[Secure-testing-commits] r13562 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Tue Dec 15 21:14:20 UTC 2009
Author: joeyh
Date: 2009-12-15 21:14:19 +0000 (Tue, 15 Dec 2009)
New Revision: 13562
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-12-15 20:32:50 UTC (rev 13561)
+++ data/CVE/list 2009-12-15 21:14:19 UTC (rev 13562)
@@ -1,3 +1,95 @@
+CVE-2010-0035
+ RESERVED
+CVE-2010-0034
+ RESERVED
+CVE-2010-0033
+ RESERVED
+CVE-2010-0032
+ RESERVED
+CVE-2010-0031
+ RESERVED
+CVE-2010-0030
+ RESERVED
+CVE-2010-0029
+ RESERVED
+CVE-2010-0028
+ RESERVED
+CVE-2010-0027
+ RESERVED
+CVE-2010-0026
+ RESERVED
+CVE-2010-0025
+ RESERVED
+CVE-2010-0024
+ RESERVED
+CVE-2010-0023
+ RESERVED
+CVE-2010-0022
+ RESERVED
+CVE-2010-0021
+ RESERVED
+CVE-2010-0020
+ RESERVED
+CVE-2010-0019
+ RESERVED
+CVE-2010-0018
+ RESERVED
+CVE-2010-0017
+ RESERVED
+CVE-2010-0016
+ RESERVED
+CVE-2010-0015
+ RESERVED
+CVE-2010-0014
+ RESERVED
+CVE-2010-0013
+ RESERVED
+CVE-2010-0012
+ RESERVED
+CVE-2010-0011
+ RESERVED
+CVE-2010-0010
+ RESERVED
+CVE-2010-0009
+ RESERVED
+CVE-2010-0008
+ RESERVED
+CVE-2010-0007
+ RESERVED
+CVE-2010-0006
+ RESERVED
+CVE-2010-0005
+ RESERVED
+CVE-2010-0004
+ RESERVED
+CVE-2010-0003
+ RESERVED
+CVE-2010-0002
+ RESERVED
+CVE-2010-0001
+ RESERVED
+CVE-2009-4324 (Unspecified vulnerability in Adobe Reader and Acrobat 9.2 and earlier ...)
+ TODO: check
+CVE-2009-4323 (The installation for Zen Cart stores sensitive information and ...)
+ TODO: check
+CVE-2009-4322 (extras/ipn_test_return.php in Zen Cart allows remote attackers to ...)
+ TODO: check
+CVE-2009-4321 (extras/curltest.php in Zen Cart 1.3.8 and 1.3.8a, and possibly other ...)
+ TODO: check
+CVE-2009-4320 (Cross-site scripting (XSS) vulnerability in searchform.php in The Next ...)
+ TODO: check
+CVE-2009-4319 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2009-4318 (Cross-site scripting (XSS) vulnerability in index.php in Real Estate ...)
+ TODO: check
+CVE-2009-4317 (Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez ...)
+ TODO: check
+CVE-2009-4316 (Cross-site scripting (XSS) vulnerability in searchresults_main.php in ...)
+ TODO: check
+CVE-2009-4315 (Directory traversal vulnerability in admin/ajaxsave.php in Nuggetz CMS ...)
+ TODO: check
+CVE-2009-4314 (Sun Ray Server Software 4.1 on Solaris 10, when Automatic Multi-Group ...)
+ TODO: check
CVE-2009-4313 (ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 ...)
TODO: check
CVE-2009-4312 (Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 ...)
@@ -460,10 +552,10 @@
CVE-2009-XXXX [monkey DoS]
- monkey 0.9.3-1 (low)
[lenny] - monkey <no-dsa> (Minor issue, fringe package)
-CVE-2009-4130
- RESERVED
-CVE-2009-4129
- RESERVED
+CVE-2009-4130 (Visual truncation vulnerability in the MakeScriptDialogTitle function ...)
+ TODO: check
+CVE-2009-4129 (Race condition in Mozilla Firefox allows remote attackers to produce a ...)
