[Secure-testing-commits] r13161 - data/CVE

Joey Hess joeyh at alioth.debian.org
Sat Oct 31 09:14:51 UTC 2009 

Author: joeyh
Date: 2009-10-31 09:14:47 +0000 (Sat, 31 Oct 2009)
New Revision: 13161

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-10-30 22:42:49 UTC (rev 13160)
+++ data/CVE/list	2009-10-31 09:14:47 UTC (rev 13161)
@@ -1,3 +1,13 @@
+CVE-2009-3832 (Opera before 10.01 on Windows does not prevent use of Web fonts in ...)
+	TODO: check
+CVE-2009-3831 (Opera before 10.01 allows remote attackers to execute arbitrary code ...)
+	TODO: check
+CVE-2009-3830 (The download functionality in Team Services in Microsoft Office ...)
+	TODO: check
+CVE-2009-3829 (Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows ...)
+	TODO: check
+CVE-2009-3828 (The web interface for Everfocus EDR1600 DVR allows remote attackers to ...)
+	TODO: check
 CVE-2009-3827
 	RESERVED
 CVE-2009-3826 (Multiple buffer overflows in squidGuard 1.4 allow remote attackers to ...)
@@ -250,8 +260,7 @@
 	[lenny] - asterisk <not-affected>
 	- asterisk <unfixed> (medium)
 	NOTE: http://downloads.asterisk.org/pub/security/AST-2009-007.html
-CVE-2009-3722 [kvm: check cpl before emulating debug register access]
-	RESERVED
+CVE-2009-3722 (The handle_dr function in arch/x86/kvm/vmx.c in the KVM subsystem in ...)
 	[etch] - linux-2.6 <not-affected> (issue introduced in 2.6.30-rc1)
 	[lenny] - linux-2.6 <not-affected> (issue introduced in 2.6.30-rc1)
 	- linux-2.6 <unfixed>
@@ -270,44 +279,44 @@
 	- python-xml <unfixed> (low; bug #551939)
 	- python2.5 <unfixed> (low)
 	- python2.4 <unfixed> (low)
-        - wxwindows2.4 <removed> (low)
-        - wxwidgets2.6 <unfixed> (low)
-        - wxwidgets2.8 <unfixed> (low)
-        - python-celementree <unfixed> (low)
-        - audacity <unfixed> (low)
-        - matzana <unfixed> (low)
-        - tdom <unfixed> (low)
-        - udunits <unfixed> (low)
-        - apr-util <unfixed> (low)
-        - ayttm <unfixed> (low)
-        - cableswig <unfixed> (low)
-        - cadaver <unfixed> (low)
-        - cmake <unfixed> (low)
-        - coin3 <unfixed> (low)
-        - gdcm <unfixed> (low)
-        - ghostscript <unfixed> (low)
-        - grmonitor <unfixed> (low)
-        - iceape <unfixed> (low)
-        - insighttoolkit <unfixed> (low)
-        - libparagui1.1 <unfixed> (low)
-        - paraview <unfixed> (low)
-        - poco <unfixed> (low)
-        - simgear <unfixed> (low)
-        - sitecopy <unfixed> (low)
-        - smart <unfixed> (low)
-        - swish <unfixed> (low)
-        - tla <unfixed> (low)
-        - vtk <unfixed> (low)
-        - wbxml2 <unfixed> (low)
-        - xmlrpc-c <unfixed> (low)
-        - iceweasel <unfixed> (low)
-        - kompozer <unfixed> (low)
-        - vxl <unfixed> (low)
-        - xulrunner <unfixed> (low)
-        - apache2 <unfixed> (low)
-        - texlive-bin <unfixed> (low)
-        - vnc4 <unfixed> (low)
-        - xotcl <unfixed> (low)
+	- wxwindows2.4 <removed> (low)
+	- wxwidgets2.6 <unfixed> (low)
+	- wxwidgets2.8 <unfixed> (low)
+	- python-celementree <unfixed> (low)
+	- audacity <unfixed> (low)
+	- matzana <unfixed> (low)
+	- tdom <unfixed> (low)
+	- udunits <unfixed> (low)
+	- apr-util <unfixed> (low)
+	- ayttm <unfixed> (low)
+	- cableswig <unfixed> (low)
