Author: joeyh
Date: 2009-03-31 21:14:10 +0000 (Tue, 31 Mar 2009)
New Revision: 11506
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-03-31 17:28:29 UTC (rev 11505)
+++ data/CVE/list 2009-03-31 21:14:10 UTC (rev 11506)
@@ -1,46 +1,253 @@
-CVE-2009-1107 [Multiple Java issues]
+CVE-2009-1175 (Cross-site scripting (XSS) vulnerability in
apps/web/vs_diag.cgi in ...)
+ TODO: check
+CVE-2009-1174 (The Web Services Security component in IBM WebSphere
Application ...)
+ TODO: check
+CVE-2009-1173 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3 uses
weak ...)
+ TODO: check
+CVE-2009-1172 (The JAX-RPC WS-Security runtime in the Web Services Security
component ...)
+ TODO: check
+CVE-2009-1171 (The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+,
1.8 ...)
+ TODO: check
+CVE-2009-1170 (Unspecified vulnerability in Sun OpenSolaris snv_100 through
snv_101 ...)
+ TODO: check
+CVE-2009-1169 (The txMozillaXSLTProcessor::TransformToDoc function in Mozilla
Firefox ...)
+ {DSA-1756-1}
+ TODO: check
+CVE-2009-1168
+ RESERVED
+CVE-2009-1167
+ RESERVED
+CVE-2009-1166
+ RESERVED
+CVE-2009-1165
+ RESERVED
+CVE-2009-1164
+ RESERVED
+CVE-2009-1163
+ RESERVED
+CVE-2009-1162
+ RESERVED
+CVE-2009-1161
+ RESERVED
+CVE-2009-1160
+ RESERVED
+CVE-2009-1159
+ RESERVED
+CVE-2009-1158
+ RESERVED
+CVE-2009-1157
+ RESERVED
+CVE-2009-1156
+ RESERVED
+CVE-2009-1155
+ RESERVED
+CVE-2009-1154
+ RESERVED
+CVE-2009-1153
+ RESERVED
+CVE-2009-1152 (Siemens Gigaset SE461 WiMAX router 1.5-BL024.9.6401, and
possibly ...)
+ TODO: check
+CVE-2009-1151 (Static code injection vulnerability in setup.php in phpMyAdmin
2.11.x ...)
+ TODO: check
+CVE-2009-1150 (Multiple cross-site scripting (XSS) vulnerabilities in the
export page ...)
+ TODO: check
+CVE-2009-1149 (CRLF injection vulnerability in bs_disp_as_mime_type.php in the
BLOB ...)
+ TODO: check
+CVE-2009-1148 (Directory traversal vulnerability in bs_disp_as_mime_type.php
in the ...)
+ TODO: check
+CVE-2009-1147
+ RESERVED
+CVE-2009-1146
+ RESERVED
+CVE-2009-1145
+ RESERVED
+CVE-2009-1144
+ RESERVED
+CVE-2009-1143
+ RESERVED
+CVE-2009-1142
+ RESERVED
+CVE-2009-1141
+ RESERVED
+CVE-2009-1140
+ RESERVED
+CVE-2009-1139
+ RESERVED
+CVE-2009-1138
+ RESERVED
+CVE-2009-1137
+ RESERVED
+CVE-2009-1136
+ RESERVED
+CVE-2009-1135
+ RESERVED
+CVE-2009-1134
+ RESERVED
+CVE-2009-1133
+ RESERVED
+CVE-2009-1132
+ RESERVED
+CVE-2009-1131
+ RESERVED
+CVE-2009-1130
+ RESERVED
+CVE-2009-1129
+ RESERVED
+CVE-2009-1128
+ RESERVED
+CVE-2009-1127
+ RESERVED
+CVE-2009-1126
+ RESERVED
+CVE-2009-1125
+ RESERVED
+CVE-2009-1124
+ RESERVED
+CVE-2009-1123
+ RESERVED
+CVE-2009-1122
+ RESERVED
+CVE-2009-1121
+ RESERVED
+CVE-2009-1120
+ RESERVED
+CVE-2009-1119
+ RESERVED
+CVE-2009-1118
+ RESERVED
+CVE-2009-1117
+ RESERVED
+CVE-2009-1116
+ RESERVED
+CVE-2009-1115
+ RESERVED
+CVE-2009-1114
+ RESERVED
+CVE-2009-1113
+ RESERVED
+CVE-2009-1112
+ RESERVED
+CVE-2009-1111
+ RESERVED
+CVE-2009-1110
+ RESERVED
+CVE-2009-1109
+ RESERVED
+CVE-2009-1108
+ RESERVED
+CVE-2009-1086 (Heap-based buffer overflow in the ldns_rr_new_frm_str_internal
...)
