[Secure-testing-commits] r13819 - data/CVE

Joey Hess joeyh at alioth.debian.org
Thu Jan 14 21:14:27 UTC 2010


Author: joeyh
Date: 2010-01-14 21:14:24 +0000 (Thu, 14 Jan 2010)
New Revision: 13819

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-01-14 19:58:45 UTC (rev 13818)
+++ data/CVE/list	2010-01-14 21:14:24 UTC (rev 13819)
@@ -1,3 +1,11 @@
+CVE-2009-4612 (Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP ...)
+	TODO: check
+CVE-2009-4611 (Mort Bay Jetty 6.x and 7.0.0 writes backtrace data without sanitizing ...)
+	TODO: check
+CVE-2009-4610 (Multiple cross-site scripting (XSS) vulnerabilities in Mort Bay Jetty ...)
+	TODO: check
+CVE-2009-4609 (The Dump Servlet in Mort Bay Jetty 6.x and 7.0.0 allows remote ...)
+	TODO: check
 CVE-2010-XXXX [typo3 openid auth bypass]
 	- typo3-src <unfixed>
 	TODO: check affected versions and report
@@ -668,59 +676,49 @@
 CVE-2009-4497 (Cross-site scripting (XSS) vulnerability in LXR Cross Referencer 0.9.5 ...)
 	- lxr-cvs <unfixed>
 	NOTE: http://sourceforge.net/mailarchive/forum.php?thread_name=E1NS2s4-0001PE-F2@3bkjzd1.ch3.sourceforge.com&forum_name=lxr-developer
-CVE-2009-4496 [boa escape sequence injection]
-	RESERVED
+CVE-2009-4496 (Boa 0.94.14rc21 writes data to a log file without sanitizing ...)
 	- boa <unfixed> (low)
 	[etch] - boa <no-dsa> (issue not really specific to the httpd)
 	[lenny] - boa <no-dsa> (issue not really specific to the httpd)
 	NOTE: same as CVE-2009-4487
-CVE-2009-4495 [yaws escape sequence injection]
-	RESERVED
+CVE-2009-4495 (Yaws 1.85 writes data to a log file without sanitizing non-printable ...)
 	- yaws <unfixed> (low)
 	[etch] - yaws <no-dsa> (issue not really specific to the httpd)
 	[lenny] - yaws <no-dsa> (issue not really specific to the httpd)
 	NOTE: same as CVE-2009-4487
-CVE-2009-4494 [aolserver escape sequence injection]
-	RESERVED
+CVE-2009-4494 (AOLserver 4.5.1 writes data to a log file without sanitizing ...)
 	- aolserver4 <unfixed> (low)
 	[etch] - aolserver4 <no-dsa> (issue not really specific to the httpd)
 	[lenny] - aolserver4 <no-dsa> (issue not really specific to the httpd)
 	NOTE: same as CVE-2009-4487
-CVE-2009-4493 [orion escape sequence injection]
-	RESERVED
+CVE-2009-4493 (Orion Application Server 2.0.7 writes data to a log file without ...)
 	NOT-FOR-US: Orion httpd
-CVE-2009-4492 [webrick escape sequence injection]
-	RESERVED
+CVE-2009-4492 (WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through ...)
 	- ruby1.8 1.8.7.249-1 (low; bug #564598)
 	[etch] - ruby1.8 <no-dsa> (issue not really specific to the httpd)
 	[lenny] - ruby1.8 <no-dsa> (issue not really specific to the httpd)
 	NOTE: same as CVE-2009-4487
-CVE-2009-4491 [thttpd escape sequence injection]
-	RESERVED
+CVE-2009-4491 (thttpd 2.25b0 writes data to a log file without sanitizing ...)
 	- thttpd <unfixed> (low)
 	[etch] - thttpd <no-dsa> (issue not really specific to the httpd)
 	[lenny] - thttpd <no-dsa> (issue not really specific to the httpd)
 	NOTE: same as CVE-2009-4487
-CVE-2009-4490 [mini-httpd escape sequence injection]
-	RESERVED
+CVE-2009-4490 (mini_httpd 1.19 writes data to a log file without sanitizing ...)
