[Secure-testing-commits] r11804 - data/CVE

Joey Hess joeyh at alioth.debian.org
Tue May 5 21:14:17 UTC 2009 

Author: joeyh
Date: 2009-05-05 21:14:17 +0000 (Tue, 05 May 2009)
New Revision: 11804

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-05-05 20:51:18 UTC (rev 11803)
+++ data/CVE/list	2009-05-05 21:14:17 UTC (rev 11804)
@@ -1,22 +1,24 @@
+CVE-2009-1513 (Buffer overflow in the PATinst function in src/load_pat.cpp in ...)
+	TODO: check
 CVE-2009-XXXX [unsafe temp file in coccinelle]
 	- coccinelle 0.1.7.deb-3 (low)
-CVE-2009-1519
+CVE-2009-1519 (Directory traversal vulnerability in index.php in Pecio CMS 1.1.5 ...)
 	NOT-FOR-US: Pecio CMS
-CVE-2009-1518
+CVE-2009-1518 (Cross-site request forgery (CSRF) vulnerability in Beltane before ...)
 	NOT-FOR-US: Beltane
-CVE-2009-1517
+CVE-2009-1517 (Multiple insecure method vulnerabilities in the Symantec.EasySetup.1 ...)
 	NOT-FOR-US: ActiveX
-CVE-2009-1516
+CVE-2009-1516 (Stack-based buffer overflow in the IceWarpServer.APIObject ActiveX ...)
 	NOT-FOR-US: ActiveX
-CVE-2009-1514
+CVE-2009-1514 (Google Chrome 1.0.154.53 allows remote attackers to cause a denial of ...)
 	NOT-FOR-US: Google Chrome
-CVE-2008-6791
+CVE-2008-6791 (PumpKIN TFTP Server 2.7.2.0 allows remote attackers to cause a denial ...)
 	NOT-FOR-US: PumpKIN TFTP Server
-CVE-2008-6790
+CVE-2008-6790 (The admin module in MindDezign Photo Gallery 2.2 allows remote ...)
 	NOT-FOR-US: MindDezign Photo Gallery
-CVE-2008-6789
+CVE-2008-6789 (SQL injection vulnerability in MindDezign Photo Gallery 2.2 allows ...)
 	NOT-FOR-US: MindDezign Photo Gallery
-CVE-2008-6788
+CVE-2008-6788 (SQL injection vulnerability in MindDezign Photo Gallery 2.2, when ...)
 	NOT-FOR-US: MindDezign Photo Gallery
 CVE-2009-XXXX [xvfb insecure passing of magic cookie]
 	- xorg-server <unfixed> (low; bug #526678)
@@ -31,7 +33,7 @@
 	- clamav <not-affected> (Vulnerable code not present)
 	NOTE: from what I see this code was never uploaded to the debian archive
 	NOTE: CVE id requested on oss-sec
-CVE-2009-1515 [file 5.xx buffer overflow in the cdf_read_sat function]
+CVE-2009-1515 (Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c ...)
 	- file 5.02-1
 	[lenny] - file <not-affected> (Vulnerable code not present)
 	[etch] - file <not-affected> (Vulnerable code not present)
@@ -1278,22 +1280,27 @@
 	[etch] - linux-2.6 <not-affected> (Issue was introduced after 2.6.24 release)
 	- linux-2.6.24 <not-affected> (Issue was introduced after 2.6.24 release)
 CVE-2009-1183 (The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and ...)
+	{DSA-1790-1}
 	- poppler 0.10.6-1 (medium; bug #524806)
 	- xpdf <unfixed> (medium; bug #524809)
 	- kdegraphics 4.0-1 (medium; bug #524810)
 CVE-2009-1182 (Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and ...)
+	{DSA-1790-1}
 	- poppler 0.10.6-1 (medium; bug #524806)
 	- xpdf <unfixed> (medium; bug #524809)
 	- kdegraphics 4.0-1 (medium; bug #524810)
 CVE-2009-1181 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...)
+	{DSA-1790-1}
 	- poppler 0.10.6-1 (medium; bug #524806)
 	- xpdf <unfixed> (medium; bug #524809)
 	- kdegraphics 4.0-1 (medium; bug #524810)
 CVE-2009-1180 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...)
+	{DSA-1790-1}
 	- poppler 0.10.6-1 (medium; bug #524806)
