[Secure-testing-commits] r12794 - data/CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Sat Sep 12 08:07:16 UTC 2009
Author: jmm-guest
Date: 2009-09-12 08:07:16 +0000 (Sat, 12 Sep 2009)
New Revision: 12794
Modified:
data/CVE/list
Log:
new webauth issue
new postgres issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-09-12 04:38:23 UTC (rev 12793)
+++ data/CVE/list 2009-09-12 08:07:16 UTC (rev 12794)
@@ -1,3 +1,18 @@
+CVE-2009-XXXX [postgresql: Authenticated non-superusers can shut down the backend server by re-LOAD-ing libraries]
+ - postgresql-8.4 8.4.1-1
+ - postgresql-8.3 8.3.8-1
+ - postgresql-8.1 <not-affected>
+ - postgresql-7.4 <not-affected>
+CVE-2009-XXXX [postgresql: fix CVE-2007-6600 failed to include protection against misuse of RESET SESSION AUTHORIZATION]
+ - postgresql-8.4 8.4.1-1
+ - postgresql-8.3 8.3.8-1
+ - postgresql-8.1 <removed>
+ - postgresql-7.4 <removed>
+CVE-2009-XXXX [postgresql: LDAP authentication issue]
+ - postgresql-8.4 8.4.1-1
+ - postgresql-8.3 8.3.8-1
+ - postgresql-8.1 <not-affected>
+ - postgresql-7.4 <not-affected>
CVE-2009-3164 (Unspecified vulnerability in the IPv6 networking stack in Sun Solaris ...)
TODO: check
CVE-2009-3163 (Multiple format string vulnerabilities in lib/silcclient/command.c in ...)
@@ -45,7 +60,7 @@
CVE-2009-3162 (Cross-site scripting (XSS) vulnerability in Multi Website 1.5 allows ...)
NOT-FOR-US: Multi Website
CVE-2009-3161 (The server in IBM WebSphere MQ 7.0.0.1, 7.0.0.2, and 7.0.1.0 allows ...)
- NOT-FOR-US: IBM WebSphere MQ
+ NOT-FOR-US: IBM WebSpHere MQ
CVE-2009-3160 (IBM WebSphere MQ 6.x through 6.0.2.7, 7.0.0.0, 7.0.0.1, 7.0.0.2, and ...)
NOT-FOR-US: IBM WebSphere MQ
CVE-2009-3159 (Unspecified vulnerability in the rriDecompress function in IBM ...)
@@ -793,8 +808,11 @@
CVE-2009-2946 (Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in ...)
{DSA-1878-2 DSA-1878-1}
- devscripts 2.10.54
-CVE-2009-2945
+CVE-2009-2945 [webauth information disclosure]
RESERVED
+ - webauth 3.6.2-1 (low)
+ [lenny] - webauth <no-dsa> (Minor issue, maintainer prepares update for spu)
+ [etch] - webauth <not-affected> (Vulnerable code not present)
CVE-2009-2944 (Incomplete blacklist vulnerability in the teximg plugin in ikiwiki ...)
{DSA-1875-1}
- ikiwiki 3.1415926
More information about the Secure-testing-commits
mailing list