[Secure-testing-commits] r12133 - data/CVE

Mon Jun 15 21:14:15 UTC 2009

Author: joeyh
Date: 2009-06-15 21:14:13 +0000 (Mon, 15 Jun 2009)
New Revision: 12133

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2009-06-15 13:10:14 UTC (rev 12132)
+++ data/CVE/list	2009-06-15 21:14:13 UTC (rev 12133)
@@ -1,3 +1,53 @@
+CVE-2009-2056
+	RESERVED
+CVE-2009-2055
+	RESERVED
+CVE-2009-2054
+	RESERVED
+CVE-2009-2053
+	RESERVED
+CVE-2009-2052
+	RESERVED
+CVE-2009-2051
+	RESERVED
+CVE-2009-2050
+	RESERVED
+CVE-2009-2049
+	RESERVED
+CVE-2009-2048
+	RESERVED
+CVE-2009-2047
+	RESERVED
+CVE-2009-2046
+	RESERVED
+CVE-2009-2045
+	RESERVED
+CVE-2009-2044 (Mozilla Firefox 3.0.10 and earlier on Linux allows remote attackers to ...)
+	TODO: check
+CVE-2009-2043 (nsViewManager.cpp in Mozilla Firefox 3.0.2 through 3.0.10 allows ...)
+	TODO: check
+CVE-2009-2042 (libpng before 1.2.37 does not properly parse 1-bit interlaced images ...)
+	TODO: check
+CVE-2009-2041 (Cross-site scripting (XSS) vulnerability in A51 D.O.O. activeCollab ...)
+	TODO: check
+CVE-2009-2040 (admin/options.php in Grestul 1.2 does not properly restrict access, ...)
+	TODO: check
+CVE-2009-2039 (Unspecified vulnerability in the Luottokunta module before 1.3 for ...)
+	TODO: check
+CVE-2009-2038 (Unspecified vulnerability in the Finnish Bank Payment module 2.2 for ...)
+	TODO: check
+CVE-2009-2037 (Multiple directory traversal vulnerabilities in Online Grades &amp; ...)
+	TODO: check
+CVE-2009-2036 (SQL injection vulnerability in index.php in Open Biller 0.1 allows ...)
+	TODO: check
+CVE-2009-2035 (Unspecified vulnerability in Services 6.x before 6.x-0.14, a module ...)
+	TODO: check
+CVE-2009-2034 (SQL injection vulnerability in writemessage.php in Yogurt 0.3, when ...)
+	TODO: check
+CVE-2009-2033 (Cross-site scripting (XSS) vulnerability in index.php in Yogurt 0.3 ...)
+	TODO: check
+CVE-2009-2032 (Cross-site scripting (XSS) vulnerability in search.asp in PDshopPro, ...)
+	TODO: check
 CVE-2009-XXXX [git-daemon Parameter Parsing Infinite Loop Denial of Service]
 	- git-core <unfixed> (medium; bug #532935)
 	[etch] - git-core <not-affected> (Vulnerable code not present)
@@ -468,51 +518,41 @@
 CVE-2009-1958 (charon/sa/tasks/child_create.c in the charon daemon in strongSWAN ...)
 	- strongswan 4.2.14-1.1 (medium; bug #531612)
 	[etch] - strongswan <not-affected> (Vulnerable code not present, IKEv2 was introduced in 4.3)
-CVE-2009-1841 [JavaScript chrome privilege escalation]
-	RESERVED
+CVE-2009-1841 (js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before ...)
 	- xulrunner 1.9.0.11-1
 	- icedove <unfixed>
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
-CVE-2009-1840 [XUL scripts bypass content-policy checks]
-	RESERVED
+CVE-2009-1840 (Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check ...)
 	- xulrunner 1.9.0.11-1
 	- icedove <unfixed>
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
-CVE-2009-1839 [ Incorrect principal set for file: resources loaded via location bar]
-	RESERVED
+CVE-2009-1839 (Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with ...)
 	- xulrunner 1.9.0.11-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
-CVE-2009-1838 [Arbitrary code execution using event listeners attached to an element whose owner document is null]
-	RESERVED
+CVE-2009-1838 (The garbage-collection implementation in Mozilla Firefox before ...)
 	- xulrunner 1.9.0.11-1
 	- icedove <unfixed>
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
-CVE-2009-1837 [ Race condition while accessing the private data of a NPObject JS wrapper class object]
-	RESERVED
+CVE-2009-1837 (Race condition in the NPObjWrapper_NewResolve function in ...)
 	- xulrunner 1.9.0.11-1
 	[etch] - xulrunner <not-affected> (Doesn't affect Gecko 1.8)
-CVE-2009-1836 [ SSL tampering via non-200 responses to proxy CONNECT requests]
-	RESERVED
+CVE-2009-1836 (Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and ...)
 	- xulrunner 1.9.0.11-1
 	- icedove <unfixed>
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
-CVE-2009-1835 [Arbitrary domain cookie access by local file: resources]
-	RESERVED
+CVE-2009-1835 (Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate ...)
 	- xulrunner 1.9.0.11-1
 	- icedove <unfixed>
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
-CVE-2009-1834 [URL spoofing with invalid unicode characters]
-	RESERVED
+CVE-2009-1834 (Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in ...)
 	- xulrunner 1.9.0.11-1
 	- icedove <unfixed>
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
-CVE-2009-1833 [Crashes with evidence of memory corruption]
-	RESERVED
+CVE-2009-1833 (The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird ...)
 	- xulrunner 1.9.0.11-1
 	- icedove <unfixed>
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
-CVE-2009-1832 [Crashes with evidence of memory corruption]
-	RESERVED
+CVE-2009-1832 (Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and ...)
 	- xulrunner 1.9.0.11-1
 	- icedove <unfixed>
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
@@ -669,6 +709,7 @@
 CVE-2009-1761
 	RESERVED
 CVE-2009-1760 (Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar ...)
+	{DSA-1815-1}
 	- libtorrent-rasterbar 0.14.4-1 (medium)
 CVE-2009-1759 (Stack-based buffer overflow in the btFiles::BuildFromMI function ...)
 	- ctorrent <unfixed> (bug #530255)
@@ -1650,8 +1691,7 @@
 	RESERVED
 CVE-2009-1393
 	RESERVED
-CVE-2009-1392 [Crashes with evidence of memory corruption]
-	RESERVED
+CVE-2009-1392 (The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird ...)
 	- xulrunner 1.9.0.11-1
 	- icedove <unfixed>
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
@@ -4470,7 +4510,7 @@
 CVE-2009-0689
 	RESERVED
 CVE-2009-0688 (Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 ...)
-	{DSA-1807-1}
+	{DSA-1807-1 DTSA-200-1 DTSA-201-1}
 	- cyrus-sasl2 2.1.23.dfsg1-1 (bug #528749)
 	NOTE: VU#238019
 CVE-2009-0687


