[Secure-testing-commits] r12794 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Sat Sep 12 08:07:16 UTC 2009 

Author: jmm-guest
Date: 2009-09-12 08:07:16 +0000 (Sat, 12 Sep 2009)
New Revision: 12794

Modified:
   data/CVE/list
Log:
new webauth issue
new postgres issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-09-12 04:38:23 UTC (rev 12793)
+++ data/CVE/list	2009-09-12 08:07:16 UTC (rev 12794)
@@ -1,3 +1,18 @@
+CVE-2009-XXXX [postgresql: Authenticated non-superusers can shut down the backend server by re-LOAD-ing libraries]
+	- postgresql-8.4 8.4.1-1
+	- postgresql-8.3 8.3.8-1
+	- postgresql-8.1 <not-affected>
+	- postgresql-7.4 <not-affected>
+CVE-2009-XXXX [postgresql: fix CVE-2007-6600 failed to include protection against misuse of RESET SESSION AUTHORIZATION]
+	- postgresql-8.4 8.4.1-1
+	- postgresql-8.3 8.3.8-1
+	- postgresql-8.1 <removed>
+	- postgresql-7.4 <removed>
+CVE-2009-XXXX [postgresql: LDAP authentication issue]
+	- postgresql-8.4 8.4.1-1
+	- postgresql-8.3 8.3.8-1
+	- postgresql-8.1 <not-affected>
+	- postgresql-7.4 <not-affected>
 CVE-2009-3164 (Unspecified vulnerability in the IPv6 networking stack in Sun Solaris ...)
 	TODO: check
 CVE-2009-3163 (Multiple format string vulnerabilities in lib/silcclient/command.c in ...)
@@ -45,7 +60,7 @@
 CVE-2009-3162 (Cross-site scripting (XSS) vulnerability in Multi Website 1.5 allows ...)
 	NOT-FOR-US: Multi Website
 CVE-2009-3161 (The server in IBM WebSphere MQ 7.0.0.1, 7.0.0.2, and 7.0.1.0 allows ...)
-	NOT-FOR-US: IBM WebSphere MQ
+	NOT-FOR-US: IBM WebSpHere MQ
 CVE-2009-3160 (IBM WebSphere MQ 6.x through 6.0.2.7, 7.0.0.0, 7.0.0.1, 7.0.0.2, and ...)
 	NOT-FOR-US: IBM WebSphere MQ
 CVE-2009-3159 (Unspecified vulnerability in the rriDecompress function in IBM ...)
@@ -793,8 +808,11 @@
 CVE-2009-2946 (Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in ...)
 	{DSA-1878-2 DSA-1878-1}
 	- devscripts 2.10.54
-CVE-2009-2945
+CVE-2009-2945 [webauth information disclosure]
 	RESERVED
+	- webauth 3.6.2-1 (low)
+	[lenny] - webauth <no-dsa> (Minor issue, maintainer prepares update for spu)
+	[etch] - webauth <not-affected> (Vulnerable code not present)
 CVE-2009-2944 (Incomplete blacklist vulnerability in the teximg plugin in ikiwiki ...)
 	{DSA-1875-1}
 	- ikiwiki 3.1415926

More information about the Secure-testing-commits mailing list