[Secure-testing-commits] r13377 - data/CVE

Joey Hess joeyh at alioth.debian.org
Wed Nov 25 21:14:16 UTC 2009 

Author: joeyh
Date: 2009-11-25 21:14:16 +0000 (Wed, 25 Nov 2009)
New Revision: 13377

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-11-25 19:14:43 UTC (rev 13376)
+++ data/CVE/list	2009-11-25 21:14:16 UTC (rev 13377)
@@ -1,3 +1,17 @@
+CVE-2009-4073 (The printing functionality in Microsoft Internet Explorer 8 allows ...)
+	TODO: check
+CVE-2009-4072 (Unspecified vulnerability in Opera before 10.10 has unknown impact and ...)
+	TODO: check
+CVE-2009-4071 (Opera before 10.10, when exception stacktraces are enabled, places ...)
+	TODO: check
+CVE-2009-4070 (SQL injection vulnerability in GForge 4.5.14, 4.7.3, and possibly ...)
+	TODO: check
+CVE-2009-4069 (Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5.14, ...)
+	TODO: check
+CVE-2009-4068
+	RESERVED
+CVE-2009-4067
+	RESERVED
 CVE-2009-4066 (Multiple cross-site request forgery (CSRF) vulnerabilities in the "My ...)
 	TODO: check
 CVE-2009-4065 (Cross-site scripting (XSS) vulnerability in the settings page in the ...)
@@ -231,13 +245,11 @@
 	NOT-FOR-US: New 5 star Rating
 CVE-2009-3964 (SQL injection vulnerability in the NinjaMonials (com_ninjacentral) ...)
 	NOT-FOR-US: component for Joomla!
-CVE-2009-3898 [ngingx webdav directory traversal]
-	RESERVED
+CVE-2009-3898 (Directory traversal vulnerability in ...)
 	- nginx 0.7.63-1 (low; bug #557389)
 	[etch] - nginx <no-dsa> (upload rights required)
 	[lenny] - nginx <no-dsa> (upload rights required)
-CVE-2009-3897 [dovecot 0777 base_dir creation]
-	RESERVED
+CVE-2009-3897 (Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of ...)
 	- dovecot <unfixed> (medium; bug #557601)
 	[lenny] - dovecot <not-affected> (Only affects 1.2.x)
 	[etch] - dovecot <not-affected> (Only affects 1.2.x)
@@ -404,9 +416,9 @@
 	NOT-FOR-US: IBM PowerHA
 CVE-2009-3899 (Memory leak in the Sockets Direct Protocol (SDP) driver in Sun Solaris ...)
 	NOT-FOR-US: Sun Solaris
-CVE-2009-3896
-	RESERVED
+CVE-2009-3896 (src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through ...)
 	{DSA-1920-1}
+	TODO: check
 CVE-2009-3895 (Heap-based buffer overflow in the exif_entry_fix function (aka the tag ...)
 	- libexif 0.6.19-1 (medium; bug #557137)
 	[lenny] - libexif <not-affected> (Only 0.6.18 is affected)
@@ -1191,12 +1203,12 @@
 	RESERVED
 CVE-2009-3580
 	RESERVED
-CVE-2009-3578
-	RESERVED
-CVE-2009-3577
-	RESERVED
-CVE-2009-3576
-	RESERVED
+CVE-2009-3578 (Autodesk Maya 8.0, 8.5, 2008, 2009, and 2010 and Alias Wavefront Maya ...)
+	TODO: check
+CVE-2009-3577 (Autodesk 3D Studio Max (3DSMax) 6 through 9 and 2008 through 2010 ...)
+	TODO: check
+CVE-2009-3576 (Autodesk Softimage 7.x and Softimage XSI 6.x allow remote attackers to ...)
+	TODO: check
 CVE-2009-3575 (Buffer overflow in DHTRoutingTableDeserializer.cc in aria2 0.15.3, ...)
 	- aria2 1.2.0-1 (low; bug #551070)
 	[etch] - aria2 <not-affected> (Vulnerable code not present)
@@ -1902,8 +1914,7 @@
 	RESERVED
 CVE-2009-3304
 	RESERVED
-CVE-2009-3303 [gforge: XSS issue via helpname parameter]
-	RESERVED
+CVE-2009-3303 (Cross-site scripting (XSS) vulnerability in www/help/tracker.php in ...)
 	{DSA-1937-1}
 	- gforge 4.8.1-3 (low)
 CVE-2009-3302

More information about the Secure-testing-commits mailing list