+ TODO: check
+CVE-2008-6560 (Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1
on ...)
+ TODO: check
+CVE-2008-6559 (Merge mcd in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local
users ...)
+ TODO: check
+CVE-2008-6558 (Untrusted search path vulnerability in (1) hvdisp and (2) rcvm
in ...)
+ TODO: check
+CVE-2008-6557 (cgi-bin/webutil.pl in The Puppet Master WebUtil 2.7 allows
remote ...)
+ TODO: check
+CVE-2008-6556 (cgi-bin/webutil.pl in The Puppet Master WebUtil 2.3 allows
remote ...)
+ TODO: check
+CVE-2008-6555 (cgi-bin/webutil.pl in The Puppet Master WebUtil allows remote
...)
+ TODO: check
+CVE-2008-6554 (cgi-bin/script in Aztech ADSL2/2+ 4-port router 3.7.0 build
070426 ...)
+ TODO: check
+CVE-2008-6553 (microcms-admin-home.php in Implied by Design Micro CMS
(Micro-CMS) 3.5 ...)
+ TODO: check
+CVE-2008-6552 (Red Hat Cluster Project 2.x allows local users to modify or
overwrite ...)
+ TODO: check
+CVE-2008-6551 (Multiple directory traversal vulnerabilities in e-Vision CMS
2.0.2 and ...)
+ TODO: check
+CVE-2008-6550 (Cross-site scripting (XSS) vulnerability in glossaire.php in
Glossaire ...)
+ TODO: check
+CVE-2008-6549 (The password_checker function in config/multiconfig.py in
MoinMoin ...)
+ TODO: check
+CVE-2008-6548 (The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not
check ...)
+ TODO: check
+CVE-2008-6547 (schema.py in FormEncode for Python (python-formencode) 1.0 does
not ...)
+ TODO: check
+CVE-2008-6546 (Unspecified vulnerability in phpns before 2.1.3 has unknown
impact and ...)
+ TODO: check
+CVE-2008-6545 (PHP remote file inclusion vulnerability in
news/include/createdb.php ...)
+ TODO: check
+CVE-2008-6544 (** DISPUTED ** ...)
+ TODO: check
+CVE-2008-6543 (Multiple PHP remote file inclusion vulnerabilities in
ComScripts TEAM ...)
+ TODO: check
+CVE-2008-6542 (Unspecified vulnerability in the Skin Manager in DotNetNuke
before ...)
+ TODO: check
+CVE-2008-6541 (Unrestricted file upload vulnerability in the file manager
module in ...)
+ TODO: check
+CVE-2008-6540 (DotNetNuke before 4.8.2, during installation or upgrade, does
not warn ...)
+ TODO: check
+CVE-2008-6539 (Static code injection vulnerability in user/settings/ in DeStar
...)
+ TODO: check
+CVE-2008-6538 (DeStar 0.2.2-5 allows remote attackers to add arbitrary users
via a ...)
+ TODO: check
+CVE-2008-6537 (LightNEasy/lightneasy.php in LightNEasy No database version 1.2
allows ...)
+ TODO: check
+CVE-2008-6536 (Unspecified vulnerability in 7-zip before 4.5.7 has unknown
impact and ...)
+ TODO: check
+CVE-2008-6535 (admin/settings.php in PayPal eStores allows remote attackers to
bypass ...)
