[Secure-testing-commits] r11738 - data/CVE

Joey Hess joeyh at alioth.debian.org
Tue Apr 28 21:14:16 UTC 2009 

Author: joeyh
Date: 2009-04-28 21:14:16 +0000 (Tue, 28 Apr 2009)
New Revision: 11738

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-04-28 20:04:50 UTC (rev 11737)
+++ data/CVE/list	2009-04-28 21:14:16 UTC (rev 11738)
@@ -1,3 +1,43 @@
+CVE-2009-1449 (Stack-based buffer overflow in PortableApps CoolPlayer Portable (aka ...)
+	TODO: check
+CVE-2009-1448 (Cross-site scripting (XSS) vulnerability in apricot.php in LovPop.net ...)
+	TODO: check
+CVE-2009-1447 (Unrestricted file upload vulnerability in admin/editor/image.php in ...)
+	TODO: check
+CVE-2009-1446 (Unrestricted file upload vulnerability in upload.php in Elkagroup ...)
+	TODO: check
+CVE-2009-1445 (Multiple directory traversal vulnerabilities in WebPortal CMS 0.8-beta ...)
+	TODO: check
+CVE-2009-1444 (PHP remote file inclusion vulnerability in indexk.php in WebPortal CMS ...)
+	TODO: check
+CVE-2009-1443 (Multiple unspecified vulnerabilities in the Server component in OCS ...)
+	TODO: check
+CVE-2009-1442
+	RESERVED
+CVE-2009-1441
+	RESERVED
+CVE-2009-1440 (Incomplete blacklist vulnerability in DownloadListCtrl.cpp in amule ...)
+	TODO: check
+CVE-2009-1439 (Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel ...)
+	TODO: check
+CVE-2009-1438 (Integer overflow in the CSoundFile::ReadMed function ...)
+	TODO: check
+CVE-2009-1437 (Stack-based buffer overflow in PortableApps CoolPlayer Portable (aka ...)
+	TODO: check
+CVE-2009-1436 (The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and ...)
+	TODO: check
+CVE-2009-1435 (NTRtScan.exe in Trend Micro OfficeScan Client 8.0 SP1 and 8.0 SP1 ...)
+	TODO: check
+CVE-2009-1434
+	RESERVED
+CVE-2008-6756 (ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for ...)
+	TODO: check
+CVE-2008-6755 (ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to ...)
+	TODO: check
+CVE-2008-6754 (The Personal Sticky Threads addon 1.0.3c for vBulletin allows remote ...)
+	TODO: check
+CVE-2008-6753 (SQL injection vulnerability in SilverStripe before 2.2.2 allows remote ...)
+	TODO: check
 CVE-2009-1433 (SQL injection vulnerability in File::find (filesystem/File.php) in ...)
 	TODO: check
 CVE-2009-1432
@@ -253,6 +293,7 @@
 	- git-core 1.6.2.1-1 (bug #516669)
 CVE-2009-1341
 	RESERVED
+	{DSA-1780-1}
 	- libdb-pg-perl 2.1.3-1
 CVE-2009-1340
 	RESERVED
@@ -955,10 +996,10 @@
 	[etch] - apache2 <not-affected> (introduced in 2.2.11)
 	[lenny] - apache2 <not-affected> (introduced in 2.2.11)
 	NOTE: Will be fixed in 2.2.12
-CVE-2009-1190
-	RESERVED
-CVE-2009-1189
-	RESERVED
+CVE-2009-1190 (Algorithmic complexity vulnerability in the ...)
+	TODO: check
+CVE-2009-1189 (The _dbus_validate_signature_with_reason function ...)
+	TODO: check
 CVE-2009-1188 (Integer overflow in the JBIG2 decoding feature in Poppler before ...)
 	- poppler 0.10.6-1 (medium; bug #524806)
 CVE-2009-1187 (Integer overflow in the JBIG2 decoding feature in Poppler before ...)
@@ -1567,7 +1608,7 @@
 	NOT-FOR-US: Oracle PeopleSoft Enterprise
 CVE-2009-1013 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
 	NOT-FOR-US: Oracle PeopleSoft Enterprise
-CVE-2009-1012 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
+CVE-2009-1012 (Unspecified vulnerability in the plug-ins for Apache and IIS web ...)
 	NOT-FOR-US: BEA Product Suite
 CVE-2009-1011 (Unspecified vulnerability in the Outside In Technology component in ...)
 	NOT-FOR-US: Oracle Application Server
@@ -2811,6 +2852,7 @@
 	- mahara 1.1.3-1 (low)
 CVE-2009-0663
 	RESERVED
+	{DSA-1780-1}
 	- libdb-pg-perl 2.1.3-1
 CVE-2009-0662 (The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product ...)
 	- plone3 <unfixed> (medium; bug #525943)
@@ -3099,7 +3141,8 @@
 	NOTE: Alleged exploit does not work.
 CVE-2008-6177 (Multiple directory traversal vulnerabilities in LightBlog 9.8, when ...)
 	NOT-FOR-US: LightBlog
-CVE-2008-6176 (bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the ...)
+CVE-2008-6176
+	REJECTED
 	- drupal5 5.12-1 (low; bug #519114)
 	- drupal6 6.6-1 (low; bug #519115)
 CVE-2008-6175 (SilverSHielD 1.0.2.34 allows remote attackers to cause a denial of ...)
@@ -3110,7 +3153,7 @@
 	NOT-FOR-US: ClipShare Pro
 CVE-2008-6172 (Directory traversal vulnerability in captcha/captcha_image.php in the ...)
 	NOT-FOR-US: Joomla!
-CVE-2008-6171 (Drupal 5.x before 5.12 and 6.x before 6.6, when the server is ...)
+CVE-2008-6171 (includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, ...)
 	TODO: check back with mitre
 	NOTE: looks like a dupe of CVE-2008-6176
 CVE-2008-6170 (Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.12 and ...)

More information about the Secure-testing-commits mailing list