Author: joeyh
Date: 2009-08-19 21:14:14 +0000 (Wed, 19 Aug 2009)
New Revision: 12639
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-08-19 12:33:50 UTC (rev 12638)
+++ data/CVE/list 2009-08-19 21:14:14 UTC (rev 12639)
@@ -1,16 +1,57 @@
-CVE-2009-2849 [linux-2.6: md raid null pointer dereference (when sysfs
available)]
+CVE-2009-2856 (Sun Virtual Desktop Infrastructure (VDI) 3.0, when anonymous
binding ...)
+ TODO: check
+CVE-2009-2855 (The strListGetItem function in src/HttpHeaderTools.c in Squid
2.7 ...)
+ TODO: check
+CVE-2009-2854 (Wordpress before 2.8.3 does not check capabilities for certain
...)
+ TODO: check
+CVE-2009-2853 (Wordpress before 2.8.3 allows remote attackers to gain
privileges via ...)
+ TODO: check
+CVE-2009-2852 (WP-Syntax plugin 0.9.1 and earlier for Wordpress, with ...)
+ TODO: check
+CVE-2009-2851 (Cross-site scripting (XSS) vulnerability in the administrator
...)
+ TODO: check
+CVE-2009-2850 (Multiple buffer overflows in NASA Common Data Format (CDF)
allow ...)
+ TODO: check
+CVE-2009-2845
+ REJECTED
+ TODO: check
+CVE-2008-7015 (Unreal engine 3, as used in Unreal Tournament 3 1.3,
Frontlines: Fuel ...)
+ TODO: check
+CVE-2008-7014 (fhttpd 0.4.2 allows remote attackers to cause a denial of
service ...)
+ TODO: check
+CVE-2008-7013 (NetService.dll in Baidu Hi IM allows remote servers to cause a
denial ...)
+ TODO: check
+CVE-2008-7012 (courier/1000@/api_error_email.html (aka "error reporting
page") in ...)
+ TODO: check
+CVE-2008-7011 (The Unreal engine, as used in Unreal Tournament 3 1.3, Unreal
...)
+ TODO: check
+CVE-2008-7010 (Skalfa Software SkaLinks Exchange Script 1.5 allows remote
attackers ...)
+ TODO: check
+CVE-2008-7009 (Buffer overflow in multiscan.exe in Check Point ZoneAlarm
Security ...)
+ TODO: check
+CVE-2008-7008 (HyperStop Web Host Directory 1.2 allows remote attackers to
bypass ...)
+ TODO: check
+CVE-2008-7007 (Free PHP VX Guestbook 1.06 allows remote attackers to bypass
...)
+ TODO: check
+CVE-2008-7006 (Free PHP VX Guestbook 1.06 allows remote attackers to bypass
...)
+ TODO: check
+CVE-2008-7005 (include/modules/top/1-random_quote.php in Minb Is Not a Blog
(minb) ...)
+ TODO: check
+CVE-2008-7004 (Buffer overflow in Electronic Logbook (ELOG) before 2.7.1 has
unknown ...)
+ TODO: check
+CVE-2009-2849 (The md driver (drivers/md/md.c) in the Linux kernel before
2.6.30.2 ...)
- linux-2.6 2.6.30-4 (medium)
- linux-2.6.24 <removed>
-CVE-2009-2848 [linux-2.6: execve must clear current->child_tid]
+CVE-2009-2848 (The execve function in the Linux kernel, possibly 2.6.30-rc6
and ...)
- linux-2.6 <unfixed> (low)
- linux-2.6.24 <removed>
-CVE-2009-2847 [linux-2.6: information disclosure to user space on 64-bit hosts]
+CVE-2009-2847 (The do_sigaltstack function in kernel/signal.c in Linux kernel
2.6 ...)
- linux-2.6 2.6.30-6 (low)
- linux-2.6.24 <removed>
-CVE-2009-2846 [linux-2.6: parisc eisa underflow]
+CVE-2009-2846 (The eisa_eeprom_read function in the parisc isa-eeprom
component ...)
- linux-2.6 2.6.30-6 (low)
- linux-2.6.24 <removed>
-CVE-2009-2844 [linux-2.6: cfg80211 missing NULL ptr checks]
+CVE-2009-2844 (cfg80211 in net/wireless/scan.c in the Linux kernel 2.6.30-rc1
and ...)
