[Secure-testing-commits] r12394 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Thu Jul 23 21:14:34 UTC 2009
Author: joeyh
Date: 2009-07-23 21:14:32 +0000 (Thu, 23 Jul 2009)
New Revision: 12394
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-07-23 13:22:21 UTC (rev 12393)
+++ data/CVE/list 2009-07-23 21:14:32 UTC (rev 12394)
@@ -1,3 +1,52 @@
+CVE-2009-2584 (Off-by-one error in the options_write function in ...)
+ TODO: check
+CVE-2009-2583 (Multiple session fixation vulnerabilities in IBM Tivoli Identity ...)
+ TODO: check
+CVE-2009-2582 (Stack-based buffer overflow in manager.exe in Akamai Download Manager ...)
+ TODO: check
+CVE-2009-2581 (Cross-site scripting (XSS) vulnerability in modifier.php in ...)
+ TODO: check
+CVE-2009-2580
+ REJECTED
+ TODO: check
+CVE-2009-2579
+ RESERVED
+CVE-2009-2578 (Google Chrome 2.x through 2.0.172 allows remote attackers to cause a ...)
+ TODO: check
+CVE-2009-2577 (Opera 9.52 and earlier allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2009-2576 (Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote ...)
+ TODO: check
+CVE-2009-2575 (The Research In Motion (RIM) BlackBerry 8800 allows remote attackers ...)
+ TODO: check
+CVE-2009-2574 (index.php in MiniTwitter 0.2 beta allows remote authenticated users to ...)
+ TODO: check
+CVE-2009-2573 (Multiple SQL injection vulnerabilities in MiniTwitter 0.2 beta, when ...)
+ TODO: check
+CVE-2009-2572 (Cross-site request forgery (CSRF) vulnerability in the Fivestar module ...)
+ TODO: check
+CVE-2009-2571 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
+ TODO: check
+CVE-2009-2570 (Stack-based buffer overflow in the Symantec.FaxViewerControl.1 ActiveX ...)
+ TODO: check
+CVE-2009-2569 (Multiple cross-site scripting (XSS) vulnerabilities in Verlihub ...)
+ TODO: check
+CVE-2009-2568 (Stack-based buffer overflow in Sorinara Streaming Audio Player (SAP) ...)
+ TODO: check
+CVE-2009-2567 (SQL injection vulnerability in the Almond Classifieds (com_aclassf) ...)
+ TODO: check
+CVE-2008-6873 (SQL injection vulnerability in Active Web Mail 4.0 allows remote ...)
+ TODO: check
+CVE-2008-6872 (ASPThai.NET ASPThai Forums 8.5 stores sensitive information under the ...)
+ TODO: check
+CVE-2008-6871 (Merlix Educate Server stores db.mdb under the web root with ...)
+ TODO: check
+CVE-2008-6870 (Merlix Educate Server allows remote attackers to bypass intended ...)
+ TODO: check
+CVE-2008-6869 (Oramon Oracle Database Monitoring Tool 2.0.1 stores sensitive ...)
+ TODO: check
+CVE-2008-6868 (Cross-site scripting (XSS) vulnerability in default/login.php in ...)
+ TODO: check
CVE-2009-2566 (Stack-based buffer overflow in TFM MMPlayer 2.0, and possibly ...)
TODO: check
CVE-2009-2565 (Cross-site scripting (XSS) vulnerability in Perl CGI's By Mrs. ...)
@@ -165,7 +214,7 @@
TODO: request CVE id
CVE-2009-2484 (Stack-based buffer overflow in the Win32AddConnection function in ...)
- vlc <not-affected> (The vulnerability affects Windows builds only)
-CVE-2009-2479 (Stack-based buffer overflow in Mozilla Firefox 3.5 allows remote ...)
+CVE-2009-2479 (Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote ...)
- xulrunner <not-affected>
NOTE: Affected version only available in experimental, only Firefox 3.5
TODO: check when 3.5 gets uploaded to unstable
@@ -180,52 +229,52 @@
RESERVED
CVE-2009-2473
RESERVED
-CVE-2009-2472 [Multiple cross origin wrapper bypasses]
- RESERVED
+CVE-2009-2472 (Mozilla Firefox before 3.0.12 does not always use ...)
