[Secure-testing-commits] r13304 - data/CVE

Joey Hess joeyh at alioth.debian.org
Tue Nov 17 21:14:26 UTC 2009 

Author: joeyh
Date: 2009-11-17 21:14:24 +0000 (Tue, 17 Nov 2009)
New Revision: 13304

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-11-17 18:35:24 UTC (rev 13303)
+++ data/CVE/list	2009-11-17 21:14:24 UTC (rev 13304)
@@ -1,3 +1,47 @@
+CVE-2009-3960
+	RESERVED
+CVE-2009-3959
+	RESERVED
+CVE-2009-3958
+	RESERVED
+CVE-2009-3957
+	RESERVED
+CVE-2009-3956
+	RESERVED
+CVE-2009-3955
+	RESERVED
+CVE-2009-3954
+	RESERVED
+CVE-2009-3953
+	RESERVED
+CVE-2009-3952
+	RESERVED
+CVE-2009-3951
+	RESERVED
+CVE-2009-3950 (Multiple cross-site scripting (XSS) vulnerabilities in Bractus ...)
+	TODO: check
+CVE-2009-3949 (cp/profile.php in VivaPrograms Infinity 2.0.5 and earlier does not ...)
+	TODO: check
+CVE-2009-3948 (JetAudio 7.5.3 COWON Media Center allows remote attackers to cause a ...)
+	TODO: check
+CVE-2009-3947 (Buffer overflow in the FTP service on the Tandberg MXP F7.0 allows ...)
+	TODO: check
+CVE-2009-3946 (Joomla! before 1.5.15 allows remote attackers to read an extension's ...)
+	TODO: check
+CVE-2009-3945 (Unspecified vulnerability in the Front-End Editor in the com_content ...)
+	TODO: check
+CVE-2009-3944 (Research In Motion (RIM) BlackBerry Browser on the BlackBerry 8800 ...)
+	TODO: check
+CVE-2009-3943 (Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through ...)
+	TODO: check
+CVE-2009-3942 (Martin Lambers msmtp before 1.4.19, when OpenSSL is used, does not ...)
+	TODO: check
+CVE-2009-3941 (Martin Lambers mpop before 1.0.19, when OpenSSL is used, does not ...)
+	TODO: check
+CVE-2009-3940 (Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox ...)
+	TODO: check
+CVE-2009-3939 (The poll_mode_io file for the megaraid_sas driver in the Linux kernel ...)
+	TODO: check
 CVE-2009-XXXX [kernel memory corruption in kvm_vcpu_ioctl_x86_setup_mce]
 	- linux-2.6 <unfixed>
 	- kvm <unfixed>
@@ -114,10 +158,10 @@
 	RESERVED
 CVE-2009-3890
 	RESERVED
-CVE-2009-3889
-	RESERVED
-CVE-2009-3888
-	RESERVED
+CVE-2009-3889 (The dbg_lvl file for the megaraid_sas driver in the Linux kernel ...)
+	TODO: check
+CVE-2009-3888 (The do_mmap_pgoff function in mm/nommu.c in the Linux kernel before ...)
+	TODO: check
 CVE-2009-3887
 	RESERVED
 CVE-2009-3886 (The Java Web Start implementation in Sun Java SE 6 before Update 17 ...)
@@ -184,7 +228,7 @@
 	NOT-FOR-US: IBM Tivoli Storage Manager
 CVE-2009-3854 (Buffer overflow in the traditional client scheduler in the client in ...)
 	NOT-FOR-US: IBM Tivoli Storage Manager
-CVE-2009-3853 (Buffer overflow in the client acceptor daemon (CAD) scheduler in the ...)
+CVE-2009-3853 (Stack-based buffer overflow in the client acceptor daemon (CAD) ...)
 	NOT-FOR-US: IBM Tivoli Storage Manager
 CVE-2009-3852 (Unspecified vulnerability in the XML component in IBM Runtimes for ...)
 	NOT-FOR-US: IBM Runtimes for Java Technology 5.0.0 
@@ -3405,7 +3449,7 @@
 	TODO: check
 CVE-2009-2817 (Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers ...)
 	NOT-FOR-US: Apple iTunes
-CVE-2009-2816 (WebKit in Apple Safari before 4.0.4 includes certain custom HTTP ...)
+CVE-2009-2816 (WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before ...)
 	TODO: check
 CVE-2009-2815 (The Telephony component in Apple iPhone OS before 3.1 does not ...)
 	NOT-FOR-US: Apple iPhone OS
@@ -3656,8 +3700,8 @@
 	RESERVED
 CVE-2009-2747
 	RESERVED
-CVE-2009-2746
-	RESERVED
+CVE-2009-2746 (Cross-site request forgery (CSRF) vulnerability in the administrative ...)
+	TODO: check
 CVE-2009-2745
 	RESERVED
 CVE-2009-2744 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) ...)
@@ -3758,6 +3802,7 @@
 CVE-2009-2731
 	RESERVED
 CVE-2009-2730 (libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' ...)
+	{DSA-1935-1}
 	- gnutls26 2.8.3-1 (low; bug #541439)
 	- gnutls13 <removed>
 CVE-2009-2729
@@ -4868,7 +4913,7 @@
 CVE-2009-2410 (The local_handler_callback function in ...)
 	NOT-FOR-US: sssd
 CVE-2009-2409 (The Network Security Services (NSS) library before 3.12.3, as used in ...)
-	{DSA-1888-1 DSA-1874-1}
+	{DSA-1935-1 DSA-1888-1 DSA-1874-1}
 	- nss 3.12.3-1 (low; bug #539895)
 	- openssl 0.9.8k-4 (low; bug #539899)
 	- gnutls26 2.4.2-5 (low; bug #539901)
@@ -15664,7 +15709,7 @@
 CVE-2008-4827 (Multiple heap-based buffer overflows in the AddTab method in the (1) ...)
 	NOT-FOR-US: ComponentOne SizerOne
 CVE-2008-4826
-	RESERVED
+	REJECTED
 CVE-2008-4825 (Multiple buffer overflows in UltraISO 9.3.1.2633, and possibly other ...)
 	NOT-FOR-US: UltraISO
 CVE-2008-4824 (Multiple unspecified vulnerabilities in Adobe Flash Player 10.x before ...)

More information about the Secure-testing-commits mailing list