[Secure-testing-commits] r13157 - data/CVE

Fri Oct 30 21:14:22 UTC 2009

Author: joeyh
Date: 2009-10-30 21:14:22 +0000 (Fri, 30 Oct 2009)
New Revision: 13157

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2009-10-30 17:45:19 UTC (rev 13156)
+++ data/CVE/list	2009-10-30 21:14:22 UTC (rev 13157)
@@ -432,8 +432,7 @@
 	NOT-FOR-US: FrontRange HEAT
 CVE-2009-3641 (Snort before 2.8.5.1, when the -v option is enabled, allows remote ...)
 	TODO: check
-CVE-2009-3640 [linux-2.6: kvm null ptr dereference]
-	RESERVED
+CVE-2009-3640 (The update_cr8_intercept function in arch/x86/kvm/x86.c in the KVM ...)
 	- linux-2.6 <unfixed> (medium)
 	[etch] - linux-2.6 <not-affected> (introduced in 2.6.25)
 	NOTE: fixed in upstream 2.6.32-rc1
@@ -442,8 +441,7 @@
 CVE-2009-3639 (The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before ...)
 	- proftpd-dfsg 1.3.2a-2 (low)
 	NOTE: http://bugs.proftpd.org/show_bug.cgi?id=3275
-CVE-2009-3638 [linux-2.6: integer overflow in kvm_dev_ioctl_get_supported_cpuid()]
-	RESERVED
+CVE-2009-3638 (Integer overflow in the kvm_dev_ioctl_get_supported_cpuid function in ...)
 	- linux-2.6 <unfixed> (medium)
 	[etch] - linux-2.6 <not-affected> (introduced in 2.6.25)
 	NOTE: fixed in upstream 2.6.32-rc4
@@ -479,13 +477,11 @@
 CVE-2009-3628 [typo3-sa-2009-016]
 	RESERVED
 	- typo3-src 4.2.10-1 (medium; bug #552020)
-CVE-2009-3627 ["decode_entities()" Denial of Service]
-	RESERVED
+CVE-2009-3627 (The decode_entities function in util.c in HTML-Parser before 3.63 ...)
 	{DSA-1923-1}
 	- libhtml-parser-perl 3.64-1 (bug #552531)
 	NOTE: http://secunia.com/advisories/37155/
-CVE-2009-3626 [perl utf8 DoS]
-	RESERVED
+CVE-2009-3626 (Perl 5.10.1 allows context-dependent attackers to cause a denial of ...)
 	- perl <unfixed> (bug #552291)
 	[lenny] - perl <not-affected> (Vulnerable code not present)
 	[etch] - perl <not-affected> (Vulnerable code not present)
@@ -1110,64 +1106,51 @@
 	RESERVED
 CVE-2009-3384
 	RESERVED
-CVE-2009-3383
-	RESERVED
+CVE-2009-3383 (Multiple unspecified vulnerabilities in the JavaScript engine in ...)
 	- xulrunner 1.9.1.4-1
 	[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
 	[etch] - xulrunner <not-affected> (Only affects Firefox 3.5)
-CVE-2009-3382
-	RESERVED
+CVE-2009-3382 (layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla ...)
 	{DSA-1922-1}
 	- xulrunner 1.9.1.4-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
-CVE-2009-3381
-	RESERVED
+CVE-2009-3381 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	- xulrunner 1.9.1.4-1
 	[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
 	[etch] - xulrunner <not-affected> (Only affects Firefox 3.5)
-CVE-2009-3380
-	RESERVED
+CVE-2009-3380 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	{DSA-1922-1}
 	- xulrunner 1.9.1.4-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
-CVE-2009-3379
-	RESERVED
+CVE-2009-3379 (Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla ...)
 	- libvorbis 1.2.3-1
-CVE-2009-3378
-	RESERVED
+CVE-2009-3378 (The oggplay_data_handle_theora_frame function in ...)
 	- liboggplay <unfixed> (bug filed)
-CVE-2009-3377
-	RESERVED
+CVE-2009-3377 (Multiple unspecified vulnerabilities in liboggz before ...)
 	- liboggz 0.9.9-1
-CVE-2009-3376
-	RESERVED
+CVE-2009-3376 (Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey ...)
 	{DSA-1922-1}
 	- xulrunner 1.9.1.4-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
-CVE-2009-3375
-	RESERVED
+CVE-2009-3375 (content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x ...)
 	{DSA-1922-1}
 	- xulrunner 1.9.1.4-1
 	[etch] - xulrunner <not-affected> (Only affects Firefox 3.x)
-CVE-2009-3374
-	RESERVED
+CVE-2009-3374 (The XPCVariant::VariantDataToJS function in the XPCOM implementation ...)
 	{DSA-1922-1}
 	- xulrunner 1.9.1.4-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
-CVE-2009-3373
-	RESERVED
+CVE-2009-3373 (Heap-based buffer overflow in the GIF image parser in Mozilla Firefox ...)
 	{DSA-1922-1}
 	- xulrunner 1.9.1.4-1
 	[etch] - xulrunner <not-affected> (Only affects Firefox 3.x)
-CVE-2009-3372
-	RESERVED
+CVE-2009-3372 (Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey ...)
 	{DSA-1922-1}
 	- xulrunner 1.9.1.4-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
-CVE-2009-3371
-	RESERVED
-CVE-2009-3370
-	RESERVED
+CVE-2009-3371 (Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 ...)
+	TODO: check
+CVE-2009-3370 (Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote ...)
 	{DSA-1922-1}
 	- xulrunner 1.9.1.4-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
@@ -1375,7 +1358,7 @@
 	NOT-FOR-US: NASD CORE.NET Terelik (aka corenet1)
 CVE-2009-3275 (Blocks/Common/Src/Configuration/Manageability/Adm/AdmContentBuilder.cs ...)
 	NOT-FOR-US: Microsoft patterns & practices Enterprise Library
-CVE-2009-3274 (Mozilla Firefox 3.6a1, 3.5.2, and earlier 2.x and 3.x versions on ...)
+CVE-2009-3274 (Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and ...)
 	{DSA-1922-1}
 	- xulrunner 1.9.1.4-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
@@ -6769,8 +6752,7 @@
 	RESERVED
 CVE-2009-1564
 	RESERVED
-CVE-2009-1563
-	RESERVED
+CVE-2009-1563 (Array index error in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x ...)
 	- nspr <unfixed>
 	[etch] - nspr <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
 CVE-2009-1562


