[Secure-testing-commits] r12920 - data/CVE

Joey Hess joeyh at alioth.debian.org
Fri Oct 2 21:14:16 UTC 2009 

Author: joeyh
Date: 2009-10-02 21:14:16 +0000 (Fri, 02 Oct 2009)
New Revision: 12920

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-10-02 19:10:16 UTC (rev 12919)
+++ data/CVE/list	2009-10-02 21:14:16 UTC (rev 12920)
@@ -1,40 +1,42 @@
-CVE-2009-3524
+CVE-2009-3525
+	RESERVED
+CVE-2009-3524 (Unspecified vulnerability in ashWsFtr.dll in avast! Home and ...)
 	NOT-FOR-US: avast! Home and Professional
-CVE-2009-3523
+CVE-2009-3523 (aavmKer4.sys in avast! Home and Professional for Windows before ...)
 	NOT-FOR-US: avast! Home and Professional
-CVE-2009-3522
+CVE-2009-3522 (Stack-based buffer overflow in aswMon2.sys in avast! Home and ...)
 	NOT-FOR-US: avast! Home and Professional
-CVE-2009-3521
+CVE-2009-3521 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
 	NOT-FOR-US: WebSphere
-CVE-2009-3520
+CVE-2009-3520 (Cross-site request forgery (CSRF) vulnerability in the Your_account ...)
 	NOT-FOR-US: CMSphp
-CVE-2009-3519
+CVE-2009-3519 (Multiple memory leaks in the IP module in the kernel in Sun Solaris 8 ...)
 	NOT-FOR-US: Sun Solaris
-CVE-2009-3518
+CVE-2009-3518 (Argument injection vulnerability in the iim: URI handler in IBMIM.exe ...)
 	NOT-FOR-US: IBM Installation Manager
-CVE-2009-3517
+CVE-2009-3517 (nfs.ext in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does ...)
 	NOT-FOR-US: IBM AIX
-CVE-2009-3516
+CVE-2009-3516 (gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not ...)
 	NOT-FOR-US: IBM AIX
-CVE-2009-3515
+CVE-2009-3515 (Directory traversal vulnerability in dnet_admin/index.php in d.net CMS ...)
 	NOT-FOR-US: d.net CMS
-CVE-2009-3514
+CVE-2009-3514 (Multiple SQL injection vulnerabilities in d.net CMS allow remote ...)
 	NOT-FOR-US: d.net CMS
-CVE-2009-3513
+CVE-2009-3513 (Multiple cross-site scripting (XSS) vulnerabilities in Pilot Group ...)
 	NOT-FOR-US: Pilot Group (PG) eTraining
-CVE-2009-3512
+CVE-2009-3512 (Multiple cross-site scripting (XSS) vulnerabilities in MyWeight 1.0 ...)
 	NOT-FOR-US: MyWeight
-CVE-2009-3511
+CVE-2009-3511 (Multiple PHP remote file inclusion vulnerabilities in justVisual 1.2 ...)
 	NOT-FOR-US: justVisual
-CVE-2009-3510
+CVE-2009-3510 (SQL injection vulnerability in viewListing.php in linkSpheric 0.74 ...)
 	NOT-FOR-US: linkSpheric
-CVE-2009-3509
+CVE-2009-3509 (Cross-site scripting (XSS) vulnerability in admin/admin_index.php in ...)
 	NOT-FOR-US: CJ Dynamic Poll PRO
-CVE-2009-3508
+CVE-2009-3508 (Multiple directory traversal vulnerabilities in MUJE CMS 1.0.4.34 ...)
 	NOT-FOR-US: MUJE CMS
-CVE-2009-3507
+CVE-2009-3507 (Directory traversal vulnerability in modules.php in CMSphp 0.21 allows ...)
 	NOT-FOR-US: CMSphp
-CVE-2009-3506
+CVE-2009-3506 (Multiple cross-site scripting (XSS) vulnerabilities in CMSphp 0.21 ...)
 	NOT-FOR-US: CMSphp
 CVE-2009-3505 (SQL injection vulnerability in view_news.php in Vastal I-Tech MMORPG ...)
 	NOT-FOR-US: Vastal I-Tech MMORPG Zone
@@ -887,16 +889,19 @@
 	[lenny] - pam <not-affected> (pam-auth-update not yet present)
 	[etch] - pam <not-affected> (pam-auth-update not yet present)
 CVE-2009-3229 (The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before ...)
+	{DSA-1900-1}
 	- postgresql-8.4 8.4.1-1
 	- postgresql-8.3 8.3.8-1
 	- postgresql-8.1 <not-affected>
