[Secure-testing-commits] r13365 - data/CVE

Joey Hess joeyh at alioth.debian.org
Tue Nov 24 09:14:23 UTC 2009 

Author: joeyh
Date: 2009-11-24 09:14:23 +0000 (Tue, 24 Nov 2009)
New Revision: 13365

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-11-24 05:46:19 UTC (rev 13364)
+++ data/CVE/list	2009-11-24 09:14:23 UTC (rev 13365)
@@ -182,20 +182,23 @@
 CVE-2009-3964 (SQL injection vulnerability in the NinjaMonials (com_ninjacentral) ...)
 	NOT-FOR-US: component for Joomla!
 CVE-2009-3898 [ngingx webdav directory traversal]
+	RESERVED
 	- nginx 0.7.63-1 (low; bug #557389)
 	[etch] - nginx <no-dsa> (upload rights required)
 	[lenny] - nginx <no-dsa> (upload rights required)
 CVE-2009-3897 [dovecot 0777 base_dir creation]
+	RESERVED
 	- dovecot <unfixed> (medium; bug #557601)
 	[lenny] - dovecot <not-affected> (Only affects 1.2.x)
 	[etch] - dovecot <not-affected> (Only affects 1.2.x)
 	NOTE: http://www.dovecot.org/list/dovecot-news/2009-November/000143.html, CVE requested on oss-sec
 CVE-2009-4017 [php temporary files exhaustion DoS]
+	RESERVED
 	- php5 5.2.11.dfsg.1-2 (medium)
 	- php4 <unfixed> (medium)
 	NOTE: workarounds include using 5.3.1 or php5-suhosin
 	NOTE: 4B068517.802 at acunetix.com on bugtraq explains it
-CVE-2009-3080 [array indexing error in gdth_read_event() in drivers/scsi/gdth.c]
+CVE-2009-3080 (Array index error in the gdth_read_event function in ...)
 	- linux-2.6 <unfixed> (medium)
 	- linux-2.6.24 <removed> (medium)
 	NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=690e744869f3262855b83b4fb59199cf142765b0
@@ -2918,6 +2921,7 @@
 CVE-2009-3008 (K-Meleon 1.5.3 allows context-dependent attackers to spoof the address ...)
 	NOT-FOR-US: K-Meleon	
 CVE-2009-3007 (Mozilla Firefox 3.5.1 and SeaMonkey 1.1.17, and Flock 2.5.1, allow ...)
+	{DSA-1922-1}
 	- xulrunner 1.9.1.3-3 (low)
 	- iceape 2.0-1 (low)
 	- webkit <not-affected> (proof-of-concept did not work)
@@ -38926,14 +38930,14 @@
 CVE-2007-2385 (The Yahoo! UI framework exchanges data using JavaScript Object ...)
 	- yui <unfixed> (low; bug #557745)
 	[lenny] - yui <no-dsa> (minor issue)
-        - bcfg2 <not-affected> (present in source but not included in any binary files)
-        - serendipity <unfixed> (low; bug #557746)
+	- bcfg2 <not-affected> (present in source but not included in any binary files)
+	- serendipity <unfixed> (low; bug #557746)
 	[etch] - serendipity <no-dsa> (minor issue)
 	[lenny] - serendipity <no-dsa> (minor issue)
-        - moodle <not-affected> (uses system libjs-yui)
-        - jifty <unfixed> (low; bug #557748)
-        - webgui <not-affected> (uses system libjs-yui)
-        - loggerhead <not-affected> (uses system libjs-yui)
+	- moodle <not-affected> (uses system libjs-yui)
+	- jifty <unfixed> (low; bug #557748)
+	- webgui <not-affected> (uses system libjs-yui)
+	- loggerhead <not-affected> (uses system libjs-yui)
 	NOTE: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
 	NOTE: This allows to steal data from affected websites. Therefore web applications should
 	NOTE: only be considered vunerabile if they process confidential data.

More information about the Secure-testing-commits mailing list