+ TODO: check
+CVE-2008-6534 (Incomplete blacklist vulnerability in NULL FTP Server Free and
Pro ...)
+ TODO: check
+CVE-2008-6533 (Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all
related ...)
+ TODO: check
+CVE-2008-6532 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
+ TODO: check
+CVE-2008-6531 (The WebWork 1 web application framework in Atlassian JIRA
before ...)
+ TODO: check
+CVE-2008-6530 (Unrestricted file upload vulnerability in editimage.php in ...)
+ TODO: check
+CVE-2008-6529 (Cross-site scripting (XSS) vulnerability in listtest.php in ...)
+ TODO: check
+CVE-2008-6528 (NTFS TmaxSoft JEUS 5 before Fix 26 allows remote attackers to
read the ...)
+ TODO: check
+CVE-2007-6721 (The Legion of the Bouncy Castle Java Cryptography API before
release ...)
+ TODO: check
+CVE-2009-1107 (The Java Plug-in in Java SE Development Kit (JDK) and Java
Runtime ...)
- sun-java6 6-13-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2009-1106 [Multiple Java issues]
+CVE-2009-1106 (The Java Plug-in in Java SE Development Kit (JDK) and Java
Runtime ...)
- sun-java6 6-13-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2009-1105 [Multiple Java issues]
+CVE-2009-1105 (The Java Plug-in in Java SE Development Kit (JDK) and Java
Runtime ...)
- sun-java6 6-13-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2009-1104 [Multiple Java issues]
+CVE-2009-1104 (The Java Plug-in in Java SE Development Kit (JDK) and Java
Runtime ...)
- sun-java6 6-13-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2009-1103 [Multiple Java issues]
+CVE-2009-1103 (Unspecified vulnerability in the Java Plug-in in Java SE
Development ...)
- sun-java6 6-13-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2009-1102 [Multiple Java issues]
+CVE-2009-1102 (Unspecified vulnerability in the Virtual Machine in Java SE ...)
- sun-java6 6-13-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2009-1101 [Multiple Java issues]
+CVE-2009-1101 (Unspecified vulnerability in the lightweight HTTP server ...)
- sun-java6 6-13-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2009-1100 [Multiple Java issues]
+CVE-2009-1100 (Multiple unspecified vulnerabilities in Java SE Development Kit
(JDK) ...)
- sun-java6 6-13-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2009-1099 [Multiple Java issues]
+CVE-2009-1099 (Integer signedness error in Java SE Development Kit (JDK) and
Java ...)
- sun-java6 6-13-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2009-1098 [Multiple Java issues]
+CVE-2009-1098 (Buffer overflow in Java SE Development Kit (JDK) and Java
Runtime ...)
- sun-java6 6-13-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2009-1097 [Multiple Java issues]
+CVE-2009-1097 (Multiple buffer overflows in Java SE Development Kit (JDK) and
Java ...)
- sun-java6 6-13-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2009-1096 [Multiple Java issues]
+CVE-2009-1096 (Buffer overflow in unpack200 in Java SE Development Kit (JDK)
and Java ...)
- sun-java6 6-13-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2009-1095 [Multiple Java issues]
+CVE-2009-1095 (Integer overflow in unpack200 in Java SE Development Kit (JDK)
and ...)
- sun-java6 6-13-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2009-1094 [Multiple Java issues]
+CVE-2009-1094 (Unspecified vulnerability in the LDAP implementation in Java SE
...)
- sun-java6 6-13-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2009-1093 [Multiple Java issues]
+CVE-2009-1093 (LdapCtx in the LDAP service in Java SE Development Kit (JDK)
and Java ...)
- sun-java6 6-13-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-XXXX [unspecified xfig temp issue]
@@ -50,65 +257,65 @@
- auth2db 0.2.5-2+dfsg-1.1 (bug #521823; low)
[lenny] - auth2db 0.2.5-2+dfsg-1+lenny1
NOTE: CVE id requested
-CVE-2009-1092
+CVE-2009-1092 (Use after free vulnerability in the LIVEAUDIO.LiveAudioCtrl.1
ActiveX ...)
