[Secure-testing-commits] r13217 - data/CVE

Joey Hess joeyh at alioth.debian.org
Thu Nov 5 21:14:24 UTC 2009 

Author: joeyh
Date: 2009-11-05 21:14:23 +0000 (Thu, 05 Nov 2009)
New Revision: 13217

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-11-05 18:34:24 UTC (rev 13216)
+++ data/CVE/list	2009-11-05 21:14:23 UTC (rev 13217)
@@ -1,3 +1,29 @@
+CVE-2009-3863 (Buffer overflow in the gxmim1.dll ActiveX control in Novell Groupwise ...)
+	TODO: check
+CVE-2009-3862 (The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and ...)
+	TODO: check
+CVE-2009-3861 (Stack-based buffer overflow in SafeNet SoftRemote 10.8.5 (Build 2) and ...)
+	TODO: check
+CVE-2009-3860 (Multiple insecure method vulnerabilities in Idefense Labs COMRaider ...)
+	TODO: check
+CVE-2009-3859 (Buffer overflow in eEye Retina WiFi Scanner 1.0.8.68, as used in ...)
+	TODO: check
+CVE-2009-3858 (Cross-site scripting (XSS) vulnerability in GejoSoft allows remote ...)
+	TODO: check
+CVE-2009-3857 (Buffer overflow in Softonic International SciTE 1.72 allows ...)
+	TODO: check
+CVE-2009-3856 (Cross-site scripting (XSS) vulnerability in the default URI in news/ ...)
+	TODO: check
+CVE-2009-3855 (Multiple unspecified vulnerabilities in the (1) UNIX and (2) Linux ...)
+	TODO: check
+CVE-2009-3854 (Buffer overflow in the traditional client scheduler in the client in ...)
+	TODO: check
+CVE-2009-3853 (Buffer overflow in the client acceptor daemon (CAD) scheduler in the ...)
+	TODO: check
+CVE-2009-3852 (Unspecified vulnerability in the XML component in IBM Runtimes for ...)
+	TODO: check
+CVE-2009-3851 (Trusted Extensions in Sun Solaris 10 interferes with the operation of ...)
+	TODO: check
 CVE-2009-3850
 	RESERVED
 CVE-2009-3849
@@ -305,8 +331,7 @@
 	NOTE: http://git.kernel.org/linus/0a79b009525b160081d75cef5dbf45817956acf2
 CVE-2009-3721
 	RESERVED
-CVE-2009-3720 [expat: dos]
-	RESERVED
+CVE-2009-3720 (The updatePosition function in lib/xmltok_impl.c in libexpat in Expat ...)
 	{DSA-1921-1}
 	- expat <unfixed> (low; bug #551936)
 	- w3c-libwww <unfixed> (low; bug #551938)
@@ -527,6 +552,7 @@
 	- proftpd-dfsg 1.3.2a-2 (low)
 	NOTE: http://bugs.proftpd.org/show_bug.cgi?id=3275
 CVE-2009-3638 (Integer overflow in the kvm_dev_ioctl_get_supported_cpuid function in ...)
+	{DSA-1927-1}
 	- linux-2.6 2.6.31-1 (medium)
 	[etch] - linux-2.6 <not-affected> (introduced in 2.6.25)
 	NOTE: fixed in upstream 2.6.32-rc4
@@ -589,9 +615,11 @@
 	[etch] - wordpress <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/fulldisclosure/2009/Oct/263
 CVE-2009-3621 (net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows ...)
+	{DSA-1927-1}
 	- linux-2.6 <unfixed> (low)
 	- linux-2.6.24 <removed> (low)
 CVE-2009-3620 (The ATI Rage 128 (aka r128) driver in the Linux kernel before ...)
+	{DSA-1927-1}
 	- linux-2.6 <unfixed> (medium)
 	- linux-2.6.24 <removed> (medium)
 CVE-2009-3619
@@ -620,6 +648,7 @@
 	- linux-2.6.24 <removed>
 	NOTE: http://www.openwall.com/lists/oss-security/2009/10/15/4
 CVE-2009-3612 (The tcf_fill_node function in net/sched/cls_api.c in the netlink ...)
+	{DSA-1927-1}
 	- linux-2.6 <unfixed> (low)
 	- linux-2.6.24 <removed> (low)
 	NOTE: fixed in 2.6.32-rc5
@@ -787,8 +816,8 @@
 	[etch] - wireshark <not-affected> (Only affects Wireshark 1.2.x)
 CVE-2009-3548
 	RESERVED
-CVE-2009-3547 [linux-2.6: null ptr dereferences]
-	RESERVED
+CVE-2009-3547 (Multiple race conditions in fs/pipe.c in the Linux kernel before ...)
+	{DSA-1927-1}
 	- linux-2.6 <unfixed> (high)
 	- linux-2.6.24 <removed> (high)
 	NOTE: being exploited in the wild
