[Secure-testing-commits] r11982 - data/CVE

Joey Hess joeyh at alioth.debian.org
Wed May 27 21:14:12 UTC 2009 

Author: joeyh
Date: 2009-05-27 21:14:12 +0000 (Wed, 27 May 2009)
New Revision: 11982

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-05-27 20:12:05 UTC (rev 11981)
+++ data/CVE/list	2009-05-27 21:14:12 UTC (rev 11982)
@@ -1,3 +1,23 @@
+CVE-2009-1798
+	RESERVED
+CVE-2009-1797
+	RESERVED
+CVE-2009-1796 (Cross-site scripting (XSS) vulnerability in Sun Java System Portal ...)
+	TODO: check
+CVE-2009-1795
+	RESERVED
+CVE-2009-1794
+	RESERVED
+CVE-2009-1793
+	RESERVED
+CVE-2009-1792
+	RESERVED
+CVE-2009-1790 (Cross-site scripting (XSS) vulnerability in CGI RESCUE Trees before ...)
+	TODO: check
+CVE-2009-1787 (Multiple SQL injection vulnerabilities in PHP Dir Submit (aka ...)
+	TODO: check
+CVE-2009-1786 (The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows local users ...)
+	TODO: check
 CVE-2009-1785 (Cross-site scripting (XSS) vulnerability in Ulteo Open Virtual Desktop ...)
 	NOT-FOR-US: Ulteo Open Virtual Desktop
 CVE-2009-1784 (The AVG parsing engine 8.5 323, as used in multiple AVG anti-virus ...)
@@ -64,8 +84,8 @@
 	- transmission 1.61-1 (low)
 	[lenny] - transmission <not-affected> (Vulnerable code not present, the web interface was introduced in 1.30)
 	[etch] - transmission <not-affected> (Vulnerable code not present, the web interface was introduced in 1.30)
-CVE-2009-1754
-	RESERVED
+CVE-2009-1754 (The PackageManagerService class in ...)
+	TODO: check
 CVE-2009-1752 (exJune Office Message System 1 does not properly restrict access to ...)
 	NOT-FOR-US: exJune Office Message System
 CVE-2009-1751 (SQL injection vulnerability in list_list.php in Realty Webware ...)
@@ -321,9 +341,9 @@
 	NOT-FOR-US: Venalsur Booking center Booking System
 CVE-2008-6809 (SQL injection vulnerability in hotel_habitaciones.php in Venalsur ...)
 	NOT-FOR-US: Venalsur Booking center Booking System
-CVE-2009-1788 [libsndfile VOC Processing Buffer Overflow]
+CVE-2009-1788 (Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 ...)
 	- libsndfile 1.0.20-1 (medium; bug #528650)
-CVE-2009-1791 [libsndfile AIFF Processing Buffer Overflow]
+CVE-2009-1791 (Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 ...)
 	- libsndfile 1.0.20-1 (medium; bug #528650)
 CVE-2009-XXXX [drupal: cross-site scripting vulnerability]
 	- drupal5 5.18 (low; bug #529191)
@@ -332,12 +352,12 @@
 	- kdebase <unfixed> (low; bug #526985)
 	[etch] - kdebase <not-affected> (vulnerability introduced in konqueror 4)
 	[lenny] - kdebase <not-affected> (vulnerability introduced in konqueror 4)
-CVE-2009-1636
-	RESERVED
-CVE-2009-1635 (Cross-site scripting (XSS) vulnerability in the WebAccess login page ...)
+CVE-2009-1636 (Multiple buffer overflows in the Internet Agent (aka GWIA) component ...)
+	TODO: check
+CVE-2009-1635 (Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess ...)
 	NOT-FOR-US: Novell GroupWise
-CVE-2009-1634
-	RESERVED
+CVE-2009-1634 (The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and ...)
+	TODO: check
 CVE-2009-1633 [CIFS Unicode issue]
 	RESERVED
 	- linux-2.6 <unfixed>
@@ -355,7 +375,7 @@
 	- linux-2.6.24 <removed>
 CVE-2009-1629 (ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with ...)
 	- ajaxterm <unfixed> (medium; bug #528938) 
-CVE-2009-1789 [eggdrop buffer overflow]
+CVE-2009-1789 (mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and ...)
 	- eggdrop 1.6.19-1.2 (medium; bug #528778)
 	NOTE: CVE id request on oss-sec
 CVE-2009-XXXX [cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked]
@@ -825,8 +845,8 @@
 	NOT-FOR-US: K&S Shopsoftware
 CVE-2009-1477
 	RESERVED
-CVE-2009-1476
-	RESERVED
+CVE-2009-1476 (Buffer overflow in lib/load_http.c in ippool in Darren Reed IPFilter ...)
+	TODO: check
 CVE-2009-1475
 	RESERVED
 CVE-2009-1474
@@ -1065,23 +1085,19 @@
 CVE-2009-1377 (The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and ...)
 	- openssl <unfixed> (low; bug #530400)
 	- openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
-CVE-2009-1376 [new pidgin issues]
-	RESERVED
+CVE-2009-1376 (Multiple integer overflows in the msn_slplink_process_msg functions in ...)
 	{DSA-1805-1}
 	- pidgin 2.5.6-1
 	- gaim <removed>
-CVE-2009-1375 [new pidgin issues]
-	RESERVED
+CVE-2009-1375 (The PurpleCircBuffer implementation in Pidgin before 2.5.6 does not ...)
 	{DSA-1805-1}
 	- pidgin 2.5.6-1
 	- gaim <removed>
-CVE-2009-1374 [new pidgin issues]
-	RESERVED
+CVE-2009-1374 (Buffer overflow in the decrypt_out function in Pidgin before 2.5.6 ...)
 	- pidgin 2.5.6-1
 	[etch] - pidgin <not-affected> (QQ support not yet present)
 	- gaim <not-affected> (QQ support not yet present)
-CVE-2009-1373 [new pidgin issues]
-	RESERVED
+CVE-2009-1373 (Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin before ...)
 	{DSA-1805-1}
 	- pidgin 2.5.6-1
 	- gaim <removed>
@@ -11231,10 +11247,10 @@
 	NOTE: automatically downloads latest update from adobe which is 9.0.124.0 currently
 CVE-2008-3871 (Multiple format string vulnerabilities in UltraISO 9.3.1.2633, and ...)
 	NOT-FOR-US: UltraISO
-CVE-2008-3870
-	RESERVED
-CVE-2008-3869
-	RESERVED
+CVE-2008-3870 (Integer overflow in sadmind in Sun Solaris 8 and 9 allows remote ...)
+	TODO: check
+CVE-2008-3869 (Heap-based buffer overflow in sadmind in Sun Solaris 8 and 9 allows ...)
+	TODO: check
 CVE-2008-3868 (Cross-site request forgery (CSRF) vulnerability in Interact 2.4.1 ...)
 	NOT-FOR-US: Interact
 CVE-2008-3867 (SQL injection vulnerability in spaces/emailuser.php in Interact 2.4.1 ...)

More information about the Secure-testing-commits mailing list