+ TODO: check
CVE-2009-4128 (GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted ...)
- grub2 1.97+20091115-1 (bug #555195)
[lenny] - grub2 <not-affected> (Password authentication not yet present)
@@ -519,6 +611,7 @@
CVE-2009-4103 (Buffer overflow in Robo-FTP 3.6.17, and possibly other versions, ...)
NOT-FOR-US: Robo-FTP
CVE-2009-4102 (Sage 1.4.3 and earlier extension for Firefox performs certain ...)
+ {DSA-1951-1}
- firefox-sage 1.4.3-4 (medium; bug #559267)
CVE-2009-4101 (infoRSS 1.1.4.2 and earlier extension for Firefox performs certain ...)
NOT-FOR-US: infoRSS extension for Firefox
@@ -633,6 +726,7 @@
CVE-2009-4056 (Directory traversal vulnerability in admin/popup.php in Betsy CMS 3.5 ...)
NOT-FOR-US: Betsy CMS
CVE-2009-4055 (rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before ...)
+ {DSA-1952-1}
- asterisk 1:1.6.2.0~rc7-1 (bug #559103)
CVE-2009-4054
REJECTED
@@ -1524,6 +1618,7 @@
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3727 (Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, ...)
+ {DSA-1952-1}
- asterisk 1:1.6.2.0~rc6-1
[lenny] - asterisk <no-dsa> (Minor issue)
[etch] - asterisk <no-dsa> (Minor issue)
@@ -2060,6 +2155,7 @@
CVE-2009-3561 (Directory traversal vulnerability in Xerver HTTP Server 4.32 allows ...)
NOT-FOR-US: Xerver HTTP Server
CVE-2009-3560 (The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, ...)
+ {DSA-1953-1}
- expat 2.0.1-6 (low; bug #560901)
- w3c-libwww <removed>
[etch] - w3c-libwww <no-dsa> (Minor issue, only used by fringe apps)
@@ -3169,6 +3265,7 @@
[etch] - bugzilla <not-affected> (Vulnerable code not present)
NOTE: Introduced in 2.23.4
CVE-2008-7220 (Unspecified vulnerability in Prototype JavaScript framework ...)
+ {DSA-1952-1}
- prototypejs 1.6.0.2-1
- asterisk 1:1.6.2.0~rc3-1 (low; bug #555220)
[etch] - asterisk <no-dsa> (Minor issue)
@@ -14252,6 +14349,7 @@
CVE-2009-0042 (Multiple unspecified vulnerabilities in the Arclib library ...)
NOT-FOR-US: CA Anti-Virus
CVE-2009-0041 (IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before ...)
+ {DSA-1952-1}
- asterisk 1:1.6.1.0~dfsg~rc3-1 (low; bug #513413)
[lenny] - asterisk <no-dsa> (Minor issue)
[etch] - asterisk <no-dsa> (Minor issue)
@@ -19105,6 +19203,7 @@
- ruby1.8 1.8.7.72-1 (bug #498978)
- ruby1.9 1.9.0.2-6 (bug #498977)
CVE-2008-3903 (Asterisk Open Source 1.2.x before 1.2.32, 1.4.x before 1.4.24.1, and ...)
+ {DSA-1952-1}
- asterisk 1:1.6.1.0~dfsg-1 (low; bug #522528)
[etch] - asterisk <no-dsa> (Minor issue)
[lenny] - asterisk <no-dsa> (Minor issue)
@@ -39926,6 +40025,7 @@
NOTE: only be considered vunerabile if they process confidential data.
NOTE: The frameworks should be fixed in any case.
CVE-2007-2383 (The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data ...)
+ {DSA-1952-1}
- prototypejs <not-affected> (fixed before initial upload)
- auth2db 0.2.5-2+dfsg-1 (low; bug #555217)
- asterisk 1:1.6.2.0~rc3-1 (low; bug #555220)
More information about the Secure-testing-commits
mailing list