[Secure-testing-commits] r13017 - data/CVE
Joey Hess
joeyh at alioth.debian.org
Wed Oct 14 21:14:17 UTC 2009
Author: joeyh
Date: 2009-10-14 21:14:17 +0000 (Wed, 14 Oct 2009)
New Revision: 13017
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-10-14 10:31:03 UTC (rev 13016)
+++ data/CVE/list 2009-10-14 21:14:17 UTC (rev 13017)
@@ -1,6 +1,10 @@
+CVE-2009-3698 (An unspecified function in the Dalvik API in Android 1.5 and earlier ...)
+ TODO: check
CVE-2009-3697 [phpMyAdmin XSS/SQL inj PMASA-2009-6]
+ RESERVED
- phpmyadmin 4:3.2.2.1-1
CVE-2009-3696 [phpMyAdmin XSS/SQL inj PMASA-2009-6]
+ RESERVED
- phpmyadmin 4:3.2.2.1-1
CVE-2009-3610
RESERVED
@@ -536,7 +540,8 @@
- chromium-browser <itp> (bug #520324)
CVE-2009-3455 (Apple Safari, possibly before 4.0.3, on Mac OS X does not properly ...)
NOT-FOR-US: Apple Safari
-CVE-2009-3454 (Microsoft Internet Explorer does not properly handle a '\0' character ...)
+CVE-2009-3454
+ REJECTED
NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-3453 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus ...)
NOT-FOR-US: IBM Lotus Quickr
@@ -1350,8 +1355,8 @@
RESERVED
CVE-2009-3127
RESERVED
-CVE-2009-3126
- RESERVED
+CVE-2009-3126 (Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows ...)
+ TODO: check
CVE-2009-3162 (Cross-site scripting (XSS) vulnerability in Multi Website 1.5 allows ...)
NOT-FOR-US: Multi Website
CVE-2009-3161 (The server in IBM WebSphere MQ 7.0.0.1, 7.0.0.2, and 7.0.1.0 allows ...)
@@ -1469,7 +1474,7 @@
NOT-FOR-US: IBM Lotus iNotes
CVE-2009-3104 (Unspecified vulnerability in Symantec Norton AntiVirus 2005 through ...)
NOT-FOR-US: Symantec Norton AntiVirus
-CVE-2009-3103 (Array index error in the SMB2 protocol implementation in srv2.sys in ...)
+CVE-2009-3103 (Array index error in the SMBv2 protocol implementation in srv2.sys in ...)
NOT-FOR-US: Microsoft
CVE-2009-3102 (The doHotCopy subroutine in socket-server.pl in Zmanda Recovery ...)
NOT-FOR-US: Zmanda Recovery Manager
@@ -1795,7 +1800,7 @@
- libio-socket-ssl-perl 1.30-1
[lenny] - libio-socket-ssl-perl 1.16-1+lenny1
[etch] - libio-socket-ssl-perl <not-affected> (Affected functionality introduced in 1.14)
-CVE-2009-3023 (Buffer overflow in the FTP server in Microsoft Internet Information ...)
+CVE-2009-3023 (Buffer overflow in the FTP Service in Microsoft Internet Information ...)
NOT-FOR-US: Microsoft IIS
CVE-2009-3022 (Cross-site request forgery (CSRF) vulnerability in bingo!CMS 1.2 and ...)
NOT-FOR-US: bingo!CMS
@@ -1908,8 +1913,8 @@
NOT-FOR-US: Carmosa phpCart
CVE-2008-7107 (easdrv.sys in ESET Smart Security 3.0.667.0 allows local users to ...)
NOT-FOR-US: ESET Smart Security
-CVE-2009-2999
- RESERVED
+CVE-2009-2999 (The com.android.phone process in Android 1.5 CRBxx allows remote ...)
+ TODO: check
CVE-2009-XXXX [serveez: buffer overflow in header parser]
- serveez <removed> (low)
[lenny] - serveez <no-dsa> (Fringe package, mostly unused)
@@ -3644,78 +3649,78 @@
NOT-FOR-US: RealNetworks Helix Server and Helix Mobile Server
CVE-2009-2533 (rmserver in RealNetworks Helix Server and Helix Mobile Server before ...)
NOT-FOR-US: RealNetworks Helix Server and Helix Mobile Server
-CVE-2009-2532
- RESERVED
-CVE-2009-2531
- RESERVED
-CVE-2009-2530
- RESERVED
-CVE-2009-2529
- RESERVED
-CVE-2009-2528
- RESERVED
-CVE-2009-2527
- RESERVED
-CVE-2009-2526
- RESERVED
-CVE-2009-2525
- RESERVED
-CVE-2009-2524
- RESERVED
+CVE-2009-2532 (Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold ...)
+ TODO: check
+CVE-2009-2531 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly ...)
+ TODO: check
+CVE-2009-2530 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly ...)
+ TODO: check
+CVE-2009-2529 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not ...)
+ TODO: check
+CVE-2009-2528 (GDI+ in Microsoft Office XP SP3 does not properly handle malformed ...)