 	- postgresql-7.4 <not-affected>
 CVE-2009-3230 (The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before ...)
+	{DSA-1900-1}
 	- postgresql-8.4 8.4.1-1
 	- postgresql-8.3 8.3.8-1
 	- postgresql-8.1 <removed>
 	- postgresql-7.4 <removed>
 CVE-2009-3231 (The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 ...)
+	{DSA-1900-1}
 	- postgresql-8.4 8.4.1-1
 	- postgresql-8.3 8.3.8-1
 	- postgresql-8.1 <not-affected>
@@ -1216,7 +1221,7 @@
 	NOT-FOR-US: ActiveX
 CVE-2008-7167 (Unrestricted file upload vulnerability in upload.php in Page Manager ...)
 	NOT-FOR-US: Page Manager
-CVE-2009-3068 (Unspecified vulnerability in Adobe RoboHelp Server 8 might allow ...)
+CVE-2009-3068 (Unrestricted file upload vulnerability in the RoboHelpServer Servlet ...)
 	NOT-FOR-US: Adobe RoboHelp Server
 CVE-2009-3067 (Cross-site scripting (XSS) vulnerability in index.php in Reservation ...)
 	NOT-FOR-US: Reservation Manager
@@ -1911,8 +1916,7 @@
 CVE-2009-2905 (Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6, and ...)
 	{DSA-1894-1}
 	- newt <unfixed> (medium; bug #548198)
-CVE-2009-2904
-	RESERVED
+CVE-2009-2904 (A certain Red Hat modification to the ChrootDirectory feature in ...)
 	- openssh <not-affected> (issue with homechroot patch specific to Red Hat)
 CVE-2009-2903 (Memory leak in the appletalk subsystem in the Linux kernel 2.4.x ...)
 	- linux-2.6 <unfixed> (low)
@@ -2855,6 +2859,7 @@
 	- xulrunner 1.9.0.13-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
 CVE-2009-2661 (The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before ...)
+	{DSA-1899-1}
 	- strongswan 4.3.2-1.1 (bug #540144)
 CVE-2009-2660 (Multiple integer overflows in CamlImages 2.2 might allow ...)
 	{DSA-1857-1}
@@ -4229,6 +4234,7 @@
 CVE-2009-2186 (Unspecified vulnerability in Adobe Shockwave Player before 11.0.0.465 ...)
 	NOT-FOR-US: Adobe Shockwave Playe
 CVE-2009-2185 (The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, ...)
+	{DSA-1899-1 DSA-1898-1}
 	- strongswan 4.2.14-1.2 (bug #533837)
 	- openswan 1:2.6.22+dfsg-1
 CVE-2009-XXXX [request-tracker: root priviledges for dialog]
@@ -5102,9 +5108,11 @@
 CVE-2003-1572 (Sun Java Media Framework (JMF) 2.1.1 through 2.1.1c allows unsigned ...)
 	NOT-FOR-US: Historic issues in proprietary Java
 CVE-2009-1957 (charon/sa/ike_sa.c in the charon daemon in strongSWAN before 4.3.1 ...)
+	{DSA-1899-1}
 	- strongswan 4.2.14-1.1 (medium; bug #531612)
 	[etch] - strongswan <not-affected> (Vulnerable code not present, IKEv2 was introduced in 4.3)
 CVE-2009-1958 (charon/sa/tasks/child_create.c in the charon daemon in strongSWAN ...)
+	{DSA-1899-1}
 	- strongswan 4.2.14-1.1 (medium; bug #531612)
 	[etch] - strongswan <not-affected> (Vulnerable code not present, IKEv2 was introduced in 4.3)
 CVE-2009-1841 (js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before ...)
@@ -11213,7 +11221,7 @@
 	NOT-FOR-US: AREVA e-terrahabitat
 CVE-2009-0210 (Buffer overflow in the MLF application in AREVA e-terrahabitat 5.7 and ...)
 	NOT-FOR-US: AREVA e-terrahabitat
-CVE-2009-0209
+CVE-2009-0209 (PI Server in OSIsoft PI System before 3.4.380.x does not properly use ...)
 	NOT-FOR-US: OSIsoft PI System
 CVE-2009-0208 (Unspecified vulnerability in HP Virtual Rooms Client before 7.0.1, ...)
 	NOT-FOR-US: HP Virtual Rooms Client

More information about the Secure-testing-commits mailing list