[Secure-testing-commits] r12740 - data/CVE

Joey Hess joeyh at alioth.debian.org
Wed Sep 2 21:14:15 UTC 2009 

Author: joeyh
Date: 2009-09-02 21:14:15 +0000 (Wed, 02 Sep 2009)
New Revision: 12740

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-09-02 19:03:51 UTC (rev 12739)
+++ data/CVE/list	2009-09-02 21:14:15 UTC (rev 12740)
@@ -1,48 +1,50 @@
-CVE-2009-3038
+CVE-2009-3039
+	RESERVED
+CVE-2009-3038 (A certain ActiveX control in lnresobject.dll 7.1.1.119 in the Research ...)
 	NOT-FOR-US: ActiveX
-CVE-2009-3037
+CVE-2009-3037 (Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer (aka ...)
 	NOT-FOR-US: Autonomy KeyView XLS viewer
-CVE-2008-7152
+CVE-2008-7152 (Multiple PHP remote file inclusion vulnerabilities in Specimen Image ...)
 	NOT-FOR-US: Specimen Image Database
-CVE-2008-7151
+CVE-2008-7151 (Cross-site request forgery (CSRF) vulnerability in Live 5.x before ...)
 	NOT-FOR-US: Live third-party Drupal module
-CVE-2008-7150
+CVE-2008-7150 (Cross-site scripting (XSS) vulnerability in Refine by Taxonomy 5.x ...)
 	NOT-FOR-US: Refine by Taxonomy
-CVE-2008-7149
+CVE-2008-7149 (Unspecified vulnerability in AgileWiki before 0.10.1 has unknown ...)
 	NOT-FOR-US: AgileWiki
-CVE-2008-7148
+CVE-2008-7148 (Unspecified vulnerability in Synfig Animation Studio before 0.61.08 ...)
 	NOT-FOR-US: Synfig Animation Studio
-CVE-2008-7147
+CVE-2008-7147 (Multiple cross-site scripting (XSS) vulnerabilities in IntraLearn ...)
 	NOT-FOR-US: IntraLearn Software IntraLearn
-CVE-2008-7146
+CVE-2008-7146 (IntraLearn Software IntraLearn 2.1, and possibly other versions before ...)
 	NOT-FOR-US: IntraLearn Software IntraLearn
-CVE-2008-7145
+CVE-2008-7145 (Multiple SQL injection vulnerabilities in index.php in CoronaMatrix ...)
 	NOT-FOR-US: CoronaMatrix phpAddressBook
-CVE-2008-7144
+CVE-2008-7144 (Multiple unspecified vulnerabilities in RARLAB WinRAR before 3.71 have ...)
 	NOT-FOR-US: RARLAB WinRAR
-CVE-2008-7143
+CVE-2008-7143 (phpBB 2.0.23 includes the session ID in a request to modcp.php when ...)
 	- phpbb2 <removed>
-CVE-2008-7142
+CVE-2008-7142 (Absolute path traversal vulnerability in the Disk Usage module ...)
 	NOT-FOR-US: cPanel
-CVE-2008-7141
+CVE-2008-7141 (Cross-site scripting (XSS) vulnerability in setup.php in @lex Poll 2.1 ...)
 	NOT-FOR-US: @lex Poll
-CVE-2008-7140
+CVE-2008-7140 (Multiple cross-site scripting (XSS) vulnerabilities in @lex Guestbook ...)
 	NOT-FOR-US: @lex Guestbook
-CVE-2008-7139
+CVE-2008-7139 (Multiple cross-site request forgery (CSRF) vulnerabilities in WS-Proxy ...)
 	NOT-FOR-US: Eye-Fi
-CVE-2008-7138
+CVE-2008-7138 (The Manager in Eye-Fi 1.1.2 generates predictable snonce values based ...)
 	NOT-FOR-US: Eye-Fi
-CVE-2008-7137
+CVE-2008-7137 (WS-Proxy in Eye-Fi 1.1.2 allows remote attackers to cause a denial of ...)
 	NOT-FOR-US: Eye-Fi
-CVE-2008-7136