+ {DSA-1840-1}
- xulrunner 1.9.0.12-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
NOTE: http://www.mozilla.org/security/announce/2009/mfsa2009-40.html
-CVE-2009-2471 [setTimeout loses XPCNativeWrappers]
- RESERVED
+CVE-2009-2471 (The setTimeout function in Mozilla Firefox before 3.0.12 does not ...)
+ {DSA-1840-1}
- xulrunner 1.9.0.12-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
NOTE: http://www.mozilla.org/security/announce/2009/mfsa2009-39.html
CVE-2009-2470
RESERVED
-CVE-2009-2469 [ Crash and remote code execution using watch and __defineSetter__ on SVG element ]
- RESERVED
+CVE-2009-2469 (Mozilla Firefox before 3.0.12 does not properly handle an SVG element ...)
+ {DSA-1840-1}
- xulrunner 1.9.0.12-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
NOTE: http://www.mozilla.org/security/announce/2009/mfsa2009-37.html
-CVE-2009-2468
- RESERVED
-CVE-2009-2467 [Crash and remote code execution during Flash player unloading]
- RESERVED
+CVE-2009-2468 (Integer overflow in CoreGraphics in Apple Mac OS X, as used in Mozilla ...)
+ TODO: check
+CVE-2009-2467 (Mozilla Firefox before 3.0.12 and 3.5 before 3.5.1 allows remote ...)
+ {DSA-1840-1}
- xulrunner 1.9.0.12-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
NOTE: http://www.mozilla.org/security/announce/2009/mfsa2009-35.html
-CVE-2009-2466 [Crashes with evidence of memory corruption ]
- RESERVED
+CVE-2009-2466 (The JavaScript engine in Mozilla Firefox before 3.0.12 and Thunderbird ...)
+ {DSA-1840-1}
- xulrunner 1.9.0.12-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
NOTE: http://www.mozilla.org/security/announce/2009/mfsa2009-34.html
-CVE-2009-2465 [Crashes with evidence of memory corruption ]
- RESERVED
+CVE-2009-2465 (Mozilla Firefox before 3.0.12 and Thunderbird allow remote attackers ...)
+ {DSA-1840-1}
- xulrunner 1.9.0.12-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
NOTE: http://www.mozilla.org/security/announce/2009/mfsa2009-34.html
-CVE-2009-2464 [Crashes with evidence of memory corruption ]
- RESERVED
+CVE-2009-2464 (The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in ...)
+ {DSA-1840-1}
- xulrunner 1.9.0.12-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
NOTE: http://www.mozilla.org/security/announce/2009/mfsa2009-34.html
-CVE-2009-2463 [Crashes with evidence of memory corruption ]
- RESERVED
+CVE-2009-2463 (Integer overflow in a base64 decoding function in Mozilla Firefox ...)
+ {DSA-1840-1}
- xulrunner 1.9.0.12-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
NOTE: http://www.mozilla.org/security/announce/2009/mfsa2009-34.html
-CVE-2009-2462 [Crashes with evidence of memory corruption ]
- RESERVED
+CVE-2009-2462 (The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird ...)
+ {DSA-1840-1}
- xulrunner 1.9.0.12-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
NOTE: http://www.mozilla.org/security/announce/2009/mfsa2009-39.html
@@ -1772,8 +1821,8 @@
RESERVED
CVE-2009-1863
RESERVED
-CVE-2009-1862
- RESERVED
+CVE-2009-1862 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x through ...)
+ TODO: check
CVE-2009-1861 (Multiple heap-based buffer overflows in Adobe Reader 7 and Acrobat 7 ...)
NOT-FOR-US: Adobe Reader
CVE-2009-1860 (Unspecified vulnerability in Adobe Shockwave Player before 11.5.0.600 ...)
More information about the Secure-testing-commits
mailing list