[Secure-testing-commits] r13272 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Tue Nov 10 21:14:29 UTC 2009
Author: joeyh
Date: 2009-11-10 21:14:29 +0000 (Tue, 10 Nov 2009)
New Revision: 13272
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-11-10 19:35:47 UTC (rev 13271)
+++ data/CVE/list 2009-11-10 21:14:29 UTC (rev 13272)
@@ -1,3 +1,41 @@
+CVE-2009-3924 (Buffer overflow in pbsv.dll, as used in Soldier of Fortune II and ...)
+ TODO: check
+CVE-2009-3923 (The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop ...)
+ TODO: check
+CVE-2009-3922 (Multiple cross-site request forgery (CSRF) vulnerabilities in the User ...)
+ TODO: check
+CVE-2009-3921 (The Smartqueue_og module 5.x before 5.x-1.3 and 6.x before ...)
+ TODO: check
+CVE-2009-3920 (An administration page in the NGP COO/CWP Integration (crmngp) module ...)
+ TODO: check
+CVE-2009-3919 (Cross-site scripting (XSS) vulnerability in the NGP COO/CWP ...)
+ TODO: check
+CVE-2009-3918 (Cross-site scripting (XSS) vulnerability in the Zoomify module 5.x ...)
+ TODO: check
+CVE-2009-3917 (Cross-site scripting (XSS) vulnerability in the S5 Presentation Player ...)
+ TODO: check
+CVE-2009-3916 (Cross-site scripting (XSS) vulnerability in the Node Hierarchy module ...)
+ TODO: check
+CVE-2009-3915 (Cross-site scripting (XSS) vulnerability in the "Separate title and ...)
+ TODO: check
+CVE-2009-3914 (Cross-site scripting (XSS) vulnerability in the Temporary Invitation ...)
+ TODO: check
+CVE-2009-3913 (SQL injection vulnerability in summary.php in Xerox Fiery Webtools ...)
+ TODO: check
+CVE-2009-3912 (Directory traversal vulnerability in index.php in TFTgallery 0.13 ...)
+ TODO: check
+CVE-2009-3911 (Cross-site scripting (XSS) vulnerability in settings.php in TFTgallery ...)
+ TODO: check
+CVE-2009-3910
+ RESERVED
+CVE-2009-3909
+ RESERVED
+CVE-2009-3908
+ RESERVED
+CVE-2009-3907
+ RESERVED
+CVE-2009-3906
+ RESERVED
CVE-2009-XXXX [grub2: password bypass]
- grub2 <unfixed> (high; bug #555195)
NOTE: fixed in upstream verion 1.97.1
@@ -39,22 +77,22 @@
RESERVED
CVE-2009-3887
RESERVED
-CVE-2009-3886
- RESERVED
-CVE-2009-3885
- RESERVED
-CVE-2009-3884
- RESERVED
-CVE-2009-3883
- RESERVED
-CVE-2009-3882
- RESERVED
-CVE-2009-3881
- RESERVED
-CVE-2009-3880
- RESERVED
-CVE-2009-3879
- RESERVED
+CVE-2009-3886 (The Java Web Start implementation in Sun Java SE 6 before Update 17 ...)
+ TODO: check
+CVE-2009-3885 (Sun Java SE 5.0 before Update 22 and 6 before Update 17 on Windows ...)
+ TODO: check
+CVE-2009-3884 (The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 ...)
+ TODO: check
+CVE-2009-3883 (Multiple unspecified vulnerabilities in the Windows Pluggable Look and ...)
+ TODO: check
+CVE-2009-3882 (Multiple unspecified vulnerabilities in the Swing implementation in ...)
+ TODO: check
+CVE-2009-3881 (Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, ...)
+ TODO: check
+CVE-2009-3880 (The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in ...)
+ TODO: check
+CVE-2009-3879 (Multiple unspecified vulnerabilities in the (1) X11 and (2) ...)
+ TODO: check
CVE-2009-3878 (Buffer overflow in Sun Java System Web Server 7.0 Update 6 has ...)
TODO: check
CVE-2009-3877 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before ...)