+	- cadaver <unfixed> (low)
+	- cmake <unfixed> (low)
+	- coin3 <unfixed> (low)
+	- gdcm <unfixed> (low)
+	- ghostscript <unfixed> (low)
+	- grmonitor <unfixed> (low)
+	- iceape <unfixed> (low)
+	- insighttoolkit <unfixed> (low)
+	- libparagui1.1 <unfixed> (low)
+	- paraview <unfixed> (low)
+	- poco <unfixed> (low)
+	- simgear <unfixed> (low)
+	- sitecopy <unfixed> (low)
+	- smart <unfixed> (low)
+	- swish <unfixed> (low)
+	- tla <unfixed> (low)
+	- vtk <unfixed> (low)
+	- wbxml2 <unfixed> (low)
+	- xmlrpc-c <unfixed> (low)
+	- iceweasel <unfixed> (low)
+	- kompozer <unfixed> (low)
+	- vxl <unfixed> (low)
+	- xulrunner <unfixed> (low)
+	- apache2 <unfixed> (low)
+	- texlive-bin <unfixed> (low)
+	- vnc4 <unfixed> (low)
+	- xotcl <unfixed> (low)
 CVE-2009-3719 (Cross-site scripting (XSS) vulnerability in comment.asp in Battle Blog ...)
 	NOT-FOR-US: Battle Blog
 CVE-2009-3718 (SQL injection vulnerability in admin/authenticate.asp in Battle Blog ...)
@@ -534,8 +543,7 @@
 	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
 	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.29)
 	NOTE: fixed upstream in 2.6.32-rc5
-CVE-2009-3623 [linux-2.6: null ptr dereference in nfsv4]
-	RESERVED
+CVE-2009-3623 (The lookup_cb_cred function in fs/nfsd/nfs4callback.c in the nfsd4 ...)
 	- linux-2.6 <unfixed> (medium)
 	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31)
 	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31)
@@ -731,18 +739,15 @@
 	RESERVED
 CVE-2009-3552
 	RESERVED
-CVE-2009-3551 [The SMB dissector could crash.]
-	RESERVED
+CVE-2009-3551 (Off-by-one error in the dissect_negprot_response function in ...)
 	- wireshark <unfixed>
 	TODO: check
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2009-07.html
-CVE-2009-3550 [The DCERPC/NT dissector could crash.]
-	RESERVED
+CVE-2009-3550 (The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 ...)
 	- wireshark <unfixed>
 	TODO: check
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2009-07.html
-CVE-2009-3549 [The Paltalk dissector could crash on alignment-sensitive processors. ]
-	RESERVED
+CVE-2009-3549 (packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through ...)
 	- wireshark <unfixed>
 	TODO: check
 	NOTE: http://www.wireshark.org/security/wnpa-sec-2009-07.html
@@ -1432,7 +1437,7 @@
 	- chromium-browser <itp> (bug #520324)
 CVE-2009-3267 (Microsoft Internet Explorer 6 through 6.0.2900.2180, and ...)
 	NOT-FOR-US: Microsoft Internet Explorer
-CVE-2009-3266 (Unspecified vulnerability in Opera 9 and 10 allows remote attackers to ...)
+CVE-2009-3266 (Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) ...)
 	NOT-FOR-US: Opera
 CVE-2009-3265 (Cross-site scripting (XSS) vulnerability in Opera 9 and 10 allows ...)
 	NOT-FOR-US: Opera
@@ -61588,7 +61593,8 @@
 	- rageircd <not-affected> (bug #343543; medium)
 CVE-2005-4266 (WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a ...)
 	NOT-FOR-US: Alt-N MDaemon and WorldClient
-CVE-2005-4265 (Alt-N MDaemon and WorldClient 8.1.3 allows remote attackers to cause a ...)
+CVE-2005-4265
+	REJECTED
 	NOT-FOR-US: Alt-N MDaemon and WorldClient
 CVE-2005-4264 (Multiple SQL injection vulnerabilities in index.php in PHP Support ...)
 	NOT-FOR-US: PHP Support Tickets

More information about the Secure-testing-commits mailing list