NOT-FOR-US: LIVEAUDIO.LiveAudioCtrl.1 ActiveX
-CVE-2009-1091
+CVE-2009-1091 (Cross-site scripting (XSS) vulnerability in upload.php in
Rapidleech ...)
NOT-FOR-US: Rapidleech
-CVE-2009-1090
+CVE-2009-1090 (Directory traversal vulnerability in upload.php in Rapidleech
rev.36 ...)
NOT-FOR-US: Rapidleech
-CVE-2009-1089
+CVE-2009-1089 (Absolute path traversal vulnerability in upload.php in
Rapidleech ...)
NOT-FOR-US: Rapidleech
-CVE-2009-1088
+CVE-2009-1088 (Hannon Hill Cascade Server 5.7 and other versions allows remote
...)
NOT-FOR-US: Hannon Hill Cascade Server
-CVE-2009-1087
+CVE-2009-1087 (Multiple argument injection vulnerabilities in PPLive.exe in
PPLive ...)
NOT-FOR-US: PPLive
-CVE-2009-1085
+CVE-2009-1085 (Piwik 0.2.32 and earlier stores sensitive information under the
web ...)
NOT-FOR-US: Piwik
-CVE-2009-1084
+CVE-2009-1084 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not
...)
NOT-FOR-US: Sun Java System Identity Manager
-CVE-2009-1083
+CVE-2009-1083 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 on
Linux, AIX, ...)
NOT-FOR-US: Sun Java System Identity Manager
-CVE-2009-1082
+CVE-2009-1082 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 allows
remote ...)
NOT-FOR-US: Sun Java System Identity Manager
-CVE-2009-1081
+CVE-2009-1081 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java
System ...)
NOT-FOR-US: Sun Java System Identity Manager
-CVE-2009-1080
+CVE-2009-1080 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java
System ...)
NOT-FOR-US: Sun Java System Identity Manager
-CVE-2009-1079
+CVE-2009-1079 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java
System ...)
NOT-FOR-US: Sun Java System Identity Manager
-CVE-2009-1078
+CVE-2009-1078 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not
...)
NOT-FOR-US: Sun Java System Identity Manager
-CVE-2009-1077
+CVE-2009-1077 (The Change My Password implementation in the admin interface in
Sun ...)
NOT-FOR-US: Sun Java System Identity Manager
-CVE-2009-1076
+CVE-2009-1076 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds
...)
NOT-FOR-US: Sun Java System Identity Manager
-CVE-2009-1075
+CVE-2009-1075 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds
...)
NOT-FOR-US: Sun Java System Identity Manager
-CVE-2009-1074
+CVE-2009-1074 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not
use ...)
NOT-FOR-US: Sun Java System Identity Manager
-CVE-2008-6527
+CVE-2008-6527 (SQL injection vulnerability in forum.asp in GO4I.NET ASP Forum
1.0 ...)
NOT-FOR-US: GO4I.NET ASP Forum
-CVE-2008-6526
+CVE-2008-6526 (SQL injection vulnerability in index.php in BosDev
BosClassifieds ...)
NOT-FOR-US: BosClassifieds
-CVE-2008-6525
+CVE-2008-6525 (SQL injection vulnerability in the Admin Panel in Nice PHP FAQ
Script ...)
NOT-FOR-US: Nice PHP FAQ Script
-CVE-2008-6524
+CVE-2008-6524 (resetpass.php in openInvoice 0.90 beta and earlier allows
remote ...)
NOT-FOR-US: openInvoice
-CVE-2008-6523
+CVE-2008-6523 (auth.php in openInvoice 0.90 beta and earlier allows remote
attackers ...)
NOT-FOR-US: openInvoice
-CVE-2008-6522
+CVE-2008-6522 (Multiple directory traversal vulnerabilities in the RenderFile
...)
