[Secure-testing-commits] r11749 - data/CVE

Joey Hess joeyh at alioth.debian.org
Thu Apr 30 21:14:15 UTC 2009 

Author: joeyh
Date: 2009-04-30 21:14:15 +0000 (Thu, 30 Apr 2009)
New Revision: 11749

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-04-30 20:14:55 UTC (rev 11748)
+++ data/CVE/list	2009-04-30 21:14:15 UTC (rev 11749)
@@ -1,3 +1,41 @@
+CVE-2009-1489 (includes/user.php in Fungamez RC1 allows remote attackers to bypass ...)
+	TODO: check
+CVE-2009-1488 (Directory traversal vulnerability in admin/load.php in FunGamez RC1 ...)
+	TODO: check
+CVE-2009-1487 (SQL injection vulnerability in pages/login.php in FunGamez RC1 allows ...)
+	TODO: check
+CVE-2009-1486 (Directory traversal vulnerability in pmscript.php in Flatchat 3.0 ...)
+	TODO: check
+CVE-2009-1485 (The logging feature in eMule Plus before 1.2e allows remote attackers ...)
+	TODO: check
+CVE-2009-1484 (Cross-site scripting (XSS) vulnerability in the web mail interface ...)
+	TODO: check
+CVE-2009-1483 (Unrestricted file upload vulnerability in upload-file.php in Adam ...)
+	TODO: check
+CVE-2009-1482 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2009-1481 (SQL injection vulnerability in action.asp in PuterJam's Blog (PJBlog3) ...)
+	TODO: check
+CVE-2009-1480 (SQL injection vulnerability in index.php Pragyan CMS 2.6.4 allows ...)
+	TODO: check
+CVE-2009-1479
+	RESERVED
+CVE-2009-1478 (Multiple unspecified vulnerabilities in the DTrace ioctl handlers in ...)
+	TODO: check
+CVE-2008-6774 (internettoolbar/edit.php in YourPlace 1.0.2 and earlier does not end ...)
+	TODO: check
+CVE-2008-6773 (Static code injection vulnerability in user/internettoolbar/edit.php ...)
+	TODO: check
+CVE-2008-6772 (login/register_form.php in YourPlace 1.0.2 and earlier does not check ...)
+	TODO: check
+CVE-2008-6771 (YourPlace 1.0.2 and earlier allows remote attackers to obtain ...)
+	TODO: check
+CVE-2008-6770 (YourPlace 1.0.2 and earlier stores sensitive information under the web ...)
+	TODO: check
+CVE-2008-6769 (Unrestricted file upload vulnerability in upload.php in YourPlace ...)
+	TODO: check
+CVE-2008-6768 (Unrestricted file upload vulnerability in admin/editor/images.php in ...)
+	TODO: check
 CVE-2009-1477
 	RESERVED
 CVE-2009-1476
@@ -118,14 +156,14 @@
 	NOT-FOR-US: SilverStripe
 CVE-2009-1432
 	RESERVED
-CVE-2009-1431
-	RESERVED
-CVE-2009-1430
-	RESERVED
-CVE-2009-1429
-	RESERVED
-CVE-2009-1428
-	RESERVED
+CVE-2009-1431 (XFR.EXE in the Intel File Transfer service in the console in Symantec ...)
+	TODO: check
+CVE-2009-1430 (Multiple stack-based buffer overflows in IAO.EXE in the Intel Alert ...)
+	TODO: check
+CVE-2009-1429 (The Intel LANDesk Common Base Agent (CBA) in Symantec Alert Management ...)
+	TODO: check
+CVE-2009-1428 (Multiple cross-site scripting (XSS) vulnerabilities in ccLgView.exe in ...)
+	TODO: check
 CVE-2009-1427
 	RESERVED
 CVE-2009-1426
@@ -647,6 +685,7 @@
 CVE-2009-1273 (pam_ssh 1.92 and possibly other versions, as used when PAM is compiled ...)
 	- pam <not-affected> (we don't compile pam with USE=ssh)
 CVE-2009-1272 (The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x ...)
+	{DTSA-188-1}
 	- php5 5.2.6.dfsg.1-3
 	[etch] - php5 <not-affected> (this is caused by the fix for CVE-2008-5658, which was not applied to php4)
 	- php4 <not-affected> (this is caused by the fix for CVE-2008-5658, which was not applied to php4)
@@ -1843,6 +1882,7 @@
 CVE-2009-0947
 	RESERVED
 CVE-2009-0946 (Multiple integer overflows in FreeType 2.3.9 and earlier allow remote ...)
+	{DSA-1784-1}
 	- freetype 2.3.9-4.1 (medium; bug #524925)
 CVE-2009-0945
 	RESERVED
@@ -2807,8 +2847,8 @@
 	RESERVED
 CVE-2009-0720
 	RESERVED
-CVE-2009-0719
-	RESERVED
+CVE-2009-0719 (Unspecified vulnerability in useradd in HP HP-UX B.11.11, B.11.23, and ...)
+	TODO: check
 CVE-2009-0718 (Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 ...)
 	NOT-FOR-US: HP StorageWorks Storage Mirroring
 CVE-2009-0717 (Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 ...)
@@ -6157,8 +6197,8 @@
 	NOT-FOR-US: DrWeb Anti-virus
 CVE-2008-5525 (ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7 is ...)
 	- clamav <not-affected> (medium; bug #526041)
-        NOTE: this issue refers to a clamav antivirus bypass that occurs when the user
-        NOTE: is using IE6 or IE7 to open a malicious page with an MZ header
+	NOTE: this issue refers to a clamav antivirus bypass that occurs when the user
+	NOTE: is using IE6 or IE7 to open a malicious page with an MZ header
 	NOTE: - all other browsers are not vulnerable
 	NOTE: - see http://xforce.iss.net/xforce/xfdb/47435 and bug report for details
 CVE-2008-5524 (CAT-QuickHeal 10.00 and possibly 9.50, when Internet Explorer 6 or 7 ...)
@@ -8799,6 +8839,7 @@
 CVE-2008-4457 (SQL injection vulnerability in inc/inc_statistics.php in MemHT Portal ...)
 	NOT-FOR-US: MemHT Portal
 CVE-2008-4456 (Cross-site scripting (XSS) vulnerability in the command-line client in ...)
+	{DSA-1783-1}
 	- mysql-dfsg-5.0 5.0.51-1 (low)
 CVE-2008-4455 (Directory traversal vulnerability in index.php in EKINdesigns MySQL ...)
 	NOT-FOR-US: EKINdesigns MySQL Quick Admin
@@ -10150,6 +10191,7 @@
 	- ssmtp 2.62-1.1 (low; bug #498366)
 	[etch] - ssmtp <no-dsa> (Minor issue, only affects rare corner cases)
 CVE-2008-3963 (MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does ...)
+	{DSA-1783-1}
 	- mysql-dfsg-5.0 5.0.51a-15 (low; bug #498362)
 CVE-2008-3964 (Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 ...)
 	- libpng 1.2.27-2 (low; bug #501109)

More information about the Secure-testing-commits mailing list