@@ -992,14 +1021,14 @@
 	NOT-FOR-US: Common Desktop Environment (CDE) in Sun Solaris 
 CVE-2009-3467
 	RESERVED
-CVE-2009-3466
-	RESERVED
-CVE-2009-3465
-	RESERVED
-CVE-2009-3464
-	RESERVED
-CVE-2009-3463
-	RESERVED
+CVE-2009-3466 (Adobe Shockwave Player before 11.5.2.602 allows remote attackers to ...)
+	TODO: check
+CVE-2009-3465 (Adobe Shockwave Player before 11.5.2.602 allows remote attackers to ...)
+	TODO: check
+CVE-2009-3464 (Adobe Shockwave Player before 11.5.2.602 allows remote attackers to ...)
+	TODO: check
+CVE-2009-3463 (Array index error in Adobe Shockwave Player before 11.5.2.602 allows ...)
+	TODO: check
 CVE-2009-3462 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...)
 	NOT-FOR-US: Adobe
 CVE-2009-3461 (Unspecified vulnerability in Adobe Acrobat 9.x before 9.2 allows ...)
@@ -1381,13 +1410,11 @@
 	RESERVED
 CVE-2009-3300
 	RESERVED
-CVE-2009-3299 [mahara: cross-site scripting]
-	RESERVED
+CVE-2009-3299 (Cross-site scripting (XSS) vulnerability in the resume blocktype in ...)
 	{DSA-1924-1}
 	- mahara 1.1.7-1 (low)
 	NOTE: http://mahara.org/interaction/forum/topic.php?id=1170
-CVE-2009-3298 [mahara: privilege escalation]
-	RESERVED
+CVE-2009-3298 (Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote ...)
 	{DSA-1924-1}
 	- mahara 1.1.7-1 (low)
 	NOTE: http://mahara.org/interaction/forum/topic.php?id=1169
@@ -1558,6 +1585,7 @@
 	- openoffice.org <not-affected>
 	NOTE: SUSE says that it is not a dup of CVE-2009-2139 and CVE-2009-2140...
 CVE-2009-3238 (The get_random_int function in drivers/char/random.c in the Linux ...)
+	{DSA-1927-1}
 	- linux-2.6 2.6.30-1 (low)
 	- linux-2.6.24 <removed> (low)
 CVE-2009-3237 (Multiple cross-site scripting (XSS) vulnerabilities in Horde ...)
@@ -1569,6 +1597,7 @@
 	- dovecot 1:1.2.1-1 (medium; bug #546656)
 	NOTE: This is a different vulnerability than CVE-2009-2632, it covers a few additional buffer overflows
 CVE-2009-3228 (The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem ...)
+	{DSA-1927-1}
 	- linux-2.6 2.6.31-1 (low)
 	- linux-2.6.24 <removed> (low)
 CVE-2005-4881 (The netlink subsystem in the Linux kernel 2.4.x before 2.4.37.6 and ...)
@@ -2309,8 +2338,8 @@
 	RESERVED
 CVE-2009-3032
 	RESERVED
-CVE-2009-3031
-	RESERVED
+CVE-2009-3031 (Stack-based buffer overflow in the BrowseAndSaveFile method in the ...)
+	TODO: check
 CVE-2009-3030 (Cross-site scripting (XSS) vulnerability in Symantec ...)
 	NOT-FOR-US: Symantec SecurityExpressions Audit and Compliance Server
 CVE-2009-3029 (Cross-site scripting (XSS) vulnerability in the console in Symantec ...)
@@ -3945,7 +3974,7 @@
 	NOT-FOR-US: Acer LunchApp
 CVE-2009-2626
 	RESERVED
-CVE-2009-2625 (Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in ...)
+CVE-2009-2625 (XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime ...)
 	- sun-java5 1.5.0-20-1
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
 	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
@@ -11793,8 +11822,8 @@
 	RESERVED
 CVE-2009-0307 (Cross-site scripting (XSS) vulnerability in the &quot;Customize Statistics ...)
 	NOT-FOR-US: Motion (RIM) BlackBerry Enterprise Server
-CVE-2009-0306
-	RESERVED
+CVE-2009-0306 (Buffer overflow in the IBM Lotus Notes Intellisync ActiveX control in ...)
+	TODO: check
 CVE-2009-0305 (Multiple stack-based buffer overflows in the Research in Motion RIM ...)
 	NOT-FOR-US: ActiveX
 CVE-2009-0304 (The kernel in Sun Solaris 10 and 11 snv_101b, and OpenSolaris before ...)

More information about the Secure-testing-commits mailing list