NOT-FOR-US: OpenTerracotta
-CVE-2008-6521
+CVE-2008-6521 (index.php in Terracotta (aka OpenTerracotta) 0.6.1 allows
remote ...)
NOT-FOR-US: OpenTerracotta
-CVE-2008-6520
+CVE-2008-6520 (Multiple format string vulnerabilities in the SSI filter in
Xitami Web ...)
NOT-FOR-US: Xitami Web Server
-CVE-2008-6519
+CVE-2008-6519 (Format string vulnerability in Xitami Web Server 2.2a through
2.5c2, ...)
NOT-FOR-US: Xitami Web Server
-CVE-2008-6518
+CVE-2008-6518 (Unrestricted file upload vulnerability in the profile feature
in ...)
NOT-FOR-US: VidiScript
-CVE-2008-6517
+CVE-2008-6517 (SQL injection vulnerability in NewsHOWLER 1.03 Beta allows
remote ...)
NOT-FOR-US: NewsHOWLER
-CVE-2008-6516
+CVE-2008-6516 (Multiple directory traversal vulnerabilities in phpKF-Portal
1.10 ...)
NOT-FOR-US: phpKF-Portal
CVE-2009-1073
RESERVED
@@ -181,7 +388,7 @@
TODO: check
CVE-2009-1045 (requests/status.xml in VLC 0.9.8a allows remote attackers to
cause a ...)
TODO: check
-CVE-2009-1044 (Unspecified vulnerability in Mozilla Firefox 3.0.7 on Windows 7
allows ...)
+CVE-2009-1044 (Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to
execute ...)
{DSA-1756-1}
TODO: check
CVE-2009-1043 (Unspecified vulnerability in Microsoft Internet Explorer 8 on
Windows ...)
@@ -215,7 +422,7 @@
NOT-FOR-US: Send by e-mail module for Drupal
CVE-2009-1036 (Cross-site request forgery (CSRF) vulnerability in the Plus 1
module ...)
NOT-FOR-US: Plus 1 module for Drupal
-CVE-2009-1035 (Cross-site scripting (XSS) vulnerability in Tasklist module
5.x-1.x ...)
+CVE-2009-1035 (Cross-site scripting (XSS) vulnerability in the Tasklist module
...)
NOT-FOR-US: Tasklist module for Drupal
CVE-2009-1034 (SQL injection vulnerability in the Tasklist module 5.x-1.x
before ...)
NOT-FOR-US: Tasklist module for Drupal
@@ -477,7 +684,7 @@
NOT-FOR-US: Nucleus CMS
CVE-2009-0928 (Heap-based buffer overflow in Adobe Acrobat Reader and Acrobat
...)
TODO: check
-CVE-2009-0927 (Unspecified vulnerability in Adobe Reader and Adobe Acrobat 9.1
and ...)
+CVE-2009-0927 (Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9
before ...)
NOT-FOR-US: Adobe Reader and Adobe Acrobat
CVE-2009-0926 (Unspecified vulnerability in the UFS filesystem functionality
in Sun ...)
NOT-FOR-US: Sun OpenSolaris
@@ -568,8 +775,8 @@
RESERVED
CVE-2009-0893
RESERVED
-CVE-2009-0892
- RESERVED
+CVE-2009-0892 (The administrative console in IBM WebSphere Application Server
(WAS) ...)
+ TODO: check
CVE-2009-0891 (The Web Services Security component in IBM WebSphere
Application ...)
NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-0890
@@ -710,8 +917,8 @@
RESERVED
CVE-2009-0846
RESERVED
-CVE-2009-0845
- RESERVED
+CVE-2009-0845 (The spnego_gss_accept_sec_context function in ...)
+ TODO: check
CVE-2009-0844
RESERVED
CVE-2009-0843
@@ -937,8 +1144,7 @@
{DSA-1760-1 DSA-1759-1}
- openswan <unfixed> (medium; bug #521949)
- strongswan <unfixed> (medium; bug #521950)
-CVE-2009-0789
- RESERVED
+CVE-2009-0789 (OpenSSL before 0.9.8k on WIN64 and certain other platforms does
not ...)
