[Secure-testing-commits] r11785 - data/CVE

Joey Hess joeyh at alioth.debian.org
Mon May 4 21:14:21 UTC 2009 

Author: joeyh
Date: 2009-05-04 21:14:20 +0000 (Mon, 04 May 2009)
New Revision: 11785

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-05-04 20:58:31 UTC (rev 11784)
+++ data/CVE/list	2009-05-04 21:14:20 UTC (rev 11785)
@@ -1,3 +1,65 @@
+CVE-2009-1512 (Static code injection vulnerability in X-Forum 0.6.2 allows remote ...)
+	TODO: check
+CVE-2009-1511 (GDI+ in Microsoft Windows XP SP3 allows remote attackers to cause a ...)
+	TODO: check
+CVE-2009-1510 (Multiple directory traversal vulnerabilities in KoschtIT Image Gallery ...)
+	TODO: check
+CVE-2009-1509 (SQL injection vulnerability in ajaxp_backend.php in MyioSoft ...)
+	TODO: check
+CVE-2009-1508 (SQL injection vulnerability in the xforum_validateUser function in ...)
+	TODO: check
+CVE-2009-1507 (The Node Access User Reference module 5.x before 5.x-2.0-beta4 and 6.x ...)
+	TODO: check
+CVE-2009-1506 (SQL injection vulnerability in classes/Xp.php in eLitius 1.0 allows ...)
+	TODO: check
+CVE-2009-1505 (SQL injection vulnerability in News Page 5.x before 5.x-1.2 module, a ...)
+	TODO: check
+CVE-2009-1504 (Absolute Form Processor XE 1.5 allows remote attackers to bypass ...)
+	TODO: check
+CVE-2009-1503 (Multiple SQL injection vulnerabilities in login.php in Tiger Document ...)
+	TODO: check
+CVE-2009-1502 (Directory traversal vulnerability in plugin.php in S-Cms 1.1 Stable ...)
+	TODO: check
+CVE-2009-1501 (Cross-site scripting (XSS) vulnerability in the Exif module 5.x-1.x ...)
+	TODO: check
+CVE-2009-1500 (SQL injection vulnerability in index.php in ProjectCMS 1.0 Beta allows ...)
+	TODO: check
+CVE-2009-1499 (SQL injection vulnerability in the MailTo (aka com_mailto) component ...)
+	TODO: check
+CVE-2009-1498 (Directory traversal vulnerability in inc/profilemain.php in Game Maker ...)
+	TODO: check
+CVE-2009-1497 (Stack-based buffer overflow in srt2smi.exe in Gretech Online Movie ...)
+	TODO: check
+CVE-2009-1496 (Directory traversal vulnerability in the Cmi Marketplace ...)
+	TODO: check
+CVE-2009-1495 (Web File Explorer 3.1 stores sensitive information under the web root ...)
+	TODO: check
+CVE-2008-6787 (SQL injection vulnerability in administrator/index.php in Lizardware ...)
+	TODO: check
+CVE-2008-6786 (Multiple directory traversal vulnerabilities in geekigeeki.py in ...)
+	TODO: check
+CVE-2008-6785 (Unrestricted file upload vulnerability in Mini File Host 1.5 allows ...)
+	TODO: check
+CVE-2008-6784 (SQL injection vulnerability in directory.php in Scripts For Sites ...)
+	TODO: check
+CVE-2008-6783 (SQL injection vulnerability in directory.php in Sites for Scripts ...)
+	TODO: check
+CVE-2008-6782 (SQL injection vulnerability in directory.php in Sites for Scripts ...)
+	TODO: check
+CVE-2008-6781 (SQL injection vulnerability in directory.php in Sites for Scripts ...)
+	TODO: check
+CVE-2008-6780 (SQL injection vulnerability in directory.php in Scripts for Sites ...)
+	TODO: check
+CVE-2008-6779 (SQL injection vulnerability in the Sarkilar module for PHP-Nuke allows ...)
+	TODO: check
+CVE-2008-6778 (SQL injection vulnerability in viewfaqs.php in Scripts for Sites (SFS) ...)
+	TODO: check
+CVE-2008-6777 (Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier ...)
+	TODO: check
+CVE-2008-6776 (SQL injection vulnerability in viewcomments.php in Scripts For Sites ...)
+	TODO: check
+CVE-2008-6775 (HTC Touch Pro and HTC Touch Cruise vCard allows remote attackers to ...)
+	TODO: check
 CVE-2009-XXXX [jetty: Vulnerability in ResourceHandler and DefaultServlet with aliases]
 	- jetty <unfixed>
 	NOTE: http://jira.codehaus.org/browse/JETTY-1004 
@@ -294,10 +356,9 @@
 	RESERVED
 CVE-2009-1373
 	RESERVED
-CVE-2009-1365
-	RESERVED
-CVE-2009-1364 [libwmf: use after free in embedded gd library]
-	RESERVED
+CVE-2009-1365 (Unspecified vulnerability in Adobe Flash Media Server (FMS) before ...)
+	TODO: check
+CVE-2009-1364 (Use-after-free vulnerability in the embedded GD library in libwmf ...)
 	- libwmf <unfixed> (low; bug #526434)
 CVE-2009-1363
 	RESERVED
@@ -721,7 +782,7 @@
 	[etch] - php5 <not-affected> (this is caused by the fix for CVE-2008-5658, which was not applied to php4)
