Author: joeyh
Date: 2009-05-01 21:14:17 +0000 (Fri, 01 May 2009)
New Revision: 11760
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-05-01 17:23:52 UTC (rev 11759)
+++ data/CVE/list 2009-05-01 21:14:17 UTC (rev 11760)
@@ -1,3 +1,13 @@
+CVE-2009-1494 (The process_stat function in Memcached 1.2.8 discloses ...)
+ TODO: check
+CVE-2009-1493 (The customDictionaryOpen spell method in the JavaScript API in
Adobe ...)
+ TODO: check
+CVE-2009-1492 (The getAnnots Doc method in the JavaScript API in Adobe Reader
and ...)
+ TODO: check
+CVE-2009-1491
+ RESERVED
+CVE-2009-1490
+ RESERVED
CVE-2009-XXXX [samba: Account locking out doesnt work with an LDAP backend]
- samba 2:3.2.6 (bug #514151)
[lenny] - samba 2:3.2.5-4lenny1
@@ -148,8 +158,8 @@
TODO: check
CVE-2009-1435 (NTRtScan.exe in Trend Micro OfficeScan Client 8.0 SP1 and 8.0
SP1 ...)
NOT-FOR-US: Trend Micro OfficeScan
-CVE-2009-1434
- RESERVED
+CVE-2009-1434 (Cross-site request forgery (CSRF) vulnerability in Foswiki
before ...)
+ TODO: check
CVE-2008-6756 (ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for ...)
TODO: check
CVE-2008-6755 (ZoneMinder 1.23.3 on Fedora 10 sets the ownership of
/etc/zm.conf to ...)
@@ -160,8 +170,8 @@
TODO: check
CVE-2009-1433 (SQL injection vulnerability in File::find (filesystem/File.php)
in ...)
NOT-FOR-US: SilverStripe
-CVE-2009-1432
- RESERVED
+CVE-2009-1432 (Symantec Reporting Server, as used in Symantec AntiVirus (SAV)
...)
+ TODO: check
CVE-2009-1431 (XFR.EXE in the Intel File Transfer service in the console in
Symantec ...)
TODO: check
CVE-2009-1430 (Multiple stack-based buffer overflows in IAO.EXE in the Intel
Alert ...)
@@ -190,12 +200,12 @@
RESERVED
CVE-2009-1418
RESERVED
-CVE-2009-1417
- RESERVED
-CVE-2009-1416
- RESERVED
-CVE-2009-1415
- RESERVED
+CVE-2009-1417 (gnutls-cli in GnuTLS before 2.6.6 does not verify the
activation and ...)
+ TODO: check
+CVE-2009-1416 (lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5
generates ...)
+ TODO: check
+CVE-2009-1415 (lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not
...)
+ TODO: check
CVE-2009-1414 (Google Chrome 2.0.x lets modifications to the global object
persist ...)
- chromium <itp> (bug #520324)
CVE-2009-1413 (Google Chrome 1.0.x does not cancel timeouts upon a page
transition, ...)
@@ -386,8 +396,8 @@
- apt 0.7.21 (bug #433091)
CVE-2009-1440 (Incomplete blacklist vulnerability in DownloadListCtrl.cpp in
amule ...)
- amule <unfixed> (low; bug #525078)
-CVE-2009-1348
- RESERVED
+CVE-2009-1348 (The AV engine before DAT 5600 in McAfee VirusScan, Total
Protection, ...)
+ TODO: check
CVE-2009-1347 (Multiple SQL injection vulnerabilities in stats/index.php in
chCounter ...)
NOT-FOR-US: chCounter
CVE-2009-1346 (SQL injection vulnerability in publico/ficha.php in NetHoteles
3.0 ...)
@@ -412,16 +422,14 @@
NOT-FOR-US: Ultimate PHP Board
CVE-2009-XXXX [git-core in Debian has non-root-owned files under /usr]
- git-core 1.6.2.1-1 (bug #516669)
-CVE-2009-1341
- RESERVED
+CVE-2009-1341 (Memory leak in the dequote_bytea function in quote.c in the
DBD::Pg ...)
{DSA-1780-1}
- libdbd-pg-perl 2.1.3-1
CVE-2009-1340
RESERVED
-CVE-2009-1339 [twiki: CSRF Vulnerability with Image Tag]
- RESERVED
- - twiki <unfixed> (bug #526258)
- NOTE: We should probably request removal from unstable, replaced by
foswiki
+CVE-2009-1339 (Cross-site request forgery (CSRF) vulnerability in TWiki before
4.3.1 ...)
+ - twiki <unfixed> (bug #526258)
+ NOTE: We should probably request removal from unstable, replaced by
foswiki
CVE-2009-1338 (The kill_something_info function in kernel/signal.c in the
Linux ...)
- linux-2.6 <unfixed>
[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
@@ -490,8 +498,8 @@
NOT-FOR-US: Ablespace
CVE-2009-1314 (body.asp in Web File Explorer 3.1 allows remote attackers to
create ...)
