[Secure-testing-commits] r12690 - data/CVE

Joey Hess joeyh at alioth.debian.org
Wed Aug 26 21:14:15 UTC 2009 

Author: joeyh
Date: 2009-08-26 21:14:14 +0000 (Wed, 26 Aug 2009)
New Revision: 12690

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-08-26 19:18:21 UTC (rev 12689)
+++ data/CVE/list	2009-08-26 21:14:14 UTC (rev 12690)
@@ -1,3 +1,17 @@
+CVE-2009-2966 (avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus ...)
+	TODO: check
+CVE-2009-2965 (Cross-site scripting (XSS) vulnerability in entry/index.jsp in ...)
+	TODO: check
+CVE-2009-2964 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
+	TODO: check
+CVE-2009-2963 (Unspecified vulnerability in the update feature in Toolbar Uninstaller ...)
+	TODO: check
+CVE-2009-2961 (Stack-based buffer overflow in Thaddy de Konng KOL Player 1.0 allows ...)
+	TODO: check
+CVE-2009-2960 (CuteFlow 2.10.3 and 2.11.0_c does not properly restrict access to ...)
+	TODO: check
+CVE-2009-2959 (Cross-site scripting (XSS) vulnerability in the waterfall web status ...)
+	TODO: check
 CVE-2009-2958
 	RESERVED
 CVE-2009-2957
@@ -205,7 +219,7 @@
 CVE-2009-XXXX [pidgin does not honour SSL/TLS]
 	- pidgin 2.6.1-1 (low; bug #542891)
 	[lenny] - pidgin <no-dsa> (Minor issue)
-        TODO: next point update: [lenny] - pidgin_2.4.3-4lenny4
+	TODO: next point update: [lenny] - pidgin_2.4.3-4lenny4
 	NOTE: gaim nof affected, it never claimed to support TLS/SSL
 	NOTE: http://developer.pidgin.im/ticket/8131
 	NOTE: http://developer.pidgin.im/viewmtn/revision/diff/312e056d702d29379ea61aea9d27765f127bc888/with/55897c4ce0787edc1e7721b7f4a9b5cbc8357279
@@ -309,7 +323,7 @@
 CVE-2009-XXXX [burn: Insecure escaping of file names]
 	- burn <unfixed> (low; bug #542329)
 	[lenny] - burn <no-dsa> (Minor issue)
-        TODO: next point update [lenny] - burn 0.4.3-2.2
+	TODO: next point update [lenny] - burn 0.4.3-2.2
 	[etch] - burn <no-dsa> (Minor issue)
 CVE-2009-2880
 	RESERVED
@@ -1170,6 +1184,7 @@
 CVE-2009-2655 (mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2009-2654 (Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote ...)
+	{DSA-1873-1}
 	- xulrunner 1.9.0.13-1 (low; bug #539891)
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
 CVE-2009-2653 (** DISPUTED ** ...)
@@ -1195,6 +1210,7 @@
 CVE-2009-XXXX [poppler: buffer overflow in abiword backend]
 	- poppler <unfixed> (low; bug #534680)
 CVE-2009-2408 (Mozilla Network Security Services (NSS) before 3.12.3, Firefox before ...)
+	{DSA-1874-1}
 	- openssl <unfixed> (medium; bug #539449)
 	- openssl097 <removed>
 	- xulrunner <unfixed> (medium)
@@ -1887,6 +1903,7 @@
 CVE-2009-2410 (The local_handler_callback function in ...)
 	NOT-FOR-US: sssd
 CVE-2009-2409 (The Network Security Services (NSS) library before 3.12.3, as used in ...)
+	{DSA-1874-1}
 	- nss 3.12.3-1 (low; bug #539895)
 	- openssl 0.9.8k-4 (low; bug #539899)
 	- gnutls26 2.4.2-5 (low; bug #539901)
@@ -1904,6 +1921,7 @@
 CVE-2009-2405
 	RESERVED
 CVE-2009-2404 (Heap-based buffer overflow in a regular-expression parser in Mozilla ...)
+	{DSA-1874-1}
 	- nss 3.12.3-1 (low; bug #539934) 
 CVE-2009-2403 (Heap-based buffer overflow in SCMPX 1.5.1 allows remote attackers to ...)
 	NOT-FOR-US: SCMPX

More information about the Secure-testing-commits mailing list