[Secure-testing-commits] r13272 - data/CVE

Tue Nov 10 21:14:29 UTC 2009

Author: joeyh
Date: 2009-11-10 21:14:29 +0000 (Tue, 10 Nov 2009)
New Revision: 13272

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2009-11-10 19:35:47 UTC (rev 13271)
+++ data/CVE/list	2009-11-10 21:14:29 UTC (rev 13272)
@@ -1,3 +1,41 @@
+CVE-2009-3924 (Buffer overflow in pbsv.dll, as used in Soldier of Fortune II and ...)
+	TODO: check
+CVE-2009-3923 (The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop ...)
+	TODO: check
+CVE-2009-3922 (Multiple cross-site request forgery (CSRF) vulnerabilities in the User ...)
+	TODO: check
+CVE-2009-3921 (The Smartqueue_og module 5.x before 5.x-1.3 and 6.x before ...)
+	TODO: check
+CVE-2009-3920 (An administration page in the NGP COO/CWP Integration (crmngp) module ...)
+	TODO: check
+CVE-2009-3919 (Cross-site scripting (XSS) vulnerability in the NGP COO/CWP ...)
+	TODO: check
+CVE-2009-3918 (Cross-site scripting (XSS) vulnerability in the Zoomify module 5.x ...)
+	TODO: check
+CVE-2009-3917 (Cross-site scripting (XSS) vulnerability in the S5 Presentation Player ...)
+	TODO: check
+CVE-2009-3916 (Cross-site scripting (XSS) vulnerability in the Node Hierarchy module ...)
+	TODO: check
+CVE-2009-3915 (Cross-site scripting (XSS) vulnerability in the &quot;Separate title and ...)
+	TODO: check
+CVE-2009-3914 (Cross-site scripting (XSS) vulnerability in the Temporary Invitation ...)
+	TODO: check
+CVE-2009-3913 (SQL injection vulnerability in summary.php in Xerox Fiery Webtools ...)
+	TODO: check
+CVE-2009-3912 (Directory traversal vulnerability in index.php in TFTgallery 0.13 ...)
+	TODO: check
+CVE-2009-3911 (Cross-site scripting (XSS) vulnerability in settings.php in TFTgallery ...)
+	TODO: check
+CVE-2009-3910
+	RESERVED
+CVE-2009-3909
+	RESERVED
+CVE-2009-3908
+	RESERVED
+CVE-2009-3907
+	RESERVED
+CVE-2009-3906
+	RESERVED
 CVE-2009-XXXX [grub2: password bypass]
 	- grub2 <unfixed> (high; bug #555195)
 	NOTE: fixed in upstream verion 1.97.1
@@ -39,22 +77,22 @@
 	RESERVED
 CVE-2009-3887
 	RESERVED
-CVE-2009-3886
-	RESERVED
-CVE-2009-3885
-	RESERVED
-CVE-2009-3884
-	RESERVED
-CVE-2009-3883
-	RESERVED
-CVE-2009-3882
-	RESERVED
-CVE-2009-3881
-	RESERVED
-CVE-2009-3880
-	RESERVED
-CVE-2009-3879
-	RESERVED
+CVE-2009-3886 (The Java Web Start implementation in Sun Java SE 6 before Update 17 ...)
+	TODO: check
+CVE-2009-3885 (Sun Java SE 5.0 before Update 22 and 6 before Update 17 on Windows ...)
+	TODO: check
+CVE-2009-3884 (The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 ...)
+	TODO: check
+CVE-2009-3883 (Multiple unspecified vulnerabilities in the Windows Pluggable Look and ...)
+	TODO: check
+CVE-2009-3882 (Multiple unspecified vulnerabilities in the Swing implementation in ...)
+	TODO: check
+CVE-2009-3881 (Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, ...)
+	TODO: check
+CVE-2009-3880 (The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in ...)
+	TODO: check
+CVE-2009-3879 (Multiple unspecified vulnerabilities in the (1) X11 and (2) ...)
+	TODO: check
 CVE-2009-3878 (Buffer overflow in Sun Java System Web Server 7.0 Update 6 has ...)
 	TODO: check
 CVE-2009-3877 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before ...)
@@ -306,7 +344,7 @@
