[Secure-testing-commits] r13868 - data/CVE

Wed Jan 20 21:14:34 UTC 2010

Author: joeyh
Date: 2010-01-20 21:14:31 +0000 (Wed, 20 Jan 2010)
New Revision: 13868

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2010-01-20 20:56:55 UTC (rev 13867)
+++ data/CVE/list	2010-01-20 21:14:31 UTC (rev 13868)
@@ -399,8 +399,7 @@
 CVE-2010-0220 (The nsObserverList::FillObserverArray function in ...)
 	- xulrunner <unfixed> (unimportant)
 	NOTE: browser DoS not treated as security issue
-CVE-2009-4605 [phpMyAdmin 2.11.10 unserialize fix]
-	RESERVED
+CVE-2009-4605 (scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before ...)
 	- phpmyadmin 4:3.2.4-1
 	NOTE: vulnerable code does not in the 3.x series (sid and squeeze checked)	
 	NOTE: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=13149
@@ -946,12 +945,10 @@
 	NOT-FOR-US: Auto-Surf Traffic Exchange Script
 CVE-2009-4459 (Redmine 0.8.7 and earlier uses the title tag before defining the ...)
 	- redmine <unfixed> (bug #563940)
-CVE-2008-7252 [phpMyAdmin tempfile issue]
-	RESERVED
+CVE-2008-7252 (libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses ...)
 	- phpmyadmin 4:3.0.0-1
 	NOTE: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=11528
-CVE-2008-7251 [phpMyAdmin tempfile issue]
-	RESERVED
+CVE-2008-7251 (libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a ...)
 	- phpmyadmin 4:3.0.0-1
 	NOTE: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=11536
 CVE-2008-7250 (Cross-site scripting (XSS) vulnerability in Squid Analysis Report ...)
@@ -1479,8 +1476,7 @@
 	RESERVED
 CVE-2010-0008
 	RESERVED
-CVE-2010-0007 [normal users can modify etables rules]
-	RESERVED
+CVE-2010-0007 (net/bridge/netfilter/ebtables.c in the ebtables module in the ...)
 	- linux-2.6 <unfixed>
 	- linux-2.6.24 <removed>
 CVE-2010-0006 [ipv6 null ptr dereference]
@@ -1505,6 +1501,7 @@
 	- bash <not-affected> (mandriva-specific packaging issue)
 CVE-2010-0001 [gzip: integer underflow via LZW compressed gzip archive]
 	RESERVED
+	{DSA-1974-1}
 	- gzip <unfixed> (medium; bug #566002)
 CVE-2009-4324 (Use-after-free vulnerability in the Doc.media.newPlayer method in ...)
 	NOT-FOR-US: Adobe Reader and Acrobat 8.0
@@ -1954,8 +1951,7 @@
 CVE-2009-4142 (The htmlspecialchars function in PHP before 5.2.12 does not properly ...)
 	- php5 5.2.12.dfsg.1-1
 	TODO: determine real impact
-CVE-2009-4141
-	RESERVED
+CVE-2009-4141 (Use-after-free vulnerability in the fasync_helper function in ...)
 	- linux-2.6 <unfixed>
 	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
 	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
@@ -2316,8 +2312,7 @@
 	RESERVED
 CVE-2009-4013
 	RESERVED
-CVE-2009-4012 [libthai integer overflow]
-	RESERVED
+CVE-2009-4012 (Multiple integer overflows in LibThai before 0.1.13 might allow ...)
 	{DSA-1971-1}
 	- libthai 0.1.13-1
 CVE-2009-4011 [dtc-xen race condition]
@@ -3010,8 +3005,8 @@
 	RESERVED
 CVE-2009-3740
 	RESERVED
-CVE-2009-3739
-	RESERVED
+CVE-2009-3739 (Multiple unspecified vulnerabilities on the Rockwell Automation AB ...)
+	TODO: check
 CVE-2009-3738
 	RESERVED
 CVE-2009-3737
@@ -7051,6 +7046,7 @@
 	- libxerces2-java <unfixed>
 CVE-2009-2624 [gzip: missing input sanitation related to dynamic Huffman codes]
 	RESERVED
+	{DSA-1974-1}
 	- gzip 1.3.12-8 (medium; bug #507263)
 CVE-2009-2623
 	RESERVED
@@ -53707,7 +53703,7 @@
 	[sarge] - lha <no-dsa> (Non-free not supported)
 	[etch] - lha <no-dsa> (Non-free not supported)
 CVE-2006-4334 (Unspecified vulnerability in gzip 1.3.5 allows context-dependent ...)
-	{DSA-1181-1}
+	{DSA-1974-1 DSA-1181-1}
 	- gzip 1.3.5-15 (high)
 CVE-2006-4333 (The SSCOP dissector in Wireshark (formerly Ethereal) before 0.99.3 allows ...)
 	{DSA-1171}


