[Secure-testing-commits] r12157 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Thu Jun 18 21:14:14 UTC 2009
Author: joeyh
Date: 2009-06-18 21:14:13 +0000 (Thu, 18 Jun 2009)
New Revision: 12157
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-06-18 20:59:06 UTC (rev 12156)
+++ data/CVE/list 2009-06-18 21:14:13 UTC (rev 12157)
@@ -1,3 +1,71 @@
+CVE-2009-2107 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
+ TODO: check
+CVE-2009-2106 (SQL injection vulnerability in the Virtual Civil Services (civserv) ...)
+ TODO: check
+CVE-2009-2105 (SQL injection vulnerability in the References database (t3references) ...)
+ TODO: check
+CVE-2009-2104 (Cross-site scripting (XSS) vulnerability in the Modern Guestbook / ...)
+ TODO: check
+CVE-2009-2103 (SQL injection vulnerability in the Frontend MP3 Player (fe_mp3player) ...)
+ TODO: check
+CVE-2009-2102 (SQL injection vulnerability in the Jumi (com_jumi) component 2.0.3 and ...)
+ TODO: check
+CVE-2009-2101 (Directory traversal vulnerability in archive.php in TorrentVolve 1.4, ...)
+ TODO: check
+CVE-2009-2100 (Directory traversal vulnerability in the JoomlaPraise Projectfork ...)
+ TODO: check
+CVE-2009-2099 (SQL injection vulnerability in the iJoomla RSS Feeder ...)
+ TODO: check
+CVE-2009-2098 (SQL injection vulnerability in topicler.php in phPortal 1.0 allows ...)
+ TODO: check
+CVE-2009-2097 (SQL injection vulnerability in ...)
+ TODO: check
+CVE-2009-2096 (SQL injection vulnerability in house/listing_view.php in ...)
+ TODO: check
+CVE-2009-2095 (PHP remote file inclusion vulnerability in ...)
+ TODO: check
+CVE-2009-2094
+ RESERVED
+CVE-2009-2093
+ RESERVED
+CVE-2009-2092
+ RESERVED
+CVE-2009-2091
+ RESERVED
+CVE-2009-2090
+ RESERVED
+CVE-2009-2089
+ RESERVED
+CVE-2009-2088
+ RESERVED
+CVE-2009-2087
+ RESERVED
+CVE-2009-2086
+ RESERVED
+CVE-2009-2085
+ RESERVED
+CVE-2009-2084 (Simple Linux Utility for Resource Management (SLURM) 1.2 and 1.3 ...)
+ TODO: check
+CVE-2009-2083 (Cross-site scripting (XSS) vulnerability in the term data detail page ...)
+ TODO: check
+CVE-2009-2082 (SQL injection vulnerability in insidepage.php in Creative Web ...)
+ TODO: check
+CVE-2009-2081 (Directory traversal vulnerability in help.php in phpWebThings 1.5.2 ...)
+ TODO: check
+CVE-2009-2080 (admin.php in MRCGIGUY The Ticket System 2.0 does not properly restrict ...)
+ TODO: check
+CVE-2009-2079 (Cross-site scripting (XSS) vulnerability in the administrative page ...)
+ TODO: check
+CVE-2009-2078 (Multiple cross-site scripting (XSS) vulnerabilities in Booktree 5.x ...)
+ TODO: check
+CVE-2009-2077 (Drupal 6.x before 6.x-2.6, a module for Drupal, allows remote ...)
+ TODO: check
+CVE-2009-2076 (Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6, ...)
+ TODO: check
+CVE-2009-2075 (Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for ...)
+ TODO: check
+CVE-2009-2074 (Cross-site scripting (XSS) vulnerability in Nodequeue 5.x before ...)
+ TODO: check
CVE-2009-XXXX [backuppc: web frontend installed insecurely by default]
- backuppc 3.1.0-6
[lenny] - backuppc 3.1.0-4lenny1
@@ -117,7 +185,7 @@
CVE-2009-XXXX [adtool leaks password in environment]
- adtool 1.3.2-1 (unimportant)
NOTE: adtool has safe means to specify the password, so this boils
- NOTE: down to potential insecure usage
+ NOTE: down to potential insecure usage
CVE-2009-2027 (The Installer in Apple Safari before 4.0 on Windows allows local users ...)