 	- mini-httpd <unfixed> (low)
 	[etch] - mini-httpd <no-dsa> (issue not really specific to the httpd)
 	[lenny] - mini-httpd <no-dsa> (issue not really specific to the httpd)
 	NOTE: same as CVE-2009-4487
-CVE-2009-4489 [cherokee escape sequence injection]
-	RESERVED
+CVE-2009-4489 (header.c in Cherokee before 0.99.32 writes data to a log file without ...)
 	- cherokee 0.99.37-1 (low)
 	[etch] - cherokee <no-dsa> (issue not really specific to the httpd)
 	[lenny] - cherokee <no-dsa> (issue not really specific to the httpd)
 	NOTE: same as CVE-2009-4487
-CVE-2009-4488 [varnish escape sequence injection]
-	RESERVED
+CVE-2009-4488 (** DISPUTED ** Varnish 2.0.6 writes data to a log file without ...)
 	- varnish <unfixed> (low)
 	[etch] - varnish <no-dsa> (issue not really specific to the httpd)
 	[lenny] - varnish <no-dsa> (issue not really specific to the httpd)
 	NOTE: same as CVE-2009-4487
-CVE-2009-4487 [nginx escape sequence injection]
-	RESERVED
+CVE-2009-4487 (nginx 0.7.64 writes data to a log file without sanitizing ...)
 	- nginx <unfixed> (low)
 	[etch] - nginx <no-dsa> (issue not really specific to the httpd)
 	[lenny] - nginx <no-dsa> (issue not really specific to the httpd)
@@ -1274,8 +1272,8 @@
 	RESERVED
 CVE-2010-0019
 	RESERVED
-CVE-2010-0018
-	RESERVED
+CVE-2010-0018 (Integer overflow in the Embedded OpenType (EOT) Font Engine in ...)
+	TODO: check
 CVE-2010-0017
 	RESERVED
 CVE-2010-0016
@@ -1629,8 +1627,7 @@
 	NOT-FOR-US: Panda
 CVE-2009-4213
 	RESERVED
-CVE-2009-4212 [krb5: integer underflow in AES and RC4 decryption]
-	RESERVED
+CVE-2009-4212 (Multiple integer underflows in the (1) AES and (2) RC4 decryption ...)
 	{DSA-1969-1}
 	- krb5 1.8+dfsg~alpha1-1
 CVE-2009-4211 (The U.S. Defense Information Systems Agency (DISA) Security Readiness ...)
@@ -2283,26 +2280,19 @@
 	NOT-FOR-US: Super Serious Stats
 CVE-2009-3960
 	RESERVED
-CVE-2009-3959
-	RESERVED
+CVE-2009-3959 (Integer overflow in the U3D implementation in Adobe Reader and Acrobat ...)
 	NOT-FOR-US: Adobe Reader and Acrobat 8.0
-CVE-2009-3958
-	RESERVED
+CVE-2009-3958 (Buffer overflow in the Download Manager in Adobe Reader and Acrobat ...)
 	NOT-FOR-US: Adobe Reader and Acrobat 8.0
-CVE-2009-3957
-	RESERVED
+CVE-2009-3957 (Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows ...)
 	NOT-FOR-US: Adobe Reader and Acrobat 8.0
-CVE-2009-3956
-	RESERVED
+CVE-2009-3956 (The default configuration of Adobe Reader and Acrobat 9.x before 9.3, ...)
 	NOT-FOR-US: Adobe Reader and Acrobat 8.0
-CVE-2009-3955
-	RESERVED
+CVE-2009-3955 (Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows ...)
 	NOT-FOR-US: Adobe Reader and Acrobat 8.0
-CVE-2009-3954
-	RESERVED
+CVE-2009-3954 (The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and ...)
 	NOT-FOR-US: Adobe Reader and Acrobat 8.0
-CVE-2009-3953
-	RESERVED
+CVE-2009-3953 (The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and ...)
 	NOT-FOR-US: Adobe Reader and Acrobat 8.0
 CVE-2009-3952 (Buffer overflow in Adobe Illustrator CS3 13.0.3 and earlier and ...)
 	TODO: check




More information about the Secure-testing-commits mailing list