[Secure-testing-commits] r12053 - data/CVE

Joey Hess joeyh at alioth.debian.org
Fri Jun 5 21:14:15 UTC 2009 

Author: joeyh
Date: 2009-06-05 21:14:15 +0000 (Fri, 05 Jun 2009)
New Revision: 12053

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-06-05 18:38:55 UTC (rev 12052)
+++ data/CVE/list	2009-06-05 21:14:15 UTC (rev 12053)
@@ -1,3 +1,61 @@
+CVE-2009-1932 (Multiple integer overflows in the (1) user_info_callback, (2) ...)
+	TODO: check
+CVE-2009-1931
+	RESERVED
+CVE-2009-1930
+	RESERVED
+CVE-2009-1929
+	RESERVED
+CVE-2009-1928
+	RESERVED
+CVE-2009-1927
+	RESERVED
+CVE-2009-1926
+	RESERVED
+CVE-2009-1925
+	RESERVED
+CVE-2009-1924
+	RESERVED
+CVE-2009-1923
+	RESERVED
+CVE-2009-1922
+	RESERVED
+CVE-2009-1921
+	RESERVED
+CVE-2009-1920
+	RESERVED
+CVE-2009-1919
+	RESERVED
+CVE-2009-1918
+	RESERVED
+CVE-2009-1917
+	RESERVED
+CVE-2009-1916 (dig.php in GScripts.net DNS Tools allows remote attackers to execute ...)
+	TODO: check
+CVE-2009-1915 (Stack-based buffer overflow in the URL Search Hook (ICQToolBar.dll) in ...)
+	TODO: check
+CVE-2009-1914 (The pci_register_iommu_region function in ...)
+	TODO: check
+CVE-2009-1913 (SQL injection vulnerability in manager.php in LuxBum 0.5.5, when ...)
+	TODO: check
+CVE-2009-1912 (Directory traversal vulnerability in src/func/language.php in webSPELL ...)
+	TODO: check
+CVE-2009-1911 (Directory traversal vulnerability in .include/init.php (aka ...)
+	TODO: check
+CVE-2009-1910 (SQL injection vulnerability in index.php in RTWebalbum 1.0.462 allows ...)
+	TODO: check
+CVE-2009-1909 (SQL injection vulnerability in Skip 1.0.2 and earlier, and 1.1RC2 and ...)
+	TODO: check
+CVE-2009-1908 (Cross-site scripting (XSS) vulnerability in Skip 1.0.2 and earlier, ...)
+	TODO: check
+CVE-2009-1907 (Cross-site scripting (XSS) vulnerability in ...)
+	TODO: check
+CVE-2008-6824 (The management interface on the A-LINK WL54AP3 and WL54AP2 access ...)
+	TODO: check
+CVE-2008-6823 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
+	TODO: check
+CVE-2008-6822 (Unrestricted file upload vulnerability in uploadp.php in New Earth ...)
+	TODO: check
 CVE-2009-1906 (The DRDA Services component in IBM DB2 9.1 before FP7 and 9.5 before ...)
 	NOT-FOR-US: IBM DB2
 CVE-2009-1905 (The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 ...)
@@ -313,7 +371,7 @@
 	NOT-FOR-US: Flyspeck CMS
 CVE-2009-1770 (Directory traversal vulnerability in ...)
 	NOT-FOR-US: Flyspeck CMS
-CVE-2009-1769 (The web interface in OCS Inventory NG 1.01 generates different error ...)
+CVE-2009-1769 (The web interface in Open Computer and Software Inventory Next ...)
 	- ocsinventory-server 1.02.1-1 (unimportant; bug #529344)
 	NOTE: README.Debian states Important: access to the reports server should be restricted
 CVE-2009-1768 (Directory traversal vulnerability in download.php in Rama Zaiten CMS ...)
@@ -390,7 +448,7 @@
 	NOT-FOR-US: VidSharePro
 CVE-2009-1733 (Cross-site request forgery (CSRF) vulnerability in IPplan 4.91a allows ...)
 	- ipplan <unfixed> (low; bug #530271)
-CVE-2009-1732 (Cross-site scripting (XSS) vulnerability in admin/usermanager in IPlan ...)
+CVE-2009-1732 (Cross-site scripting (XSS) vulnerability in admin/usermanager in ...)
 	- ipplan <unfixed> (low; bug #530271)
 CVE-2009-1731 (SQL injection vulnerability in panel/index.php in MLFFAT 2.1 allows ...)
 	NOT-FOR-US: MLFFAT
@@ -500,7 +558,7 @@
 	RESERVED
 CVE-2008-6813 (SQL injection vulnerability in index.php in phpWebNews 0.2 MySQL ...)
 	NOT-FOR-US: phpWebNews
-CVE-2008-6812 (SQL injection vulnerability in bukutamu.php in phpWebNews 0.2 allows ...)
+CVE-2008-6812 (SQL injection vulnerability in bukutamu.php in phpWebNews 0.2 MySQL ...)
 	NOT-FOR-US: phpWebNews
 CVE-2009-1756 (SLiM Simple Login Manager 1.3.0 places the X authority magic cookie ...)
 	- slim <unfixed> (low; bug #529306)
@@ -1321,12 +1379,12 @@
 	RESERVED
 CVE-2009-1388
 	RESERVED
-CVE-2009-1387
-	RESERVED
-CVE-2009-1386
-	RESERVED
-CVE-2009-1385
-	RESERVED
+CVE-2009-1387 (The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in ...)
+	TODO: check
+CVE-2009-1386 (ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause ...)
+	TODO: check
+CVE-2009-1385 (Integer underflow in the e1000_clean_rx_irq function in ...)
+	TODO: check
 CVE-2009-1384 (pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux ...)
 	NOT-FOR-US: Different code base than Debian's libpam-krb5
 CVE-2009-1383
@@ -3582,7 +3640,7 @@
 	- xpdf <unfixed> (medium; bug #524809)
 	- kdegraphics 4.0 (medium; bug #524810)
 	- swftools <unfixed> (medium; bug #527449)
-CVE-2009-0798 (The daemon in acpid before 1.0.10 allows remote attackers to cause a ...)
+CVE-2009-0798 (ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to ...)
 	{DSA-1786-1}
 	- acpid 1.0.10-1 (medium)
 CVE-2009-0797

More information about the Secure-testing-commits mailing list