+CVE-2008-7136 (toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers ...)
 	NOT-FOR-US: ICQ Toolbar
-CVE-2008-7135
+CVE-2008-7135 (toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers ...)
 	NOT-FOR-US: ICQ Toolbar
-CVE-2008-7134
+CVE-2008-7134 (Multiple cross-site scripting (XSS) vulnerabilities in the default URI ...)
 	NOT-FOR-US: Chris LaPointe RedGalaxy Download Center
-CVE-2008-7133
+CVE-2008-7133 (Multiple cross-site scripting (XSS) vulnerabilities in onlinetools.org ...)
 	NOT-FOR-US: onlinetools.org EasyImageCatalogue
-CVE-2008-7132
+CVE-2008-7132 (Cross-site scripting (XSS) vulnerability in index.php in Nuked-Klan ...)
 	NOT-FOR-US: Nuked-Klan
 CVE-2009-3036
 	RESERVED
@@ -68,7 +70,7 @@
 	TODO: check
 CVE-2009-3024 (The verify_hostname_of_cert function in the certificate checking ...)
 	TODO: check
-CVE-2009-3023 (Buffer overflow in the FTP server in Microsoft IIS 5.0 and 6.0 allows ...)
+CVE-2009-3023 (Buffer overflow in the FTP server in Microsoft Internet Information ...)
 	NOT-FOR-US: Microsoft IIS
 CVE-2009-3022 (Cross-site request forgery (CSRF) vulnerability in bingo!CMS 1.2 and ...)
 	NOT-FOR-US: bingo!CMS
@@ -403,6 +405,7 @@
 	RESERVED
 CVE-2009-2946
 	RESERVED
+	{DSA-1878-1}
 	- devscripts 2.10.54
 CVE-2009-2945
 	RESERVED
@@ -973,10 +976,10 @@
 	NOT-FOR-US: DD-WRT
 CVE-2008-6974 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
 	NOT-FOR-US: DD-WRT
-CVE-2009-3040 [Sql injection in OCS Inventory NG Server]
+CVE-2009-3040 (Multiple SQL injection vulnerabilities in Open Computer and Software ...)
 	- ocsinventory-server 1.02.1-2 (low; bug #541995)
 	NOTE: Authentication is needed
-CVE-2009-3042 [Sql injection in OCS Inventory NG Server]
+CVE-2009-3042 (SQL injection vulnerability in machine.php in Open Computer and ...)
 	- ocsinventory-server 1.02.1-2 (low; bug #541995)
 	NOTE: Authentication is needed
 CVE-2009-2763
@@ -1263,7 +1266,7 @@
 	- mantis 1.1.8+dfsg-2 (medium; bug #425010)
 	[lenny] - mantis 1.1.6+dfsg-2lenny1
 	NOTE: cve id requested on oss-sec
-CVE-2009-3041 [missing authorization check in spip installer]
+CVE-2009-3041 (SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper ...)
 	- spip 2.0.9-1 (medium)
 CVE-2009-XXXX [rubygems: integrity violation]
 	- libgems-ruby <not-affected> (Debian's version installs gems packages to /var/lib/gems, bug #540610)
@@ -2194,6 +2197,7 @@
 	NOTE: vulnerable code not present, introduced in 2.3.x
 	NOTE: to be fixed in upstream version 2.3.3
 CVE-2009-2446 (Multiple format string vulnerabilities in the dispatch_command ...)
+	{DSA-1877-1}
 	- mysql-dfsg-5.0 <unfixed> (low; bug #536726) 
 	TODO: check lenny/sid; they are likely fixed according to the report, but i did not check
 CVE-2009-XXXX [libio-socket-ssl-perl: partial hostname matching vulnerability]

More information about the Secure-testing-commits mailing list