[Secure-testing-commits] r12556 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Mon Aug 10 21:14:15 UTC 2009
Author: joeyh
Date: 2009-08-10 21:14:14 +0000 (Mon, 10 Aug 2009)
New Revision: 12556
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-08-10 19:31:20 UTC (rev 12555)
+++ data/CVE/list 2009-08-10 21:14:14 UTC (rev 12556)
@@ -1,3 +1,25 @@
+CVE-2009-2715 (Sun VirtualBox 2.2 through 3.0.2 r49928 allows guest OS users to cause ...)
+ TODO: check
+CVE-2009-2714 (Unspecified vulnerability in Sun VirtualBox 3.0.0 and 3.0.2 allows ...)
+ TODO: check
+CVE-2009-2713 (The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 ...)
+ TODO: check
+CVE-2009-2712 (Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and ...)
+ TODO: check
+CVE-2009-2711 (XScreenSaver in Sun Solaris 9 and 10, OpenSolaris before snv_120, and ...)
+ TODO: check
+CVE-2008-6917 (SQL injection vulnerability in admin.php in Exocrew ExoPHPDesk 1.2 ...)
+ TODO: check
+CVE-2008-6916 (Siemens SpeedStream 5200 with NetPort Software 1.1 allows remote ...)
+ TODO: check
+CVE-2008-6915 (Cross-site scripting (XSS) vulnerability in view_prop_details.php in ...)
+ TODO: check
+CVE-2008-6914 (Unrestricted file upload vulnerability in viewprofile.php in Zeeways ...)
+ TODO: check
+CVE-2008-6913 (Unrestricted file upload vulnerability in editresume_next.php in ...)
+ TODO: check
+CVE-2008-6912 (Zeeways SHAADICLONE 2.0 allows remote attackers to bypass ...)
+ TODO: check
CVE-2009-XXXX [mantis: information leak]
- mantis 1.1.8+dfsg-2 (medium; bug #425010)
[lenny] - mantis 1.1.6+dfsg-2lenny1
@@ -220,8 +242,7 @@
NOT-FOR-US: ActiveX control
CVE-2008-6897 (Multiple buffer overflows in Getleft.exe in Andres Garcia Getleft 1.2 ...)
NOT-FOR-US: Andres Garcia Getleft
-CVE-2009-2666 [fetchmail 0 byte cert injection]
- RESERVED
+CVE-2009-2666 (socket.c in fetchmail before 6.3.11 does not properly handle a '\0' ...)
{DSA-1852-1}
- fetchmail 6.3.9~rc2-6
CVE-2009-2665 (The nsDocument::SetScriptGlobalObject function in ...)
@@ -963,6 +984,7 @@
RESERVED
CVE-2009-2416 [libxml2 pointer-user-after-free]
RESERVED
+ {DSA-1859-1}
- libxml2 <unfixed> (low; bug #540865)
- libxml <removed>
CVE-2009-2415 [heap-based buffer overflow in memcached]
@@ -975,6 +997,7 @@
NOTE: but fortunately not in a stable release.
CVE-2009-2414 [libxml2 stack recursion]
RESERVED
+ {DSA-1859-1}
- libxml2 <unfixed> (medium; bug #540865)
- libxml <removed>
CVE-2009-2413
@@ -983,8 +1006,7 @@
{DSA-1854-1}
- apr 1.3.8-1
- apr-util 1.3.9+dfsg-1
-CVE-2009-2411 [subversion: insufficient input validation]
- RESERVED
+CVE-2009-2411 (Multiple integer overflows in the libsvn_delta library in Subversion ...)
{DSA-1855-1}
- subversion 1.6.4dfsg-1
CVE-2009-2410 (The local_handler_callback function in ...)
@@ -2351,6 +2373,7 @@
CVE-2009-1883
RESERVED
CVE-2009-1882 (Integer overflow in the XMakeImage function in magick/xwindow.c in ...)
+ {DSA-1858-1}
- imagemagick 7:6.5.1.0-1.1 (medium; bug #530838)
- graphicsmagick <unfixed> (medium; bug #530946)
CVE-2009-1881 (Cross-site scripting (XSS) vulnerability in MT312 IMG-BBS allows ...)