- openssl <not-affected> (only non-Debian architectures affected)
CVE-2009-0788
RESERVED
@@ -948,14 +1154,13 @@
RESERVED
CVE-2009-0785
RESERVED
-CVE-2009-0784 [Race condition in the stap tool shipped by Systemtap]
- RESERVED
+CVE-2009-0784 (Race condition in the SystemTap stap tool 0.0.20080705 and ...)
{DSA-1755-1}
- systemtap 0.0.20090314-2
CVE-2009-0783
RESERVED
CVE-2009-0782
- RESERVED
+ REJECTED
CVE-2009-0781 (Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in
the ...)
- tomcat5.5 <unfixed> (unimportant)
- tomcat6 <unfixed> (unimportant)
@@ -1819,30 +2024,30 @@
- acidbase 1.2.1-1
CVE-2009-0638
RESERVED
-CVE-2009-0637
- RESERVED
-CVE-2009-0636
- RESERVED
-CVE-2009-0635
- RESERVED
-CVE-2009-0634
- RESERVED
-CVE-2009-0633
- RESERVED
+CVE-2009-0637 (The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based
CLI ...)
+ TODO: check
+CVE-2009-0636 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when
SIP ...)
+ TODO: check
+CVE-2009-0635 (Memory leak in the Cisco Tunneling Control Protocol (cTCP) ...)
+ TODO: check
+CVE-2009-0634 (Multiple unspecified vulnerabilities in the home agent (HA) ...)
+ TODO: check
+CVE-2009-0633 (Multiple unspecified vulnerabilities in the (1) Mobile IP NAT
...)
+ TODO: check
CVE-2009-0632 (The IP Phone Personal Address Book (PAB) Synchronizer feature
in Cisco ...)
NOT-FOR-US: Cisco Unified Communications Manager
-CVE-2009-0631
- RESERVED
-CVE-2009-0630
- RESERVED
-CVE-2009-0629
- RESERVED
-CVE-2009-0628
- RESERVED
+CVE-2009-0631 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when
...)
+ TODO: check
+CVE-2009-0630 (The (1) Cisco Unified Communications Manager Express; (2) SIP
Gateway ...)
+ TODO: check
+CVE-2009-0629 (The (1) Airline Product Set (aka ALPS), (2) Serial Tunnel Code
(aka ...)
+ TODO: check
+CVE-2009-0628 (Memory leak in the SSLVPN feature in Cisco IOS 12.3 through
12.4 ...)
+ TODO: check
CVE-2009-0627
RESERVED
-CVE-2009-0626
- RESERVED
+CVE-2009-0626 (The SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote
...)
+ TODO: check
CVE-2009-0625 (Unspecified vulnerability in Cisco ACE Application Control
Engine ...)
NOT-FOR-US: Cisco
CVE-2009-0624 (Unspecified vulnerability in the SNMPv2c implementation in
Cisco ACE ...)
@@ -1952,14 +2157,12 @@
NOT-FOR-US: OwenPoll
CVE-2008-6142 (Multiple SQL injection vulnerabilities in admin/usercheck.php
in ...)
NOT-FOR-US: FlexPHPic
-CVE-2009-0591
- RESERVED
+CVE-2009-0591 (The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when
CMS is ...)
- openssl <not-affected> (vulnerable versions not uploaded to Debian)
-CVE-2009-0590
- RESERVED
+CVE-2009-0590 (The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k
allows ...)
- openssl <unfixed> (low; bug #522002)
CVE-2009-0589
- RESERVED
+ REJECTED
CVE-2009-0588
RESERVED
CVE-2009-0587 (Multiple integer overflows in Evolution Data Server (aka ...)
@@ -1986,7 +2189,7 @@
RESERVED
CVE-2009-0579
RESERVED
-CVE-2009-0578 (network-manager-applet in Ubuntu 8.10 does not properly verify
...)
+CVE-2009-0578 (NetworkManager, possibly before 0.7.1, does not properly verify
...)