 	- xpdf <unfixed> (medium; bug #524809)
 	- kdegraphics 4.0-1 (medium; bug #524810)
 CVE-2009-1179 (Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, ...)
+	{DSA-1790-1}
 	- poppler 0.10.6-1 (medium; bug #524806)
 	- xpdf <unfixed> (medium; bug #524809)
 	- kdegraphics 4.0-1 (medium; bug #524810)
@@ -1897,9 +1904,9 @@
 	NOT-FOR-US: BEA Product Suite
 CVE-2009-1003 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
 	NOT-FOR-US: BEA Product Suite
-CVE-2009-1002 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
+CVE-2009-1002 (Unspecified vulnerability in Oracle BEA WebLogic Server 10.3, 10.0 ...)
 	NOT-FOR-US: BEA Product Suite
-CVE-2009-1001 (Unspecified vulnerability in the WebLogic Portal component in BEA ...)
+CVE-2009-1001 (Unspecified vulnerability in Oracle BEA WebLogic Portal 8.1 Gold ...)
 	NOT-FOR-US: BEA Product Suite
 CVE-2009-1000 (The Oracle Applications Framework component in Oracle E-Business Suite ...)
 	NOT-FOR-US: Oracle E-Business Suite
@@ -2556,10 +2563,12 @@
 	NOTE: Also, same origin validations in the browsers still apply and keep this mostly harmless
 	NOTE: http://marc.info/?l=squid-dev&m=123542836103750&w=4
 CVE-2009-0800 (Multiple &quot;input validation flaws&quot; in the JBIG2 decoder in Xpdf 3.02pl2 ...)
+	{DSA-1790-1}
 	- poppler 0.10.6-1 (medium; bug #524806)
 	- xpdf <unfixed> (medium; bug #524809)
 	- kdegraphics 4.0  (medium; bug #524810)
 CVE-2009-0799 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...)
+	{DSA-1790-1}
 	- poppler 0.10.6-1 (medium; bug #524806)
 	- xpdf <unfixed> (medium; bug #524809)
 	- kdegraphics 4.0 (medium; bug #524810)
@@ -5135,11 +5144,13 @@
 CVE-2009-0167 (Unspecified vulnerability in lpadmin in Sun Solaris 10 and OpenSolaris ...)
 	NOT-FOR-US: lpadmin in Sun Solaris 10 and OpenSolaris
 CVE-2009-0166 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...)
+	{DSA-1790-1}
 	- poppler <unfixed> (medium; bug #524806)
 	- cups <not-affected> (Uses poppler's pdftops)
 	- xpdf <unfixed> (medium; bug #524809)
 	- kdegraphics <unfixed> (medium; bug #524810)
 CVE-2009-0165 (Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as ...)
+	{DSA-1790-1}
 	TODO: check
 CVE-2009-0164 (The web interface for CUPS before 1.3.10 does not validate the HTTP ...)
 	- cups 1.3.10-1 (low)
@@ -5183,11 +5194,13 @@
 CVE-2009-0148
 	RESERVED
 CVE-2009-0147 (Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and ...)
+	{DSA-1790-1}
 	- poppler <unfixed> (medium; bug #524806)
 	- cups <not-affected> (Uses poppler's pdftops)
 	- xpdf <unfixed> (medium; bug #524809)
 	- kdegraphics <unfixed> (medium; bug #524810)
 CVE-2009-0146 (Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and ...)
+	{DSA-1790-1}
 	- poppler <unfixed> (medium; bug #524806)
 	- cups <not-affected> (Uses poppler's pdftops)
 	- xpdf <unfixed> (medium; bug #524809)
@@ -8845,7 +8858,7 @@
 	NOT-FOR-US: Windows Mobile
 CVE-2008-4539 (Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM ...)
 	- qemu 0.9.1+svn20081101-1 (low; bug #526040)
-        [etch] - qemu <not-affected> (Vulnerable code not present)
+	[etch] - qemu <not-affected> (Vulnerable code not present)
 CVE-2008-4538
 	RESERVED
 CVE-2008-4537 (Cross-site scripting (XSS) vulnerability in EC-CUBE Ver1 1.4.6 and ...)

More information about the Secure-testing-commits mailing list