[Secure-testing-commits] r12388 - data/CVE

Giuseppe Iuculano derevko-guest at alioth.debian.org
Tue Jul 21 20:17:51 UTC 2009


Author: derevko-guest
Date: 2009-07-21 20:17:50 +0000 (Tue, 21 Jul 2009)
New Revision: 12388

Modified:
   data/CVE/list
Log:
- NFUs
- DoS via a large integer value for the length property of a Select object in konqueror and iceweasel (already fixed)
- CVE-2009-2492: XSS vulnerability in movabletype-opensource
- automatic update


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-07-21 17:41:40 UTC (rev 12387)
+++ data/CVE/list	2009-07-21 20:17:50 UTC (rev 12388)
@@ -1,3 +1,130 @@
+CVE-2009-2554 (SQL injection vulnerability in the search method in jobline.class.php ...)
+	NOT-FOR-US: Joomla!
+CVE-2009-2553 (Multiple SQL injection vulnerabilities in comments.php in Super Simple ...)
+	NOT-FOR-US: Super Simple Blog Script
+CVE-2009-2552 (Multiple directory traversal vulnerabilities in comments.php in Super ...)
+	NOT-FOR-US: Super Simple Blog Script
+CVE-2009-2551 (Multiple cross-site scripting (XSS) vulnerabilities in ScriptsEz Easy ...)
+	NOT-FOR-US: ScriptsEz Easy Image Downloader
+CVE-2009-2550 (Stack-based buffer overflow in Hamster Audio Player 0.3a allows remote ...)
+	NOT-FOR-US: Hamster Audio Player
+CVE-2009-2549 (Armed Assault (aka ArmA) 1.14 and earlier, and 1.16 beta, and Armed ...)
+	NOT-FOR-US: Armed Assault
+CVE-2009-2548 (Format string vulnerability in Armed Assault (aka ArmA) 1.14 and ...)
+	NOT-FOR-US: Armed Assault
+CVE-2009-2547 (Integer underflow in Armed Assault (aka ArmA) 1.14 and earlier, and ...)
+	NOT-FOR-US: Armed Assault
+CVE-2009-2546 (Directory traversal vulnerability in Advanced Electron Forum (AEF) 1.x ...)
+	NOT-FOR-US: Advanced Electron Forum
+CVE-2009-2545 (SQL injection vulnerability in Advanced Electron Forum (AEF) 1.x, when ...)
+	NOT-FOR-US: Advanced Electron Forum
+CVE-2009-2544 (Directory traversal vulnerability in the Marcelo Costa FileServer ...)
+	NOT-FOR-US: Marcelo Costa FileServer
+CVE-2009-2543 (Multiple unspecified vulnerabilities in the IBM Proventia engine ...)
+	NOT-FOR-US: IBM Proventia engine
+CVE-2009-2542 (Netscape 6 and 8 allows remote attackers to cause a denial of service ...)
+	NOT-FOR-US: Netscape 6 and 8
+CVE-2009-2541 (The web browser on the Sony PLAYSTATION 3 (PS3) allows remote ...)
+	NOT-FOR-US: Sony PLAYSTATION 3
+CVE-2009-2540 (Opera, possibly 9.64 and earlier, allows remote attackers to cause a ...)
+	NOT-FOR-US: Opera
+CVE-2009-2539 (The Aigo P8860 allows remote attackers to cause a denial of service ...)
+	NOT-FOR-US: Aigo P8860
+CVE-2009-2538 (The Nokia N95 running Symbian OS 9.2, N82, and N810 Internet Tablet ...)
+	NOT-FOR-US: Nokia N95
+CVE-2009-2537 (KDE Konqueror allows remote attackers to cause a denial of service ...)
+	- kdebase <unfixed> (low; bug #537931)
+CVE-2009-2536 (Microsoft Internet Explorer 5 through 8 allows remote attackers to ...)
+	NOT-FOR-US: Microsoft Internet Explorer 5
+CVE-2009-2535 (Mozilla Firefox before 2.0.0.19 and 3.x before 3.0.5, SeaMonkey, and ...)
+	- iceweasel 3.0.5-1
+	[etch] - iceweasel 2.0.0.19-0etch1
+CVE-2009-2534 (RealNetworks Helix Server and Helix Mobile Server before 13.0.0 allow ...)
+	NOT-FOR-US: RealNetworks Helix Server and Helix Mobile Server
+CVE-2009-2533 (rmserver in RealNetworks Helix Server and Helix Mobile Server before ...)
+	NOT-FOR-US: RealNetworks Helix Server and Helix Mobile Server
+CVE-2009-2532
+	RESERVED
+CVE-2009-2531
+	RESERVED
+CVE-2009-2530
+	RESERVED
+CVE-2009-2529
+	RESERVED
+CVE-2009-2528
+	RESERVED
