[Secure-testing-commits] r12700 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Fri Aug 28 21:14:19 UTC 2009
Author: joeyh
Date: 2009-08-28 21:14:17 +0000 (Fri, 28 Aug 2009)
New Revision: 12700
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-08-28 11:58:52 UTC (rev 12699)
+++ data/CVE/list 2009-08-28 21:14:17 UTC (rev 12700)
@@ -1,3 +1,83 @@
+CVE-2009-2999
+ RESERVED
+CVE-2009-2998
+ RESERVED
+CVE-2009-2997
+ RESERVED
+CVE-2009-2996
+ RESERVED
+CVE-2009-2995
+ RESERVED
+CVE-2009-2994
+ RESERVED
+CVE-2009-2993
+ RESERVED
+CVE-2009-2992
+ RESERVED
+CVE-2009-2991
+ RESERVED
+CVE-2009-2990
+ RESERVED
+CVE-2009-2989
+ RESERVED
+CVE-2009-2988
+ RESERVED
+CVE-2009-2987
+ RESERVED
+CVE-2009-2986
+ RESERVED
+CVE-2009-2985
+ RESERVED
+CVE-2009-2984
+ RESERVED
+CVE-2009-2983
+ RESERVED
+CVE-2009-2982
+ RESERVED
+CVE-2009-2981
+ RESERVED
+CVE-2009-2980
+ RESERVED
+CVE-2009-2979
+ RESERVED
+CVE-2009-2978 (SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and ...)
+ TODO: check
+CVE-2009-2977 (The Cisco Security Monitoring, Analysis and Response System (CS-MARS) ...)
+ TODO: check
+CVE-2009-2976 (Cisco Aironet Lightweight Access Point (AP) devices send the contents ...)
+ TODO: check
+CVE-2009-2975 (Mozilla Firefox 3.5.2 on Windows XP, in some situations possibly ...)
+ TODO: check
+CVE-2009-2974 (Google Chrome 1.0.154.65, 1.0.154.48, and earlier allows remote ...)
+ TODO: check
+CVE-2009-2973 (Google Chrome before 2.0.172.43 does not prevent SSL connections to a ...)
+ TODO: check
+CVE-2009-2972 (in.lpd in the print service in Sun Solaris 8 and 9 allows remote ...)
+ TODO: check
+CVE-2008-7106 (The installation of Sophos PureMessage for Microsoft Exchange 3.0 ...)
+ TODO: check
+CVE-2008-7105 (Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows ...)
+ TODO: check
+CVE-2008-7104 (Sophos PureMessage Scanner service (PMScanner.exe) in PureMessage for ...)
+ TODO: check
+CVE-2008-7103 (Stack-based buffer overflow in an ActiveX control in ...)
+ TODO: check
+CVE-2008-7102 (DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx ...)
+ TODO: check
+CVE-2008-7101 (Unspecified vulnerability in DotNetNuke 4.0 through 4.8.4 and 5.0 ...)
+ TODO: check
+CVE-2008-7100 (Unspecified vulnerability in DotNetNuke 4.4.1 through 4.8.4 allows ...)
+ TODO: check
+CVE-2008-7099 (Unspecified vulnerability in the Manage Templates feature in Qsoft ...)
+ TODO: check
+CVE-2008-7098 (Multiple cross-site scripting (XSS) vulnerabilities in Qsoft K-Rate ...)
+ TODO: check
+CVE-2008-7097 (Multiple SQL injection vulnerabilities in Qsoft K-Rate Premium allow ...)
+ TODO: check
+CVE-2008-7096 (Intel Desktop and Intel Mobile Boards with BIOS firmware DQ35JO, ...)
+ TODO: check
+CVE-2008-7095 (The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller does ...)
+ TODO: check
CVE-2009-2971
RESERVED
CVE-2009-2970
@@ -154,8 +234,8 @@
RESERVED
CVE-2009-2936
RESERVED
-CVE-2009-2935
- RESERVED
+CVE-2009-2935 (Google V8, as used in Google Chrome before 2.0.172.43, allows remote ...)