 	- php4 <not-affected> (this is caused by the fix for CVE-2008-5658, which was not applied to php4)
 CVE-2009-1271 (The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before ...)
-	{DSA-1775-1}
+	{DSA-1789-1 DSA-1775-1}
 	- php5 5.2.9.dfsg.1-1
 	- php4 <not-affected> (the JSON extension was introduced in php5.2)
 	- php-json-ext <unfixed>
@@ -2466,6 +2527,7 @@
 	{DSA-1769-1}
 	- openjdk-6 <unfixed>
 CVE-2009-0792 (Multiple integer overflows in icc.c in the International Color ...)
+	{DTSA-198-1}
 	- argyll 1.0.3-3 (medium; bug #523472; bug #524802)
 	- ghostscript 8.64~dfsg-1.1 (medium; bug #524915)
 CVE-2009-0791
@@ -2575,6 +2637,7 @@
 	[lenny] - poppler <no-dsa> (Application crash only, could be fixed with further issues)
 	[etch] - poppler <no-dsa> (Application crash only, could be fixed with further issues)
 CVE-2009-0754 (PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows ...)
+	{DSA-1789-1}
 	- php4 <removed> (low)
 	- php5 5.2.9.dfsg.1-1 (low; bug #523049)
 CVE-2008-6398 (sng_regress in SNG 1.0.2 allows local users to overwrite arbitrary ...)
@@ -3514,13 +3577,13 @@
 	{DSA-1748-1}
 	- libsoup 2.2.105-4 (medium; bug #520039)
 CVE-2009-0584 (icc.c in the International Color Consortium (ICC) Format library (aka ...)
-	{DSA-1746-1}
+	{DSA-1746-1 DTSA-198-1}
 	- ghostscript 8.64~dfsg-1.1 (medium; bug #522416)
 	- argyll 1.0.3-2 (bug #522448)
 	- gs-gpl <removed>
 	- gs-esp <removed>
 CVE-2009-0583 (Multiple integer overflows in icc.c in the International Color ...)
-	{DSA-1746-1}
+	{DSA-1746-1 DTSA-198-1}
 	- ghostscript 8.64~dfsg-1.1 (medium; bug #522416)
 	- argyll 1.0.3-2 (bug #522448)
 	- gs-gpl <removed>
@@ -4932,6 +4995,7 @@
 CVE-2009-0197 (Integer overflow in the FORMATS Plugin before 4.23 for IrfanView ...)
 	NOT-FOR-US: IrfanView
 CVE-2009-0196 (Heap-based buffer overflow in the big2_decode_symbol_dict function ...)
+	{DTSA-198-1}
 	- ghostscript 8.64~dfsg-1.1 (medium; bug #524803)
 CVE-2009-0195 (Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, ...)
 	TODO: check
@@ -5522,6 +5586,7 @@
 CVE-2008-5815 (SQL injection vulnerability in Acomment.php in phpAlumni allows remote ...)
 	NOT-FOR-US: phpAlumni
 CVE-2008-5814 (Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and ...)
+	{DSA-1789-1}
 	- php5 <unfixed> (low; bug #523028)
 	- php4 <unfixed> (low; bug #523028)
 CVE-2008-5813 (SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before ...)
@@ -6175,7 +6240,7 @@
 CVE-2008-5558 (Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition ...)
 	- asterisk 1:1.4.0~dfsg-1 (bug #509686)
 CVE-2008-5557 (Heap-based buffer overflow in ...)
-	{DTSA-188-1}
+	{DSA-1789-1 DTSA-188-1}
 	- php5 5.2.6.dfsg.1-1 (bug #511493)
 	[lenny] - php5 5.2.6.dfsg.1-1+lenny1
 	NOTE: according to bug report, this was fixed in lenny prior to the release, but was not marked as such at the time
@@ -6677,7 +6742,7 @@
 CVE-2008-5617 (The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does ...)
 	- rsyslog 3.18.6-1 (bug #508027)
 CVE-2008-5624 (PHP 5 before 5.2.7 does not properly initialize the page_uid and ...)
-	{DTSA-188-1}
+	{DSA-1789-1 DTSA-188-1}
 	- php5 5.2.6.dfsg.1-1 (bug #508021)
 	TODO: check php4
 CVE-2008-5660 (Format string vulnerability in the vinagre_utils_show_error function ...)
@@ -6866,7 +6931,7 @@
 CVE-2007-6719 (SQL injection vulnerability in Wiz-Ad 1.3 allows remote attackers to ...)
 	NOT-FOR-US: Wiz-Ad
 CVE-2008-5658 (Directory traversal vulnerability in the ZipArchive::extractTo ...)
-	{DTSA-188-1}
+	{DSA-1789-1 DTSA-188-1}
 	- php5 5.2.6.dfsg.1-3 (bug #507857)
 	- php4 <unfixed>
 CVE-2008-5323 (Cross-site scripting (XSS) vulnerability in index.php in Wysi Wiki Wyg ...)
@@ -14604,9 +14669,11 @@
 	[etch] - libid3tag <no-dsa> (Minor issue)
 	NOTE: totally different approach to fix the bug, see Kurts comments in the bug report
 CVE-2008-2108 (The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, ...)
+	{DSA-1789-1}
 	- php5 5.2.2-1 (low)
 	NOTE: http://www.sektioneins.de/advisories/SE-2008-02.txt
 CVE-2008-2107 (The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, ...)
+	{DSA-1789-1}
 	- php5 5.2.2-1 (low)
 	NOTE: closely related to CVE-2008-2108
 CVE-2008-2106 (Call of Duty 4 (CoD4) 1.5 and earlier allows remote authenticated ...)

More information about the Secure-testing-commits mailing list