[Secure-testing-commits] r12729 - data/CVE

Joey Hess joeyh at alioth.debian.org
Tue Sep 1 21:14:17 UTC 2009 

Author: joeyh
Date: 2009-09-01 21:14:17 +0000 (Tue, 01 Sep 2009)
New Revision: 12729

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-09-01 20:08:48 UTC (rev 12728)
+++ data/CVE/list	2009-09-01 21:14:17 UTC (rev 12729)
@@ -1,3 +1,55 @@
+CVE-2009-3036
+	RESERVED
+CVE-2009-3035
+	RESERVED
+CVE-2009-3034
+	RESERVED
+CVE-2009-3033
+	RESERVED
+CVE-2009-3032
+	RESERVED
+CVE-2009-3031
+	RESERVED
+CVE-2009-3030
+	RESERVED
+CVE-2009-3029
+	RESERVED
+CVE-2009-3028
+	RESERVED
+CVE-2009-3027
+	RESERVED
+CVE-2009-3025 (Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to ...)
+	TODO: check
+CVE-2009-3024 (The verify_hostname_of_cert function in the certificate checking ...)
+	TODO: check
+CVE-2009-3023 (Buffer overflow in the FTP server in Microsoft IIS 5.0 and 6.0 allows ...)
+	TODO: check
+CVE-2009-3022 (Cross-site request forgery (CSRF) vulnerability in bingo!CMS 1.2 and ...)
+	TODO: check
+CVE-2009-3021 (Cross-site scripting (XSS) vulnerability in Site Calendar 'mycaljp' ...)
+	TODO: check
+CVE-2009-3020 (win32k.sys in Microsoft Windows Server 2003 SP2 allows remote ...)
+	TODO: check
+CVE-2009-3019 (Microsoft Internet Explorer 6 on Windows XP SP2 and SP3, and Internet ...)
+	TODO: check
+CVE-2009-3018 (Maxthon Browser 3.0.0.145 Alpha with Ultramode does not properly block ...)
+	TODO: check
+CVE-2009-3017 (Orca Browser 1.2 build 5 does not properly block data: URIs in Refresh ...)
+	TODO: check
+CVE-2009-3016 (Apple Safari 4.0.3 does not properly block javascript: and data: URIs ...)
+	TODO: check
+CVE-2009-3015 (QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and ...)
+	TODO: check
+CVE-2009-3014 (Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; ...)
+	TODO: check
+CVE-2009-3013 (Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly ...)
+	TODO: check
+CVE-2009-3012 (Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre ...)
+	TODO: check
+CVE-2009-3011 (Google Chrome 1.0.154.48 and earlier, 2.0.172.28, 2.0.172.37, and ...)
+	TODO: check
+CVE-2009-3010 (Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; ...)
+	TODO: check
 CVE-2009-3009
 	RESERVED
 CVE-2009-3008 (K-Meleon 1.5.3 allows context-dependent attackers to spoof the address ...)
@@ -207,10 +259,12 @@
 	[etch] - buildbot <not-affected> (According to the vendor 0.7.5 and earlier are not affected)
 CVE-2009-2958 [dnsmasq remote code execution]
 	RESERVED
+	{DSA-1876-1}
 	- dnsmasq 2.50-1
 	[etch] - dnsmasq <not-affected>
 CVE-2009-2957 [dnsmasq denial-of-service]
 	RESERVED
+	{DSA-1876-1}
 	- dnsmasq 2.50-1
 	[etch] - dnsmasq <not-affected>
 CVE-2009-2956 (The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere ...)
@@ -297,8 +351,7 @@
 	RESERVED
 CVE-2009-2945
 	RESERVED
-CVE-2009-2944 [ikiwiki: insufficient blacklist in teximg module]
-	RESERVED
+CVE-2009-2944 (Incomplete blacklist vulnerability in the teximg plugin in ikiwiki ...)
 	{DSA-1875-1}
 	- ikiwiki 3.1415926
 CVE-2009-2943
@@ -413,7 +466,7 @@
 	NOT-FOR-US: tnftpd
 CVE-2003-1574 (TikiWiki 1.6.1 allows remote attackers to bypass authentication by ...)
 	NOT-FOR-US: TikiWiki
-CVE-2009-3026 [pidgin does not honour SSL/TLS]
+CVE-2009-3026 (protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly ...)
 	- pidgin 2.6.1-1 (low; bug #542891)
 	[lenny] - pidgin <no-dsa> (Minor issue)
 	TODO: next point update: [lenny] - pidgin_2.4.3-4lenny4
@@ -623,7 +676,7 @@
 	- linux-2.6 <unfixed> (low)
 	- linux-2.6.24 <removed>
 	TODO: add after r3 [lenny] - linux-2.6 2.6.26-19 (low)
-CVE-2009-2847 (The do_sigaltstack function in kernel/signal.c in Linux kernel 2.6 ...)
+CVE-2009-2847 (The do_sigaltstack function in kernel/signal.c in Linux kernel 2.4 ...)
 	{DSA-1872-1}
 	- linux-2.6 2.6.30-6 (low)
 	- linux-2.6.24 <removed>
@@ -1239,7 +1292,7 @@
 	RESERVED
 CVE-2009-2699
 	RESERVED
-CVE-2009-2698 (The UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in ...)
+CVE-2009-2698 (The udp_sendmsg function in the UDP implementation in (1) ...)
 	{DSA-1872-1}
 	- linux-2.6 2.6.19-1 (high)
 	- linux-2.6.24 2.6.19-1 
@@ -5156,7 +5209,7 @@
 	[etch] - xulrunner <not-affected> (introduced in 1.9.0.9)
 	[lenny] - xulrunner <not-affected> (introduced in 1.9.0.9)
 	[squeeze] - xulrunner <not-affected> (introduced in 1.9.0.9)
-CVE-2009-1312 (Mozilla Firefox before 3.0.9 and SeaMonkey do not block javascript: ...)
+CVE-2009-1312 (Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block ...)
 	{DSA-1797-1}
 	- xulrunner 1.9.0.9-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)

More information about the Secure-testing-commits mailing list