- network-manager-applet 0.7.0.99-1 (medium)
CVE-2009-0577 (Integer overflow in the WriteProlog function in texttops in
CUPS ...)
NOT-FOR-US: RedHat specific, because they had a problem applying the
fix for CVE-2008-3640
@@ -2766,7 +2969,7 @@
CVE-2009-0366 (The uncompress_buffer function in src/server/simple_wml.cpp in
Wesnoth ...)
{DSA-1737-1}
- wesnoth 1:1.4.7-4
-CVE-2009-0365 (The dbus request handler in (1) network-manager-applet and (2)
...)
+CVE-2009-0365 (The dbus request handler in NetworkManager, possibly before
0.7.1, ...)
- network-manager-applet 0.7.0.99-1 (medium)
- network-manager 0.7.0.99-1 (medium)
CVE-2009-0364 (Format string vulnerability in the mini_calendar component in
...)
@@ -3321,8 +3524,7 @@
RESERVED
CVE-2009-0216 (GE Fanuc iFIX 5.0 and earlier relies on client-side
authentication ...)
NOT-FOR-US: GE Fanuc iFIX
-CVE-2009-0215
- RESERVED
+CVE-2009-0215 (Stack-based buffer overflow in the GetXMLValue method in the
IBM ...)
NOT-FOR-US: IBM Access Support ActiveX
CVE-2009-0214 (Unspecified vulnerability in the WebFGServer application in
AREVA ...)
NOT-FOR-US: WebFGServer
@@ -3366,7 +3568,7 @@
RESERVED
CVE-2009-0194
RESERVED
-CVE-2009-0193 (Unspecified vulnerability in Adobe Acrobat Reader 9 before 9.1,
8 ...)
+CVE-2009-0193 (Heap-based buffer overflow in Adobe Acrobat Reader 9 before
9.1, 8 ...)
TODO: check
CVE-2009-0192
RESERVED
@@ -3584,8 +3786,8 @@
RESERVED
CVE-2009-0116
RESERVED
-CVE-2009-0115
- RESERVED
+CVE-2009-0115 (multipath-tools in SUSE openSUSE 10.3 through 11.0 and SUSE
Linux ...)
+ TODO: check
CVE-2008-5901 (iyzi Forum 1.0 beta 3 stores sensitive information under the
web root ...)
NOT-FOR-US: iyzi Forum
CVE-2008-5900 (CodeAvalanche Articles stores sensitive information under the
web root ...)
@@ -6017,7 +6219,7 @@
- icedove 2.0.0.19-1
- iceape 1.1.13-1
CVE-2008-5020
- RESERVED
+ REJECTED
CVE-2008-5019 (The session restore feature in Mozilla Firefox 3.x before 3.0.4
and ...)
{DSA-1671-1}
- iceweasel 3.0.4-1
@@ -7651,7 +7853,7 @@
CVE-2008-4318 (Observer 0.3.2.1 and earlier allows remote attackers to execute
...)
NOT-FOR-US: Observer
CVE-2008-4317
- RESERVED
+ REJECTED
CVE-2008-4316 (Multiple integer overflows in glib/gbase64.c in GLib before
2.20 allow ...)
{DSA-1747-1}
- glib2.0 2.20.0-1 (medium; bug #520046)
@@ -7663,7 +7865,7 @@
CVE-2008-4313 (A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus
2.7.0 ...)
NOT-FOR-US: OpenPegasus
CVE-2008-4312
- RESERVED
+ REJECTED
CVE-2008-4311 (The default configuration of system.conf in D-Bus (aka DBus)
before ...)
- dbus 1.2.1-5 (low; bug #508032)
[etch] - dbus <no-dsa> (Backport for Etch too risky for regressions for
too little gain)
@@ -9712,9 +9914,9 @@
CVE-2008-3519 (The default configuration of the JBossAs component in Red Hat
JBoss ...)
