[Secure-testing-commits] r13099 - data/CVE

Joey Hess joeyh at alioth.debian.org
Mon Oct 26 21:14:23 UTC 2009 

Author: joeyh
Date: 2009-10-26 21:14:23 +0000 (Mon, 26 Oct 2009)
New Revision: 13099

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-10-26 19:41:30 UTC (rev 13098)
+++ data/CVE/list	2009-10-26 21:14:23 UTC (rev 13099)
@@ -1,3 +1,37 @@
+CVE-2009-3777
+	RESERVED
+CVE-2009-3776
+	RESERVED
+CVE-2009-3775
+	RESERVED
+CVE-2009-3774
+	RESERVED
+CVE-2009-3773
+	RESERVED
+CVE-2009-3772
+	RESERVED
+CVE-2009-3771
+	RESERVED
+CVE-2009-3770
+	RESERVED
+CVE-2009-3769
+	RESERVED
+CVE-2009-3768
+	RESERVED
+CVE-2009-3767 (libraries/libldap/tls_o.c in OpenLDAP, when OpenSSL is used, does not ...)
+	TODO: check
+CVE-2009-3766 (mutt_ssl.c in mutt 1.5.16, when OpenSSL is used, does not verify the ...)
+	TODO: check
+CVE-2009-3765 (mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not ...)
+	TODO: check
+CVE-2009-3764
+	RESERVED
+CVE-2009-3763
+	RESERVED
+CVE-2009-3762
+	RESERVED
+CVE-2009-3761
+	RESERVED
 CVE-2009-3760 (Static code injection vulnerability in config/writeconfig.php in the ...)
 	NOT-FOR-US: Citrix XenCenterWeb
 CVE-2009-3759 (Multiple cross-site request forgery (CSRF) vulnerabilities in sample ...)
@@ -306,8 +340,7 @@
 	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31)
 	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.31)
 	NOTE: fixed upstream in 2.6.32-rc1
-CVE-2009-3622 [wordpress: Trackback DoS]
-	RESERVED
+CVE-2009-3622 (Algorithmic complexity vulnerability in wp-trackback.php in WordPress ...)
 	- wordpress 2.8.5-1
 	[lenny] - wordpress <no-dsa> (Minor issue)
 	[etch] - wordpress <no-dsa> (Minor issue)
@@ -324,8 +357,8 @@
 	RESERVED
 CVE-2009-3617 (Format string vulnerability in the AbstractCommand::onAbort function ...)
 	- aria2 1.6.2-1 (low)
-CVE-2009-3616
-	RESERVED
+CVE-2009-3616 (Multiple use-after-free vulnerabilities in vnc.c in the VNC server in ...)
+	TODO: check
 CVE-2009-3615 (The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and ...)
 	- pidgin 2.6.3-1
 	NOTE: http://pidgin.im/news/security/?id=41
@@ -4636,8 +4669,7 @@
 	RESERVED
 CVE-2009-2266 (OXID eShop 4.x before 4.1.4-21266, 3.x, and 2.x allows remote ...)
 	NOT-FOR-US: OXID eShop
-CVE-2009-2281 [Heap-based buffer underflow in the readPostBody function in cgiutil.c ...]
-	RESERVED
+CVE-2009-2281 (Multiple heap-based buffer underflows in the readPostBody function in ...)
 	{DSA-1914-1}
 	- mapserver 5.4.2-1 (medium; bug #535340)
 	NOTE: http://www.openwall.com/lists/oss-security/2009/06/22/2
@@ -7387,8 +7419,7 @@
 	RESERVED
 CVE-2009-1298
 	RESERVED
-CVE-2009-1297
-	RESERVED
+CVE-2009-1297 (iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and ...)
 	- open-iscsi <unfixed> (low; bug filed)
 	[lenny] - open-iscsi <no-dsa> (Minor issue)
 	[etch] - open-iscsi <not-affected> (Vulnerable script not yet present)

More information about the Secure-testing-commits mailing list