NOT-FOR-US: Apple Safari
CVE-2009-2026
@@ -150,8 +218,8 @@
NOT-FOR-US: Frontis
CVE-2009-2012 (Unspecified vulnerability in idmap in Sun OpenSolaris snv_88 through ...)
NOT-FOR-US: OpenSolaris
-CVE-2009-2011
- RESERVED
+CVE-2009-2011 (Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and ...)
+ TODO: check
CVE-2009-2010 (Multiple SQL injection vulnerabilities in Haudenschilt Family ...)
NOT-FOR-US: Haudenschilt Family Connections CMS
CVE-2009-2009 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, ...)
@@ -563,40 +631,50 @@
- strongswan 4.2.14-1.1 (medium; bug #531612)
[etch] - strongswan <not-affected> (Vulnerable code not present, IKEv2 was introduced in 4.3)
CVE-2009-1841 (js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before ...)
+ {DSA-1820-1}
- xulrunner 1.9.0.11-1
- icedove <unfixed>
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-1840 (Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check ...)
+ {DSA-1820-1}
- xulrunner 1.9.0.11-1
- icedove <unfixed>
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-1839 (Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with ...)
+ {DSA-1820-1}
- xulrunner 1.9.0.11-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-1838 (The garbage-collection implementation in Mozilla Firefox before ...)
+ {DSA-1820-1}
- xulrunner 1.9.0.11-1
- icedove <unfixed>
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-1837 (Race condition in the NPObjWrapper_NewResolve function in ...)
+ {DSA-1820-1}
- xulrunner 1.9.0.11-1
[etch] - xulrunner <not-affected> (Doesn't affect Gecko 1.8)
CVE-2009-1836 (Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and ...)
+ {DSA-1820-1}
- xulrunner 1.9.0.11-1
- icedove <unfixed>
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-1835 (Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate ...)
+ {DSA-1820-1}
- xulrunner 1.9.0.11-1
- icedove <unfixed>
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-1834 (Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in ...)
+ {DSA-1820-1}
- xulrunner 1.9.0.11-1
- icedove <unfixed>
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-1833 (The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird ...)
+ {DSA-1820-1}
- xulrunner 1.9.0.11-1
- icedove <unfixed>
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-1832 (Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and ...)
+ {DSA-1820-1}
- xulrunner 1.9.0.11-1
- icedove <unfixed>
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
@@ -750,8 +828,8 @@
- radare (low)
TODO: file bug
NOTE: see the portions of code of #530178
-CVE-2009-1761
- RESERVED
+CVE-2009-1761 (The message engine in CA ARCserve Backup r12.0 and r12.0 SP1 for ...)
+ TODO: check
CVE-2009-1760 (Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar ...)
{DSA-1815-1}
- libtorrent-rasterbar 0.14.4-1 (medium)
@@ -834,8 +912,8 @@
RESERVED
CVE-2009-1720
RESERVED
-CVE-2009-1719
- RESERVED
+CVE-2009-1719 (The Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X ...)
+ TODO: check
CVE-2009-1718 (WebKit in Apple Safari before 4.0 allows user-assisted remote ...)
TODO: check
CVE-2009-1717 (Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 ...)
@@ -895,7 +973,7 @@
CVE-2009-1691 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
- webkit <unfixed>
TODO: File bug
-CVE-2009-1690 (Use after free vulnerability in WebKit, as used in Apple Safari before ...)
+CVE-2009-1690 (Use-after-free vulnerability in WebKit, as used in Apple Safari before ...)
TODO: check
CVE-2009-1689 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
TODO: check
@@ -1737,17 +1815,16 @@
CVE-2009-1393
RESERVED
CVE-2009-1392 (The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird ...)
+ {DSA-1820-1}
- xulrunner 1.9.0.11-1
- icedove <unfixed>
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
-CVE-2009-1391 [Compress::Raw::Zlib buffer overflow]
- RESERVED
+CVE-2009-1391 (Off-by-one error in the inflate function in Zlib.xs in ...)
- perl 5.10.0-23 (medium; bug #532736)
- libcompress-raw-zlib-perl 2.015-2 (medium; bug #532738)
-CVE-2009-1390
- RESERVED
-CVE-2009-1389 [linux-2.6: packet overflow]
- RESERVED
+CVE-2009-1390 (Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) ...)