- jbossas4 <not-affected> (configuration not yet included in Debian
package)
CVE-2008-3518
- RESERVED
+ REJECTED
CVE-2008-3517
- RESERVED
+ REJECTED
CVE-2008-3516 (Multiple cross-site scripting (XSS) vulnerabilities in files
generated ...)
NOT-FOR-US: Adobe Presenter
CVE-2008-3515 (Multiple cross-site scripting (XSS) vulnerabilities in files
generated ...)
@@ -10215,7 +10417,7 @@
CVE-2008-3285 (The Filesys::SmbClientParser module 2.7 and earlier for Perl
allows ...)
NOT-FOR-US: Filesys::SmbClientParser
CVE-2008-3284
- RESERVED
+ REJECTED
CVE-2008-3283 (Multiple memory leaks in Red Hat Directory Server 7.1 before
SP7, Red ...)
NOT-FOR-US: Red Hat Directory Server
CVE-2008-3282 (Integer overflow in the rtl_allocateMemory function in ...)
@@ -11400,7 +11602,7 @@
- iceape 1.1.10
- xulrunner 1.9.0.1-1
CVE-2008-2804
- RESERVED
+ REJECTED
CVE-2008-2803 (The mozIJSSubScriptLoader.LoadScript function in Mozilla
Firefox ...)
{DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1}
- iceweasel 3.0~b2-1
@@ -12375,7 +12577,7 @@
[etch] - bluez-utils <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2374
CVE-2008-2373
- RESERVED
+ REJECTED
CVE-2008-2372 (The Linux kernel 2.6.24 and 2.6.25 before 2.6.25.9 allows local
users ...)
- linux-2.6 2.6.26-1
[etch] - linux-2.6 <not-affected> (Introduced between 2.6.23 and 2.6.24)
@@ -13991,7 +14193,7 @@
- linux-2.6.24 2.6.24-6~etchnhalf.2
NOTE: Fixed in 2.6.24.6 and 2.6.25.1
CVE-2008-1674
- RESERVED
+ REJECTED
CVE-2008-1673 (The asn1 implementation in (a) the Linux kernel 2.4 before
2.4.36.6 ...)
{DSA-1592-1}
- linux-2.6 2.6.25-5 (bug #485944)
@@ -14723,7 +14925,7 @@
{DSA-1595-1 DTSA-141-1}
- xorg-server 2:1.4.1~git20080517-2
CVE-2008-1378
- RESERVED
+ REJECTED
CVE-2008-1377 (The (1) SProcRecordCreateContext and (2)
SProcRecordRegisterClients ...)
{DSA-1595-1 DTSA-141-1}
- xorg-server 2:1.4.1~git20080517-2
@@ -18255,9 +18457,9 @@
- tcpreen 1.4.3-0.3 (medium; bug #457781)
CVE-2007-6561 (Multiple stack-based buffer overflows in PDFLib allow
user-assisted ...)
NOT-FOR-US: PDFLib
-CVE-2007-6560 (Multiple cross-site scripting (XSS) vulnerabilities in
Logaholic allow ...)
+CVE-2007-6560 (Multiple cross-site scripting (XSS) vulnerabilities in
Logaholic ...)
NOT-FOR-US: Logaholic
-CVE-2007-6559 (Multiple SQL injection vulnerabilities in Logaholic allow
remote ...)
+CVE-2007-6559 (Multiple SQL injection vulnerabilities in Logaholic before 2.0
RC8 ...)
NOT-FOR-US: Logaholic
CVE-2007-6558 (TotalPlayer 3.0 allows user-assisted remote attackers to cause
a ...)
NOT-FOR-US: TotalPlayer
@@ -19152,7 +19354,7 @@
[sarge] - apache2 <no-dsa> (browser issue; low impact)
[etch] - apache2 2.2.3-4+etch4 (low)
CVE-2008-0004
- RESERVED
+ REJECTED
CVE-2008-0003 (Stack-based buffer overflow in the
PAMBasicAuthenticator::PAMCallback ...)
NOT-FOR-US: OpenPegasus CIM management server
CVE-2008-0002 (Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the
context ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