+ TODO: check
+CVE-2009-2527 (Heap-based buffer overflow in Microsoft Windows Media Player 6.4 ...)
+ TODO: check
+CVE-2009-2526 (Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and ...)
+ TODO: check
+CVE-2009-2525 (Microsoft Windows Media Runtime, as used in DirectShow WMA Voice ...)
+ TODO: check
+CVE-2009-2524 (Integer underflow in the NTLM authentication feature in the Local ...)
+ TODO: check
CVE-2009-2523
RESERVED
CVE-2009-2522
RESERVED
-CVE-2009-2521 (Stack consumption vulnerability in the FTP server in Microsoft ...)
+CVE-2009-2521 (Stack consumption vulnerability in the FTP Service in Microsoft ...)
NOT-FOR-US: Microsoft Internet Information Server
CVE-2009-2520
RESERVED
CVE-2009-2519 (The DHTML Editing Component ActiveX control in Microsoft Windows 2000 ...)
NOT-FOR-US: Microsoft Windows
-CVE-2009-2518
- RESERVED
-CVE-2009-2517
- RESERVED
-CVE-2009-2516
- RESERVED
-CVE-2009-2515
- RESERVED
+CVE-2009-2518 (Integer overflow in GDI+ in Microsoft Office XP SP3 allows remote ...)
+ TODO: check
+CVE-2009-2517 (The kernel in Microsoft Windows Server 2003 SP2 does not properly ...)
+ TODO: check
+CVE-2009-2516 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...)
+ TODO: check
+CVE-2009-2515 (Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 ...)
+ TODO: check
CVE-2009-2514
RESERVED
CVE-2009-2513
RESERVED
CVE-2009-2512
RESERVED
-CVE-2009-2511
- RESERVED
-CVE-2009-2510
- RESERVED
+CVE-2009-2511 (Integer overflow in the CryptoAPI component in Microsoft Windows 2000 ...)
+ TODO: check
+CVE-2009-2510 (The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 ...)
+ TODO: check
CVE-2009-2509
RESERVED
CVE-2009-2508
RESERVED
-CVE-2009-2507
- RESERVED
+CVE-2009-2507 (A certain ActiveX control in the Indexing Service in Microsoft Windows ...)
+ TODO: check
CVE-2009-2506
RESERVED
CVE-2009-2505
RESERVED
-CVE-2009-2504
- RESERVED
-CVE-2009-2503
- RESERVED
-CVE-2009-2502
- RESERVED
-CVE-2009-2501
- RESERVED
-CVE-2009-2500
- RESERVED
+CVE-2009-2504 (Multiple integer overflows in unspecified APIs in GDI+ in Microsoft ...)
+ TODO: check
+CVE-2009-2503 (GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, ...)
+ TODO: check
+CVE-2009-2502 (Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows ...)
+ TODO: check
+CVE-2009-2501 (Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 ...)
+ TODO: check
+CVE-2009-2500 (Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows ...)
+ TODO: check
CVE-2009-2499 (Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft ...)
NOT-FOR-US: Microsoft Windows Media Format Runtime
CVE-2009-2498 (Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows ...)
NOT-FOR-US: Microsoft Windows Media Format Runtime
-CVE-2009-2497
- RESERVED
+CVE-2009-2497 (The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 ...)
+ TODO: check
CVE-2009-2496 (Heap-based buffer overflow in the Office Web Components ActiveX ...)
NOT-FOR-US: Microsoft Office XP
CVE-2009-2495 (The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 ...)
@@ -6343,8 +6348,8 @@
NOTE: adding this reference to track the fact that this has already been addressed by debian security
NOTE: fixed over a year ago in debian; but fedora finally got around to addressing the issue recently
NOTE: FEDORA-2009-3639 (http://lwn.net/Articles/331605)
-CVE-2009-1547
- RESERVED
+CVE-2009-1547 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, ...)
+ TODO: check
CVE-2009-1546 (Integer overflow in Avifil32.dll in the Windows Media file handling ...)
NOT-FOR-US: Microsoft Windows
CVE-2009-1545 (Unspecified vulnerability in Avifil32.dll in the Windows Media file ...)
@@ -10300,8 +10305,8 @@
NOT-FOR-US: Microsoft
CVE-2009-0556 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and ...)
NOT-FOR-US: Microsoft Office
-CVE-2009-0555
- RESERVED
+CVE-2009-0555 (Microsoft Windows Media Runtime, as used in DirectShow WMA Voice ...)
+ TODO: check
CVE-2009-0554 (Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-0553 (Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, ...)
@@ -12036,10 +12041,10 @@
NOT-FOR-US: Microsoft Windows
CVE-2009-0092
RESERVED
-CVE-2009-0091
- RESERVED
-CVE-2009-0090
- RESERVED
+CVE-2009-0091 (Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly ...)
+ TODO: check
+CVE-2009-0090 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not ...)
+ TODO: check
CVE-2009-0089 (Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP ...)
NOT-FOR-US: Microsoft Windows
CVE-2009-0088 (The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft ...)
More information about the Secure-testing-commits
mailing list