+ TODO: check
+CVE-2009-1389 (Buffer overflow in the RTL8169 NIC driver (drivers/net/r8169.c) in the ...)
- linux-2.6 2.6.26-16 (high; bug #532376)
- linux-2.6.24 <removed>
NOTE: potential for kernel memory corruption by remote attacker
@@ -3120,7 +3197,7 @@
- xfig 1:3.2.5.a-1
[etch] - xfig <no-dsa> (Minor issue)
[lenny] - xfig <no-dsa> (Minor issue)
-CVE-2009-1092 (Use after free vulnerability in the LIVEAUDIO.LiveAudioCtrl.1 ActiveX ...)
+CVE-2009-1092 (Use-after-free vulnerability in the LIVEAUDIO.LiveAudioCtrl.1 ActiveX ...)
NOT-FOR-US: LIVEAUDIO.LiveAudioCtrl.1 ActiveX
CVE-2009-1091 (Cross-site scripting (XSS) vulnerability in upload.php in Rapidleech ...)
NOT-FOR-US: Rapidleech
@@ -4443,6 +4520,7 @@
CVE-2008-6289 (SQL injection vulnerability in cityview.php in Tours Manager 1.0 ...)
NOT-FOR-US: Tours Manager
CVE-2009-0770 (dkim-milter 2.6.0 through 2.8.0 allows remote attackers to cause a ...)
+ {DSA-1728-1}
- dkim-milter 2.6.0.dfsg-2 (low)
[lenny] - dkim-milter 2.6.0.dfsg-1+lenny1
NOTE: http://sourceforge.net/tracker/index.php?func=detail&aid=2508602&group_id=139420&atid=744358
@@ -6921,7 +6999,7 @@
NOT-FOR-US: Microsoft Windows
CVE-2009-0085 (The Secure Channel (aka SChannel) authentication component in ...)
NOT-FOR-US: Microsoft Windows
-CVE-2009-0084 (Use after free vulnerability in DirectShow in Microsoft DirectX 8.1 ...)
+CVE-2009-0084 (Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 ...)
NOT-FOR-US: DirectX
CVE-2009-0083 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server ...)
NOT-FOR-US: Microsoft Windows
@@ -7910,8 +7988,7 @@
CVE-2008-5516 (The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote ...)
{DSA-1708-1}
- git-core 1:1.5.6-1
-CVE-2008-5515 [Apache Tomcat information disclosure vulnerability]
- RESERVED
+CVE-2008-5515 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 ...)
- tomcat5 <removed> (bug #532363)
- tomcat5.5 <unfixed> (bug #532366)
- tomcat6 6.0.20-1 (bug #532362)
@@ -9215,7 +9292,7 @@
NOT-FOR-US: Graphiks MyForum
CVE-2008-5039 (Cross-site scripting (XSS) vulnerability in the League module for ...)
NOT-FOR-US: PHP-Nuke
-CVE-2008-5038 (Use after free vulnerability in the NetWare Core Protocol (NCP) ...)
+CVE-2008-5038 (Use-after-free vulnerability in the NetWare Core Protocol (NCP) ...)
NOT-FOR-US: Novell eDirectory
CVE-2008-5037 (SQL injection vulnerability in view.php in ElkaGroup Image Gallery 1.0 ...)
NOT-FOR-US: ElkaGroup Image Gallery
@@ -9414,7 +9491,7 @@
CVE-2008-XXXX [universalindentgui insecure usage of temp files]
- universalindentgui 0.8.1-1.2 (low; bug #504726)
CVE-2008-5032 (Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through ...)
- {DTSA-176-1}
+ {DSA-1819-1 DTSA-176-1}
- vlc 0.8.6.h-5 (medium; bug #504639)
CVE-2008-5036 (Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before ...)
- vlc <not-affected> (Vulnerable code not present in 0.8.x)
@@ -10231,7 +10308,7 @@
NOTE: code in 0.8.6.i-2 does not have this flaw, experimental version (0.9.4 is vulnerable)
TODO: check if >= 0.9.4 is uploaded to unstable
CVE-2008-4686 (Multiple integer overflows in ty.c in the TY demux plugin (aka the ...)
- {DTSA-175-1}
+ {DSA-1819-1 DTSA-175-1}
- vlc 0.8.6.h-4.1 (medium; bug #503118)
CVE-2008-4687 (manage_proj_page.php in Mantis before 1.1.4 allows remote ...)