@@ -6626,14 +6649,12 @@
REJECTED
CVE-2009-0670
RESERVED
-CVE-2009-0669 [Authentication bypass in ZODB ZEO storage servers]
- RESERVED
+CVE-2009-0669 (Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise ...)
- zope3 <unfixed> (bug #540462)
- zope2.11 <unfixed> (bug #540463)
- zope2.10 <unfixed> (bug #540464)
- zodb <unfixed> (bug #540465)
-CVE-2009-0668 [Arbitrary Python code execution in ZODB ZEO storage servers]
- RESERVED
+CVE-2009-0668 (Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, ...)
- zope3 <unfixed> (medium; bug #540462)
- zope2.11 <unfixed> (medium; bug #540463)
- zope2.10 <unfixed> (medium; bug #540464)
@@ -20780,9 +20801,11 @@
{DSA-1514-1}
- moin 1.5.8-5.1
CVE-2008-1097 (Heap-based buffer overflow in the ReadPCXImage function in the PCX ...)
+ {DSA-1858-1}
- graphicsmagick 1.1.7-13
- imagemagick 7:6.2.4.5.dfsg1-1
CVE-2008-1096 (The load_tile function in the XCF coder in coders/xcf.c in (1) ...)
+ {DSA-1858-1}
- imagemagick 7:6.3.7.9.dfsg1-2.1 (medium; bug #414370)
[lenny] - imagemagick 7:6.3.7.9.dfsg1-2.1+lenny1
- graphicsmagick 1.1.11-3.2 (medium; bug #414370)
@@ -28420,18 +28443,18 @@
CVE-2007-4989
REJECTED
CVE-2007-4988 (Sign extension error in the ReadDIBImage function in ImageMagick ...)
- {DTSA-63-1}
+ {DSA-1858-1 DTSA-63-1}
- imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267)
- graphicsmagick 1.1.11-1 (medium; bug #444266)
CVE-2007-4987 (Off-by-one error in the ReadBlobString function in blob.c in ...)
- {DTSA-63-1}
+ {DSA-1858-1 DTSA-63-1}
- imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267)
CVE-2007-4986 (Multiple integer overflows in ImageMagick before 6.3.5-9 allow ...)
- {DTSA-63-1}
+ {DSA-1858-1 DTSA-63-1}
- imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267)
- graphicsmagick 1.1.11-1 (medium; bug #444266)
CVE-2007-4985 (ImageMagick before 6.3.5-9 allows context-dependent attackers to cause ...)
- {DTSA-63-1}
+ {DSA-1858-1 DTSA-63-1}
- imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267)
- graphicsmagick 1.1.11-1 (medium; bug #444266)
CVE-2007-4984 (SQL injection vulnerability in index.php in the Ktauber.com StylesDemo ...)
@@ -36064,6 +36087,7 @@
CVE-2007-1798 (Buffer overflow in the drmgr command in IBM AIX 5.2 and 5.3 allows ...)
NOT-FOR-US: IBM AIX
CVE-2007-1797 (Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote ...)
+ {DSA-1858-1}
- imagemagick 7:6.2.4.5.dfsg1-1 (medium)
- graphicsmagick 1.1.7-15 (medium)
CVE-2007-1796 (Multiple unspecified vulnerabilities in JCcorp URLshrink before 1.3.2 ...)
@@ -39027,7 +39051,7 @@
- graphicsmagick 1.1.7-12
- imagemagick 7:6.2.4.5.dfsg1-0.14 (bug #410435)
CVE-2007-1667 (Multiple integer overflows in (1) the XGetPixel function in ImUtil.c ...)
- {DSA-1294-1}
+ {DSA-1858-1 DSA-1294-1}
- xfree86 <removed> (bug #414046; medium)
- libx11 2:1.0.3-7 (bug #414045; medium)
- graphicsmagick 1.1.7-14 (bug #417862; medium)
More information about the Secure-testing-commits
mailing list