NOT-FOR-US: Web File Explorer
-CVE-2009-1313
- RESERVED
+CVE-2009-1313 (The nsTextFrame::ClearTextRun function in ...)
+ TODO: check
CVE-2009-1312 (Mozilla Firefox before 3.0.9 and SeaMonkey do not block
javascript: ...)
- xulrunner 1.9.0.9-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
@@ -549,8 +557,7 @@
RESERVED
CVE-2009-1296
RESERVED
-CVE-2009-1295 [apport: file deletion]
- RESERVED
+CVE-2009-1295 (Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on
Ubuntu ...)
- apport <itp> (bug #383347)
CVE-2009-1294 (Multiple cross-site scripting (XSS) vulnerabilities in
web/guest/home ...)
NOT-FOR-US: Novell Teaming
@@ -573,8 +580,8 @@
[etch] - clamav <not-affected> (vulnerable code not present)
[lenny] - clamav <not-affected> (vulnerable code not present)
NOTE: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1552
-CVE-2009-1291
- RESERVED
+CVE-2009-1291 (Stack-based buffer overflow in TIBCO SmartSockets before 6.8.2,
...)
+ TODO: check
CVE-2009-1290 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the web ...)
NOT-FOR-US: IBM BladeCenter
CVE-2009-1289 (private/login.ssi in the Advanced Management Module (AMM) on
the IBM ...)
@@ -707,9 +714,11 @@
- php4 <not-affected> (the JSON extension was introduced in php5.2)
- php-json-ext <unfixed>
CVE-2009-1269 (Unspecified vulnerability in Wireshark 0.99.6 through 1.0.6
allows ...)
+ {DSA-1785-1}
- wireshark 1.0.7-1 (low)
[etch] - wireshark <not-affected> (Vulnerable code not present;
introduced in 0.99.6)
CVE-2009-1268 (The Check Point High-Availability Protocol (CPHAP) dissector in
...)
+ {DSA-1785-1}
- wireshark 1.0.7-1 (low)
CVE-2009-1267 (Unspecified vulnerability in the LDAP dissector in Wireshark
0.99.2 ...)
- wireshark <not-affected> (Only affects Wireshark on Windows)
@@ -736,8 +745,8 @@
NOT-FOR-US: Magic ISO Maker
CVE-2009-1256 (SQL injection vulnerability in FlexCMS 2.5 allows remote
attackers to ...)
NOT-FOR-US: FlexCMS
-CVE-2009-1255
- RESERVED
+CVE-2009-1255 (The process_stat function in (1) Memcached before 1.2.8 and (2)
...)
+ TODO: check
CVE-2008-6679 (Buffer overflow in the BaseFont writer module in Ghostscript
8.62, and ...)
- ghostscript 8.64~dfsg-1 (medium; bug #524803)
CVE-2008-6678 (SQL injection vulnerability in asp/includes/contact.asp in
QuickerSite ...)
@@ -1081,6 +1090,7 @@
CVE-2009-1211 (Blue Coat ProxySG, when transparent interception mode is
enabled, uses ...)
NOT-FOR-US: Blue Coat ProxySG
CVE-2009-1210 (Format string vulnerability in the PROFINET/DCP (PN-DCP)
dissector in ...)
+ {DSA-1785-1}
- wireshark 1.0.7-1 (low)
[etch] - wireshark <not-affected> (Vulnerable code not present,
introduced in 0.99.6)
CVE-2009-1209 (Stack-based buffer overflow in W3C Amaya Web Browser 11.1
allows ...)
@@ -2981,8 +2991,7 @@
CVE-2009-0664 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara
1.0.x ...)
{DSA-1778-1}
- mahara 1.1.3-1 (low)
-CVE-2009-0663
- RESERVED
+CVE-2009-0663 (Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or ...)
{DSA-1780-1}
- libdb-pg-perl 2.1.3-1
CVE-2009-0662 (The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a
product ...)
@@ -10100,7 +10109,7 @@
NOT-FOR-US: The Real Estate Script
CVE-2008-3950 (Off-by-one error in the ...)
- webkit <not-affected> (Vulnerable code not present)
- NOTE: bug #500306
+ NOTE: bug #500306
CVE-2008-3949 (Emacs 22.1 and 22.2 imports Python script from the current
working ...)
- emacs22 22.2+2-4 (low; bug #499568)
- emacs21 <not-affected> (doesn't provide the python functionality)
@@ -13795,7 +13804,7 @@
RESERVED
CVE-2008-2439 (Directory traversal vulnerability in the UpdateAgent function
in ...)
NOT-FOR-US: Trend Micro OfficeScan
-CVE-2008-2438 (Unspecified vulnerability in HP OpenView Network Node Manager
(OV NNM) ...)
+CVE-2008-2438 (Integer overflow in ovalarmsrv.exe in HP OpenView Network Node
Manager ...)
NOT-FOR-US: HP OpenView
CVE-2008-2437 (Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro
...)
NOT-FOR-US: Trend Micro OfficeScan
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