@@ -306,7 +344,7 @@
CVE-2009-3767 (libraries/libldap/tls_o.c in OpenLDAP, when OpenSSL is used, does not ...)
- openldap 2.4.17-2.1 (medium; bug #553432)
- openldap2.3 <removed>
-CVE-2009-3766 (mutt_ssl.c in mutt 1.5.16, when OpenSSL is used, does not verify the ...)
+CVE-2009-3766 (mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when ...)
- mutt <not-affected> (uses GnuTLS and not OpenSSL)
NOTE: our mutt is linked against gnutls, bug #553433
CVE-2009-3765 (mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not ...)
@@ -384,17 +422,16 @@
RESERVED
CVE-2009-3730 (Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help ...)
NOT-FOR-US: ReqWeb
-CVE-2009-3729
- RESERVED
-CVE-2009-3728
- RESERVED
+CVE-2009-3729 (Unspecified vulnerability in the TrueType font parsing functionality ...)
+ TODO: check
+CVE-2009-3728 (Directory traversal vulnerability in the ICC_Profile.getInstance ...)
+ TODO: check
CVE-2009-3727 [asterisk AST-2009-008]
RESERVED
- asterisk <unfixed>
[lenny] - asterisk <no-dsa> (Minor issue)
[etch] - asterisk <no-dsa> (Minor issue)
-CVE-2009-3726 [linux-2.6: null ptr dereference in nfs4]
- RESERVED
+CVE-2009-3726 (The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client ...)
- linux-2.6 2.6.31-1 (medium)
- linux-2.6.24 <removed> (medium)
CVE-2009-3725 (The connector layer in the Linux kernel before 2.6.31.5 does not ...)
@@ -518,7 +555,7 @@
{DSA-1918-1}
- phpmyadmin 4:3.2.2.1-1
CVE-2009-3610
- RESERVED
+ REJECTED
CVE-2009-3695 (Algorithmic complexity vulnerability in the forms library in Django ...)
{DSA-1905-1}
- python-django 1.1.1-1 (medium; bug #550457)
@@ -712,10 +749,10 @@
{DSA-1928-1 DSA-1927-1}
- linux-2.6 <unfixed> (medium)
- linux-2.6.24 <removed> (medium)
-CVE-2009-3619
- RESERVED
-CVE-2009-3618
- RESERVED
+CVE-2009-3619 (Unspecified vulnerability in ViewVC 1.0 before 1.0.9 and 1.1 before ...)
+ TODO: check
+CVE-2009-3618 (Cross-site scripting (XSS) vulnerability in viewvc.py in ViewVC 1.0 ...)
+ TODO: check
CVE-2009-3617 (Format string vulnerability in the AbstractCommand::onAbort function ...)
- aria2 1.6.2-1 (low)
CVE-2009-3616 (Multiple use-after-free vulnerabilities in vnc.c in the VNC server in ...)
@@ -887,8 +924,7 @@
RESERVED
CVE-2009-3556
RESERVED
-CVE-2009-3555 [TLS/SSL renegotiation prefix injection vulnerability]
- RESERVED
+CVE-2009-3555 (The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as ...)
- openssl <unfixed>
- openssl097 <removed>
- gnutls26 <unfixed>
@@ -4582,7 +4618,7 @@
- xulrunner 1.9.0.12-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-2463 (Integer overflow in a base64 decoding function in Mozilla Firefox ...)
- {DSA-1931-1 DSA-1840-1}
+ {DSA-1931-1}
- nspr 4.8.2-1
[etch] - nspr <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-2462 (The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird ...)
@@ -37721,6 +37757,7 @@
CVE-2007-2757 (Multiple cross-site scripting (XSS) vulnerabilities in Redoable 1.2 ...)
NOT-FOR-US: Redoable
CVE-2007-2756 (The gdPngReadData function in libgd 2.0.34 allows user-assisted ...)
+ {DSA-1613-1}
- libgd2 2.0.35.dfsg-1 (bug #426100; bug #426099; bug #425584; low)
[etch] - libgd <no-dsa> (Minor issue)
[sarge] - libgd <no-dsa> (Minor issue)
More information about the Secure-testing-commits
mailing list