[Secure-testing-commits] r13576 - data/CVE

Joey Hess joeyh at alioth.debian.org
Wed Dec 16 21:14:20 UTC 2009 

Author: joeyh
Date: 2009-12-16 21:14:20 +0000 (Wed, 16 Dec 2009)
New Revision: 13576

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-12-16 20:48:05 UTC (rev 13575)
+++ data/CVE/list	2009-12-16 21:14:20 UTC (rev 13576)
@@ -1,3 +1,63 @@
+CVE-2010-0065
+	RESERVED
+CVE-2010-0064
+	RESERVED
+CVE-2010-0063
+	RESERVED
+CVE-2010-0062
+	RESERVED
+CVE-2010-0061
+	RESERVED
+CVE-2010-0060
+	RESERVED
+CVE-2010-0059
+	RESERVED
+CVE-2010-0058
+	RESERVED
+CVE-2010-0057
+	RESERVED
+CVE-2010-0056
+	RESERVED
+CVE-2010-0055
+	RESERVED
+CVE-2010-0054
+	RESERVED
+CVE-2010-0053
+	RESERVED
+CVE-2010-0052
+	RESERVED
+CVE-2010-0051
+	RESERVED
+CVE-2010-0050
+	RESERVED
+CVE-2010-0049
+	RESERVED
+CVE-2010-0048
+	RESERVED
+CVE-2010-0047
+	RESERVED
+CVE-2010-0046
+	RESERVED
+CVE-2010-0045
+	RESERVED
+CVE-2010-0044
+	RESERVED
+CVE-2010-0043
+	RESERVED
+CVE-2010-0042
+	RESERVED
+CVE-2010-0041
+	RESERVED
+CVE-2010-0040
+	RESERVED
+CVE-2010-0039
+	RESERVED
+CVE-2010-0038
+	RESERVED
+CVE-2010-0037
+	RESERVED
+CVE-2010-0036
+	RESERVED
 CVE-2010-0035
 	RESERVED
 CVE-2010-0034
@@ -68,7 +128,7 @@
 	RESERVED
 CVE-2010-0001
 	RESERVED
-CVE-2009-4324 (Use-after-free vulnerability in Doc.media.newPlayer in Adobe Reader ...)
+CVE-2009-4324 (Use-after-free vulnerability in the Doc.media.newPlayer method in ...)
 	TODO: check
 CVE-2009-4323 (The installation for Zen Cart stores sensitive information and ...)
 	NOT-FOR-US: Zen Cart
@@ -219,48 +279,39 @@
 	- php-net-ping 2.4.2-1.1 (medium)
 	[etch] - php-net-ping 2.4.2-1+etch1
 	[lenny] - php-net-ping 2.4.2-1+lenny1
-CVE-2009-4305
-	RESERVED
+CVE-2009-4305 (SQL injection vulnerability in the SCORM module in Moodle 1.8 before ...)
 	- moodle <unfixed> (bug #559531)
 	NOTE: MSA-09-0031
 	TODO: check
-CVE-2009-4304
-	RESERVED
+CVE-2009-4304 (Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not use a random ...)
 	- moodle <unfixed> (bug #559531)
 	NOTE: MSA-09-0029
 	TODO: check
-CVE-2009-4303
-	RESERVED
+CVE-2009-4303 (Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores (1) password ...)
 	- moodle <unfixed> (bug #559531)
 	NOTE: MSA-09-0028
 	TODO: check
-CVE-2009-4302
-	RESERVED
+CVE-2009-4302 (login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 ...)
 	- moodle <unfixed> (bug #559531)
 	NOTE: MSA-09-0027
 	TODO: check
-CVE-2009-4301
-	RESERVED
+CVE-2009-4301 (mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when ...)
 	- moodle <unfixed> (bug #559531)
 	NOTE: MSA-09-0026
 	TODO: check
-CVE-2009-4300
-	RESERVED
+CVE-2009-4300 (Multiple unspecified authentication plugins in Moodle 1.8 before ...)
 	- moodle <unfixed> (bug #559531)
 	NOTE: MSA-09-0025
 	TODO: check
-CVE-2009-4299
-	RESERVED
+CVE-2009-4299 (mod/glossary/showentry.php in the Glossary module for Moodle 1.8 ...)
 	- moodle <unfixed> (bug #559531)
 	NOTE: MSA-09-0024
 	TODO: check
-CVE-2009-4298
-	RESERVED
+CVE-2009-4298 (The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before ...)
 	- moodle <unfixed> (bug #559531)
 	NOTE: MSA-09-0023
 	TODO: check
-CVE-2009-4297
-	RESERVED
+CVE-2009-4297 (Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle ...)
 	- moodle <unfixed> (bug #559531)
 	NOTE: MSA-09-0022
 	TODO: check
@@ -683,8 +734,7 @@
 CVE-2009-4214 (Cross-site scripting (XSS) vulnerability in the strip_tags function in ...)
 	- rails <unfixed> (low; bug #558685)
 	NOTE: http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1
-CVE-2008-7248 [rails CSRF]
-	RESERVED
+CVE-2008-7248 (Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify ...)
 	- rails <unfixed> (medium; bug #558685)
 	NOTE: http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1
 CVE-2009-4073 (The printing functionality in Microsoft Internet Explorer 8 allows ...)
@@ -753,6 +803,7 @@
 	NOTE: low or maybe even unimportant as one requires admin access
 	NOTE: to cacti, upstream will implement a whitelist
 CVE-2009-4032 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e ...)
+	{DSA-1954-1}
 	- cacti 0.8.7e-1.1 (low; bug #561338)
 	NOTE: http://docs.cacti.net/#cross-site_scripting_fixes
 	NOTE: http://www.cacti.net/download_patches.php
@@ -13237,6 +13288,7 @@
 	{DSA-1737-1}
 	- wesnoth 1:1.4.7-4
 CVE-2009-0365 (nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an ...)
+	{DSA-1955-1}
 	- network-manager-applet 0.7.0.99-1 (medium; bug #519801)
 	- network-manager 0.6.5-1 (medium)
 	NOTE: network-manager in lenny not affected, because it is in network-manager-applet
@@ -38288,10 +38340,12 @@
 	- maradns 1.2.12.05-1
 	[sarge] - maradns <not-affected> (1.0.x branch not affected)
 CVE-2007-3113 (Cacti 0.8.6i, and possibly other versions, allows remote authenticated ...)
+	{DSA-1954-1}
 	- cacti 0.8.6j-1.1 (low; bug #429224)
 	[sarge] - cacti <no-dsa> (Minor issue, would only be run within authentication)
 	[etch] - cacti <no-dsa> (Minor issue, would only be run within authentication)
 CVE-2007-3112 (Cacti 0.8.6i, and possibly other versions, allows remote authenticated ...)
+	{DSA-1954-1}
 	- cacti 0.8.6j-1.1 (low; bug #429224)
 	[sarge] - cacti <no-dsa> (Minor issue, would only be run within authentication)
 	[etch] - cacti <no-dsa> (Minor issue, would only be run within authentication)

More information about the Secure-testing-commits mailing list