+ TODO: check
CVE-2009-2934 (Multiple stack-based buffer overflows in xaudio.dll in Programmed ...)
NOT-FOR-US: Programmed Integration PIPL
CVE-2009-2933 (SQL injection vulnerability in comments.php in Piwigo before 2.0.3 ...)
@@ -397,8 +477,8 @@
RESERVED
CVE-2009-2862
RESERVED
-CVE-2009-2861
- RESERVED
+CVE-2009-2861 (The Over-the-Air Provisioning (OTAP) functionality on Cisco Aironet ...)
+ TODO: check
CVE-2009-2860 (Unspecified vulnerability in db2jds in IBM DB2 8.1 before FP18 allows ...)
NOT-FOR-US: db2jds in IBM DB2
CVE-2009-2859 (IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access ...)
@@ -1048,8 +1128,7 @@
RESERVED
CVE-2009-2699
RESERVED
-CVE-2009-2698 [linux-2.6: privilege escalation via udp socket null ptr dereference]
- RESERVED
+CVE-2009-2698 (The UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in ...)
{DSA-1872-1}
- linux-2.6 2.6.19-1 (high)
- linux-2.6.24 2.6.19-1
@@ -1184,12 +1263,12 @@
CVE-2009-2664 (The js_watch_set function in js/src/jsdbgapi.cpp in the JavaScript ...)
- xulrunner <unfixed>
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
-CVE-2009-2663 (libvorbis before r16182, as used in Mozilla Firefox before 3.0.13 and ...)
+CVE-2009-2663 (libvorbis before r16182, as used in Mozilla Firefox 3.5.x before 3.5.2 ...)
- libvorbis 1.2.0.dfsg-6 (medium; bug #540958)
- xulrunner <not-affected> (medium; bug #540961)
NOTE: vorbis support added in 1.9.0.13 and 1.9.1.0, which have not yet entered the archive
TODO: recheck when 1.9.0.13 or 1.9.1.x enter stable/unstable
-CVE-2009-2662 (The browser engine in Mozilla Firefox before 3.0.13, and 3.5.x before ...)
+CVE-2009-2662 (The browser engine in Mozilla Firefox 3.5.x before 3.5.2 allows remote ...)
- xulrunner <unfixed>
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-2661 (The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before ...)
@@ -2853,16 +2932,16 @@
NOT-FOR-US: Cisco
CVE-2009-2055 (Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a ...)
NOT-FOR-US: Cisco IOS
-CVE-2009-2054
- RESERVED
-CVE-2009-2053
- RESERVED
-CVE-2009-2052
- RESERVED
-CVE-2009-2051
- RESERVED
-CVE-2009-2050
- RESERVED
+CVE-2009-2054 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...)
+ TODO: check
+CVE-2009-2053 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...)
+ TODO: check
+CVE-2009-2052 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...)
+ TODO: check
+CVE-2009-2051 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...)
+ TODO: check
+CVE-2009-2050 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...)
+ TODO: check
CVE-2009-2049 (Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through ...)
NOT-FOR-US: Cisco IOS
CVE-2009-2048 (Cross-site scripting (XSS) vulnerability in the Administration ...)
@@ -14754,7 +14833,7 @@
CVE-2008-3950 (Off-by-one error in the ...)
- webkit <not-affected> (Vulnerable code not present)
NOTE: bug #500306
-CVE-2008-3949 (Emacs 22.1 and 22.2 imports Python script from the current working ...)
+CVE-2008-3949 (emacs/lisp/progmodes/python.el in Emacs 22.1 and 22.2 imports Python ...)
- emacs22 22.2+2-4 (low; bug #499568)
- emacs21 <not-affected> (doesn't provide the python functionality)
- xemacs21 <not-affected> (doesn't provide the python functionality)
More information about the Secure-testing-commits
mailing list