- mantis 1.1.2+dfsg-7 (medium; bug #502728)
@@ -12399,7 +12476,7 @@
NOTE: vulnerable script only called when updating the source
NOTE: thus neither actively used nor invoked automatically
CVE-2008-3794 (Integer signedness error in the mms_ReceiveCommand function in ...)
- {DTSA-166-1}
+ {DSA-1819-1 DTSA-166-1}
- vlc 0.8.6.h-4 (medium; bug #496265)
CVE-2008-3747 (The (1) get_edit_post_link and (2) get_edit_comment_link functions in ...)
- wordpress 2.5.1-6 (low; bug #497216)
@@ -15497,7 +15574,7 @@
CVE-2008-2431 (Multiple buffer overflows in Novell iPrint Client before 5.06 allow ...)
NOT-FOR-US: Novell iPrint
CVE-2008-2430 (Integer overflow in the Open function in modules/demux/wav.c in VLC ...)
- {DTSA-148-1}
+ {DSA-1819-1 DTSA-148-1}
- vlc 0.8.6.h-1 (medium; bug #489004)
CVE-2008-2429 (Multiple SQL injection vulnerabilities in Calendarix Basic ...)
NOT-FOR-US: Calendarix
@@ -15624,7 +15701,7 @@
CVE-2008-2378 (Untrusted search path vulnerability in hfkernel in hf 0.7.3 and 0.8 ...)
{DSA-1668-1}
- hf 0.8-8.1 (medium; bug #504182)
-CVE-2008-2377 (Use after free vulnerability in the ...)
+CVE-2008-2377 (Use-after-free vulnerability in the ...)
- gnutls26 2.4.1-1 (medium)
- gnutls13 <not-affected> (Problem was introduced in 2.3.5)
CVE-2008-2376 (Integer overflow in the rb_ary_fill function in array.c in Ruby before ...)
@@ -16232,7 +16309,7 @@
- emacs21 21.4a+1-5.5 (low; bug #480877)
[etch] - emacs21 <no-dsa> (Minor issue)
CVE-2008-2147 (Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 ...)
- {DTSA-132-1}
+ {DSA-1819-1 DTSA-132-1}
- vlc 0.8.6.e-2.2 (low; bug #480724)
NOTE: https://trac.videolan.org/vlc/ticket/1578
NOTE: http://git.videolan.org/?p=vlc.git;a=commit;h=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181
@@ -16778,7 +16855,7 @@
CVE-2008-1882
RESERVED
CVE-2008-1881 (Stack-based buffer overflow in the ParseSSA function ...)
- {DTSA-125-1}
+ {DSA-1819-1 DTSA-125-1}
- vlc 0.8.6.e-2.1 (medium; bug #477805)
CVE-2008-1880 (The default configuration of Firebird before 2.0.3.12981.0-r6 on ...)
- firebird2 <removed>
@@ -17032,10 +17109,10 @@
CVE-2008-1770 (CRLF injection vulnerability in Akamai Download Manager ActiveX ...)
NOT-FOR-US: Akamai Download Manager
CVE-2008-1769 (VLC before 0.8.6f allow remote attackers to cause a denial of service ...)
- {DTSA-125-1}
+ {DSA-1819-1 DTSA-125-1}
- vlc 0.8.6.e-2.1 (low; bug #478140)
CVE-2008-1768 (Multiple integer overflows in VLC before 0.8.6f allow remote attackers ...)
- {DTSA-125-1}
+ {DSA-1819-1 DTSA-125-1}
- vlc 0.8.6.e-2.1 (medium; bug #478140)
CVE-2008-1767 (Buffer overflow in pattern.c in libxslt before 1.1.24 allows ...)
{DSA-1589-1}
@@ -18761,7 +18838,7 @@
NOT-FOR-US: Microsoft
CVE-2008-1086 (The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft ...)
NOT-FOR-US: Microsoft
-CVE-2008-1085 (Use after free vulnerability in Microsoft Internet Explorer 5.01 SP4, ...)
+CVE-2008-1085 (Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, ...)
NOT-FOR-US: Microsoft
CVE-2008-1084 (Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, ...)
NOT-FOR-US: Microsoft
More information about the Secure-testing-commits
mailing list