 CVE-2009-3767 (libraries/libldap/tls_o.c in OpenLDAP, when OpenSSL is used, does not ...)
 	- openldap 2.4.17-2.1 (medium; bug #553432)
 	- openldap2.3 <removed>
-CVE-2009-3766 (mutt_ssl.c in mutt 1.5.16, when OpenSSL is used, does not verify the ...)
+CVE-2009-3766 (mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when ...)
 	- mutt <not-affected> (uses GnuTLS and not OpenSSL)
 	NOTE: our mutt is linked against gnutls, bug #553433
 CVE-2009-3765 (mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not ...)
@@ -384,17 +422,16 @@
 	RESERVED
 CVE-2009-3730 (Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help ...)
 	NOT-FOR-US: ReqWeb
-CVE-2009-3729
-	RESERVED
-CVE-2009-3728
-	RESERVED
+CVE-2009-3729 (Unspecified vulnerability in the TrueType font parsing functionality ...)
+	TODO: check
+CVE-2009-3728 (Directory traversal vulnerability in the ICC_Profile.getInstance ...)
+	TODO: check
 CVE-2009-3727 [asterisk AST-2009-008]
 	RESERVED
 	- asterisk <unfixed>
 	[lenny] - asterisk <no-dsa> (Minor issue)
 	[etch] - asterisk <no-dsa> (Minor issue)
-CVE-2009-3726 [linux-2.6: null ptr dereference in nfs4]
-	RESERVED
+CVE-2009-3726 (The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client ...)
 	- linux-2.6 2.6.31-1 (medium)
 	- linux-2.6.24 <removed> (medium)
 CVE-2009-3725 (The connector layer in the Linux kernel before 2.6.31.5 does not ...)
@@ -518,7 +555,7 @@
 	{DSA-1918-1}
 	- phpmyadmin 4:3.2.2.1-1
 CVE-2009-3610
-	RESERVED
+	REJECTED
 CVE-2009-3695 (Algorithmic complexity vulnerability in the forms library in Django ...)
 	{DSA-1905-1}
 	- python-django 1.1.1-1 (medium; bug #550457)
@@ -712,10 +749,10 @@
 	{DSA-1928-1 DSA-1927-1}
 	- linux-2.6 <unfixed> (medium)
 	- linux-2.6.24 <removed> (medium)
-CVE-2009-3619
-	RESERVED
-CVE-2009-3618
-	RESERVED
+CVE-2009-3619 (Unspecified vulnerability in ViewVC 1.0 before 1.0.9 and 1.1 before ...)
+	TODO: check
+CVE-2009-3618 (Cross-site scripting (XSS) vulnerability in viewvc.py in ViewVC 1.0 ...)
+	TODO: check
 CVE-2009-3617 (Format string vulnerability in the AbstractCommand::onAbort function ...)
 	- aria2 1.6.2-1 (low)
 CVE-2009-3616 (Multiple use-after-free vulnerabilities in vnc.c in the VNC server in ...)
@@ -887,8 +924,7 @@
 	RESERVED
 CVE-2009-3556
 	RESERVED
-CVE-2009-3555 [TLS/SSL renegotiation prefix injection vulnerability]
-	RESERVED
+CVE-2009-3555 (The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as ...)
 	- openssl <unfixed>
 	- openssl097 <removed>
 	- gnutls26 <unfixed>
@@ -4582,7 +4618,7 @@
 	- xulrunner 1.9.0.12-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
 CVE-2009-2463 (Integer overflow in a base64 decoding function in Mozilla Firefox ...)
-	{DSA-1931-1 DSA-1840-1}
+	{DSA-1931-1}
 	- nspr 4.8.2-1
 	[etch] - nspr <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
 CVE-2009-2462 (The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird ...)
@@ -37721,6 +37757,7 @@
 CVE-2007-2757 (Multiple cross-site scripting (XSS) vulnerabilities in Redoable 1.2 ...)
 	NOT-FOR-US: Redoable
 CVE-2007-2756 (The gdPngReadData function in libgd 2.0.34 allows user-assisted ...)
+	{DSA-1613-1}
 	- libgd2 2.0.35.dfsg-1 (bug #426100; bug #426099; bug #425584; low)
 	[etch] - libgd <no-dsa> (Minor issue)
 	[sarge] - libgd <no-dsa> (Minor issue)