+CVE-2009-2527
+	RESERVED
+CVE-2009-2526
+	RESERVED
+CVE-2009-2525
+	RESERVED
+CVE-2009-2524
+	RESERVED
+CVE-2009-2523
+	RESERVED
+CVE-2009-2522
+	RESERVED
+CVE-2009-2521
+	RESERVED
+CVE-2009-2520
+	RESERVED
+CVE-2009-2519
+	RESERVED
+CVE-2009-2518
+	RESERVED
+CVE-2009-2517
+	RESERVED
+CVE-2009-2516
+	RESERVED
+CVE-2009-2515
+	RESERVED
+CVE-2009-2514
+	RESERVED
+CVE-2009-2513
+	RESERVED
+CVE-2009-2512
+	RESERVED
+CVE-2009-2511
+	RESERVED
+CVE-2009-2510
+	RESERVED
+CVE-2009-2509
+	RESERVED
+CVE-2009-2508
+	RESERVED
+CVE-2009-2507
+	RESERVED
+CVE-2009-2506
+	RESERVED
+CVE-2009-2505
+	RESERVED
+CVE-2009-2504
+	RESERVED
+CVE-2009-2503
+	RESERVED
+CVE-2009-2502
+	RESERVED
+CVE-2009-2501
+	RESERVED
+CVE-2009-2500
+	RESERVED
+CVE-2009-2499
+	RESERVED
+CVE-2009-2498
+	RESERVED
+CVE-2009-2497
+	RESERVED
+CVE-2009-2496
+	RESERVED
+CVE-2009-2495
+	RESERVED
+CVE-2009-2494
+	RESERVED
+CVE-2009-2493
+	RESERVED
+CVE-2009-2492 (Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart ...)
+	- movabletype-opensource 4.2.6.1-1 (low; bug #537935) 
 CVE-2009-XXXX [mediawiki: multiple vulnerabilities]
 	- mediawiki <unfixed> (medium; bug #537634)
 	[etch] - mediawiki <not-affected> (vulnerably code introduced in 1.14.0)
@@ -337,8 +464,8 @@
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2009-2349
 	RESERVED
-CVE-2009-2348
-	RESERVED
+CVE-2009-2348 (Android 1.5 CRBxx allows local users to bypass the (1) ...)
+	NOT-FOR-US: Android
 CVE-2009-2347 (Multiple integer overflows in inter-color spaces conversion tools in ...)
 	{DSA-1835-1}
 	- tiff 3.8.2-13
@@ -1489,8 +1616,7 @@
 CVE-2009-1960 (inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, ...)
 	- dokuwiki 0.0.20090214b-1 (unimportant)
 	NOTE: we don't support setups with register_globals enabled
-CVE-2009-1897 [linux-2.6: null pointer dereference in tun/tap]
-	RESERVED
+CVE-2009-1897 (The tun_chr_poll function in drivers/net/tun.c in the tun subsystem in ...)
 	- linux-2.6 2.6.30-3 (high; bug #537409)
 	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
 	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
@@ -1503,15 +1629,13 @@
 	- linux-2.6 2.6.30-3 (low)
 	[etch] - linux-2.6 <not-affected> (mmap_min_addr first indroduced in 2.6.23)
 	- linux-2.6.24 <removed>
-CVE-2009-1894
-	RESERVED
+CVE-2009-1894 (Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local ...)
 	{DSA-1838-1}
 	- pulseaudio <unfixed> (high; bug #537351)
 	[etch] - pulseaudio <not-affected> (vulnerable code not present)
-CVE-2009-1893
-	RESERVED
-CVE-2009-1892
-	RESERVED
+CVE-2009-1893 (The configtest function in the Red Hat dhcpd init script for DHCP ...)
+	NOT-FOR-US: Red Hat dhcpd init script for DHCP
+CVE-2009-1892 (dhcpd in ISC DHCP 3.0.4 and 3.1.1, when the dhcp-client-identifier and ...)
 	{DSA-1833-1}
 	- dhcp3 <unfixed> (low)
 	[etch] - dhcp3 <not-affected> (problematic assert is not present)
@@ -2030,7 +2154,7 @@
 CVE-2009-1693 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...)
 	- webkit <unfixed> (medium; bug #535793)
 	TODO: work with upstream to determine affected/not-affected webkit versions
-CVE-2009-1692 (WebKit in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod ...)
+CVE-2009-1692 (WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, ...)
 	- webkit <unfixed> (medium; bug #535793)
 	NOTE: upstream (undisclosed) bug report is https://bugs.webkit.org/show_bug.cgi?id=23319
 	TODO: work with upstream to determine affected/not-affected webkit versions




More information about the Secure-testing-commits mailing list