[Secure-testing-commits] r13644 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Thu Dec 24 21:14:20 UTC 2009
Author: joeyh
Date: 2009-12-24 21:14:20 +0000 (Thu, 24 Dec 2009)
New Revision: 13644
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-12-24 19:52:52 UTC (rev 13643)
+++ data/CVE/list 2009-12-24 21:14:20 UTC (rev 13644)
@@ -1,4 +1,27 @@
+CVE-2009-4413
+ RESERVED
+CVE-2009-4412
+ RESERVED
+CVE-2009-4411
+ RESERVED
+CVE-2009-4409 (The (1) CHAP and (2) MS-CHAP-V2 authentication capabilities in the PPP ...)
+ TODO: check
+CVE-2009-4408 (Multiple cross-site scripting (XSS) vulnerabilities in models.parser ...)
+ TODO: check
+CVE-2009-4407 (Multiple cross-site request forgery (CSRF) vulnerabilities in PyForum ...)
+ TODO: check
+CVE-2009-4406 (Cross-site scripting (XSS) vulnerability in Forms/login1 in American ...)
+ TODO: check
+CVE-2009-4405 (Multiple unspecified vulnerabilities in Trac before 0.11.6 have ...)
+ TODO: check
+CVE-2009-4404 (Unspecified vulnerability in t-prot (TOFU Protection) before 2.8 ...)
+ TODO: check
+CVE-2009-4403 (Cross-site scripting (XSS) vulnerability in index.php in Rumba XML 1.8 ...)
+ TODO: check
+CVE-2009-4402 (The default configuration of SQL-Ledger 2.8.24 allows remote attackers ...)
+ TODO: check
CVE-2009-4410 [linux-2.6: fuse dos]
+ RESERVED
- linux-2.6 2.6.32-1 (low)
[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
@@ -509,8 +532,7 @@
NOTE: Minor design issue
CVE-2009-XXXX [xpat2: save game permissions issue]
- xpat2 <unfixed> (unimportant; bug #560087)
-CVE-2009-4144 [network-manager-gnome: wpa2 authentication issue]
- RESERVED
+CVE-2009-4144 (NetworkManager (NM) 0.7.2 does not ensure that the configured ...)
- network-manager-applet <unfixed> (low; bug #560067)
CVE-2009-XXXX [unsafe xfs]
- xfs 1:1.0.8-6 (low; bug #521107)
@@ -817,8 +839,7 @@
TODO: check
CVE-2009-4146 (The _rtld function in the Run-Time Link-Editor (rtld) in ...)
TODO: check
-CVE-2009-4145 [nm-connection-editor information exposure]
- RESERVED
+CVE-2009-4145 (nm-connection-editor in NetworkManager (NM) 0.7.x exports connection ...)
- network-manager-applet <unfixed>
TODO: check
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=546117
@@ -850,8 +871,8 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=545439
CVE-2009-4134
RESERVED
-CVE-2009-4133
- RESERVED
+CVE-2009-4133 (Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for ...)
+ TODO: check
CVE-2009-4132
REJECTED
CVE-2009-4131 (The EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ...)
@@ -2436,16 +2457,16 @@
{DSA-1944-1}
- request-tracker3.4 <removed>
- request-tracker3.6 3.6.9-2 (low)
-CVE-2009-3584
- RESERVED
-CVE-2009-3583
- RESERVED
-CVE-2009-3582
- RESERVED
-CVE-2009-3581
- RESERVED
-CVE-2009-3580
- RESERVED
+CVE-2009-3584 (SQL-Ledger 2.8.24 does not set the secure flag for the session cookie ...)
+ TODO: check
+CVE-2009-3583 (Directory traversal vulnerability in the Preferences menu item in ...)
+ TODO: check
+CVE-2009-3582 (Multiple SQL injection vulnerabilities in the delete subroutine in ...)
+ TODO: check
+CVE-2009-3581 (Multiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger ...)
+ TODO: check
+CVE-2009-3580 (Cross-site request forgery (CSRF) vulnerability in am.pl in SQL-Ledger ...)
+ TODO: check
CVE-2009-3578 (Autodesk Maya 8.0, 8.5, 2008, 2009, and 2010 and Alias Wavefront Maya ...)
NOT-FOR-US: Autodesk Maya
CVE-2009-3577 (Autodesk 3D Studio Max (3DSMax) 6 through 9 and 2008 through 2010 ...)
More information about the Secure-testing-commits
mailing list