[Secure-testing-commits] r13189 - data/CVE

Joey Hess joeyh at alioth.debian.org
Tue Nov 3 21:14:24 UTC 2009


Author: joeyh
Date: 2009-11-03 21:14:23 +0000 (Tue, 03 Nov 2009)
New Revision: 13189

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-11-03 17:08:40 UTC (rev 13188)
+++ data/CVE/list	2009-11-03 21:14:23 UTC (rev 13189)
@@ -1,3 +1,39 @@
+CVE-2009-3850
+	RESERVED
+CVE-2009-3849
+	RESERVED
+CVE-2009-3848
+	RESERVED
+CVE-2009-3847
+	RESERVED
+CVE-2009-3846
+	RESERVED
+CVE-2009-3845
+	RESERVED
+CVE-2009-3844
+	RESERVED
+CVE-2009-3843
+	RESERVED
+CVE-2009-3842
+	RESERVED
+CVE-2009-3841
+	RESERVED
+CVE-2009-3840
+	RESERVED
+CVE-2009-3839 (Unspecified vulnerability in the Solaris Trusted Extensions Policy ...)
+	TODO: check
+CVE-2009-3838 (Stack-based buffer overflow in Pegasus Mail (PMail) 4.41 and possibly ...)
+	TODO: check
+CVE-2009-3837 (Stack-based buffer overflow in Eureka Email 2.2q allows remote POP3 ...)
+	TODO: check
+CVE-2009-3836 (ArubaOS 3.3.1.x, 3.3.2.x, RN 3.1.x, 3.4.x, and 3.3.2.x-FIPS on the ...)
+	TODO: check
+CVE-2009-3835 (SQL injection vulnerability in the JShop (com_jshop) component for ...)
+	TODO: check
+CVE-2009-3834 (SQL injection vulnerability in the Photoblog (com_photoblog) component ...)
+	TODO: check
+CVE-2009-3833 (Cross-site scripting (XSS) vulnerability in index.php in TFTgallery ...)
+	TODO: check
 CVE-2009-3832 (Opera before 10.01 on Windows does not prevent use of Web fonts in ...)
 	NOT-FOR-US: Opera
 CVE-2009-3831 (Opera before 10.01 allows remote attackers to execute arbitrary code ...)
@@ -229,8 +265,8 @@
 	RESERVED
 CVE-2009-XXXX [mandos 0600 file being included in initrd]
 	- mandos 1.0.13-1 (bug #551907)
-CVE-2009-3733
-	RESERVED
+CVE-2009-3733 (Directory traversal vulnerability in VMware Server 1.x before 1.0.10 ...)
+	TODO: check
 CVE-2009-3732
 	RESERVED
 CVE-2009-3731
@@ -498,32 +534,23 @@
 CVE-2009-3637 [alien-arena server issue]
 	RESERVED
 	- alien-arena <unfixed> (bug #552038)
-CVE-2009-3636 [typo3-sa-2009-016]
-	RESERVED
+CVE-2009-3636 (Cross-site scripting (XSS) vulnerability in the Install Tool ...)
 	- typo3-src 4.2.10-1 (medium; bug #552020)
-CVE-2009-3635 [typo3-sa-2009-016]
-	RESERVED
+CVE-2009-3635 (The Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x ...)
 	- typo3-src 4.2.10-1 (medium; bug #552020)
-CVE-2009-3634 [typo3-sa-2009-016]
-	RESERVED
+CVE-2009-3634 (Cross-site scripting (XSS) vulnerability in the Frontend Login Box ...)
 	- typo3-src 4.2.10-1 (medium; bug #552020)
-CVE-2009-3633 [typo3-sa-2009-016]
-	RESERVED
+CVE-2009-3633 (Cross-site scripting (XSS) vulnerability in the ...)
 	- typo3-src 4.2.10-1 (medium; bug #552020)
-CVE-2009-3632 [typo3-sa-2009-016]
-	RESERVED
+CVE-2009-3632 (SQL injection vulnerability in the traditional frontend editing ...)
 	- typo3-src 4.2.10-1 (medium; bug #552020)
-CVE-2009-3631 [typo3-sa-2009-016]
-	RESERVED
+CVE-2009-3631 (The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before ...)
 	- typo3-src 4.2.10-1 (medium; bug #552020)
-CVE-2009-3630 [typo3-sa-2009-016]
-	RESERVED
+CVE-2009-3630 (The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before ...)
 	- typo3-src 4.2.10-1 (medium; bug #552020)
-CVE-2009-3629 [typo3-sa-2009-016]
-	RESERVED
+CVE-2009-3629 (Multiple cross-site scripting (XSS) vulnerabilities in the Backend ...)
 	- typo3-src 4.2.10-1 (medium; bug #552020)
-CVE-2009-3628 [typo3-sa-2009-016]
-	RESERVED
+CVE-2009-3628 (The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before ...)
 	- typo3-src 4.2.10-1 (medium; bug #552020)
 CVE-2009-3627 (The decode_entities function in util.c in HTML-Parser before 3.63 ...)
 	{DSA-1923-1}
@@ -535,8 +562,7 @@
 	[etch] - perl <not-affected> (Vulnerable code not present)
 CVE-2009-3625 (Directory traversal vulnerability in www/index.php in Sahana 0.6.2.2 ...)
 	- sahana <itp> (bug #497414)
-CVE-2009-3624 [linux-2.6: keyring issue]
-	RESERVED
+CVE-2009-3624 (The get_instantiation_keyring function in security/keys/keyctl.c in ...)
 	- linux-2.6 <unfixed> (low)
 	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
 	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
@@ -606,8 +632,7 @@
 	- poppler <unfixed> (medium; bug #551289)
 	- kdegraphics <unfixed> (medium; bug #551290)
 	- swftools <unfixed> (medium; bug #551291)
-CVE-2009-3605
-	RESERVED
+CVE-2009-3605 (Multiple integer overflows in Poppler 0.10.5 and earlier allow remote ...)
 	- poppler <unfixed> (medium; bug #551289)
 CVE-2009-3604 (The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before ...)
 	- xpdf <unfixed> (medium; bug #551287)
@@ -4909,8 +4934,8 @@
 	NOT-FOR-US: Empire CMS
 CVE-2009-2268 (Cross-site scripting (XSS) vulnerability in the Cross-Domain ...)
 	NOT-FOR-US: Sun Java System Access Manager
-CVE-2009-2267
-	RESERVED
+CVE-2009-2267 (VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player ...)
+	TODO: check
 CVE-2009-2266 (OXID eShop 4.x before 4.1.4-21266, 3.x, and 2.x allows remote ...)
 	NOT-FOR-US: OXID eShop
 CVE-2009-2281 (Multiple heap-based buffer underflows in the readPostBody function in ...)




More information about the Secure-testing-commits mailing list