,14 +4781,12 @@
 	RESERVED
 CVE-2009-0148
 	RESERVED
-CVE-2009-0147 [pdftops filter vulnerability]
-	RESERVED
+CVE-2009-0147 (Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and ...)
 	- poppler <unfixed> (medium; bug #524806)
 	- cups <not-affected> (Uses poppler's pdftops)
 	- xpdf <unfixed> (medium; bug #524809)
 	- kdegraphics <unfixed> (medium; bug #524810)
-CVE-2009-0146 [pdftops filter vulnerability]
-	RESERVED
+CVE-2009-0146 (Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and ...)
 	- poppler <unfixed> (medium; bug #524806)
 	- cups <not-affected> (Uses poppler's pdftops)
 	- xpdf <unfixed> (medium; bug #524809)
@@ -5032,8 +5073,10 @@
 	- linux-2.6 2.6.29-1
 	- linux-2.6.24 <removed>
 CVE-2009-0064
+	RESERVED
 	NOT-FOR-US: Symantec Brightmail Gateway Appliance
 CVE-2009-0063
+	RESERVED
 	NOT-FOR-US: Symantec Brightmail Gateway Appliance
 CVE-2009-0062 (Unspecified vulnerability in the Cisco Wireless LAN Controller (WLC), ...)
 	NOT-FOR-US: Cisco
@@ -6056,7 +6099,7 @@
 	[etch] - axel <no-dsa> (Minor issue)
 	NOTE: http://alioth.debian.org/forum/forum.php?forum_id=2846
 	NOTE: this only work for non-interactive sessions which is a quite exotic usecase
-CVE-2008-5619 (html2text.php in RoundCube Webmail (roundcubemail) 0.2-1.alpha and ...)
+CVE-2008-5619 (html2text.php in Chuggnutt HTML to Text Converter, as used in ...)
 	- roundcube 0.1.1-9 (high; bug #508628)
 	NOTE: According to the bug report, this is being exploited.
 	- moodle 1.8.2.dfsg-2 (bug #508909)




More information about the Secure-testing-commits mailing list