- linux-2.6 <unfixed> (medium)
[etch] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.30)
[lenny] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.30)
@@ -2835,20 +2876,20 @@
REJECTED
CVE-2009-1879
RESERVED
-CVE-2009-1878
- RESERVED
-CVE-2009-1877
- RESERVED
-CVE-2009-1876
- RESERVED
-CVE-2009-1875
- RESERVED
-CVE-2009-1874
- RESERVED
-CVE-2009-1873
- RESERVED
-CVE-2009-1872
- RESERVED
+CVE-2009-1878 (Session fixation vulnerability in Adobe ColdFusion 8.0.1 and
earlier ...)
+ TODO: check
+CVE-2009-1877 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion
8.0.1 and ...)
+ TODO: check
+CVE-2009-1876 (Adobe ColdFusion 8.0.1 and earlier might allow attackers to
obtain ...)
+ TODO: check
+CVE-2009-1875 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe
...)
+ TODO: check
+CVE-2009-1874 (Multiple cross-site scripting (XSS) vulnerabilities in the
Management ...)
+ TODO: check
+CVE-2009-1873 (Directory traversal vulnerability in logging/logviewer.jsp in
the ...)
+ TODO: check
+CVE-2009-1872 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe
...)
+ TODO: check
CVE-2009-1871
RESERVED
CVE-2009-1870 (Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18,
and ...)
@@ -3262,6 +3303,7 @@
- webkit <unfixed> (medium; bug #535793)
TODO: work with upstream to determine affected/not-affected webkit
versions
CVE-2009-1709 (Use-after-free vulnerability in the garbage-collection
implementation ...)
+ {DSA-1866-1}
- webkit 0~svn32442-1
NOTE: fixed in upstream commit http://trac.webkit.org/changeset/32230
- kde4libs <not-affected> (Vulnerable code not present)
@@ -3294,6 +3336,7 @@
- webkit <unfixed> (medium; bug #535793)
TODO: work with upstream to determine affected/not-affected webkit
versions
CVE-2009-1698 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1,
and ...)
+ {DSA-1868-1 DSA-1867-1}
- webkit 1.1.5-1 (medium; bug #534946)
NOTE: http://trac.webkit.org/changeset/42081
- kdelibs <unfixed> (medium; bug #534952)
@@ -3322,6 +3365,7 @@
- webkit <unfixed> (medium; bug #535793)
TODO: work with upstream to determine affected/not-affected webkit
versions
CVE-2009-1690 (Use-after-free vulnerability in WebKit, as used in Apple Safari
before ...)
+ {DSA-1868-1 DSA-1867-1}
- webkit 1.1.5-1 (medium; bug #534946)
NOTE: http://trac.webkit.org/changeset/42532
- kdelibs <unfixed> (medium; bug #534952)
@@ -3335,6 +3379,7 @@
- webkit <unfixed> (medium; bug #535793)
TODO: work with upstream to determine affected/not-affected webkit
versions
CVE-2009-1687 (The JavaScript garbage collector in WebKit in Apple Safari
before 4.0, ...)
+ {DSA-1868-1 DSA-1867-1}
- webkit 1.1.5-1 (medium; bug #534946)
- kdelibs <unfixed> (bug #534952)
- kde4libs 4:4.3.0-1
@@ -5938,6 +5983,7 @@
{DSA-1784-1}
- freetype 2.3.9-4.1 (medium; bug #524925)
CVE-2009-0945 (Array index error in the insertItemBefore method in WebKit, as
used in ...)
+ {DSA-1866-1}
- qt4-x11 4:4.5.2-1 (medium; bug #532718)
- webkit 1.1.5-1 (medium; bug #532724; bug #532725)
NOTE: http://trac.webkit.org/changeset/43590
@@ -13253,7 +13299,7 @@
CVE-2008-4966 (linux-patch-openswan 2.4.12 allows local users to overwrite
arbitrary ...)
- openswan 1:2.6.21+dfsg-2 (unimportant; bug #496376)
NOTE: Only unused packaging bits
-CVE-2008-4941 (arb-common 0.0 allows local users to overwrite arbitrary files
via a ...)
+CVE-2008-4941 (arb-common 0.0.20071207.1 allows local users to overwrite
arbitrary ...)
- arb 0.0.20071207.1-5 (low; bug #496396)
CVE-2008-4940 (xmlfile.py in aptoncd 0.1 allows local users to overwrite
arbitrary ...)
- aptoncd 0.1-1.2 (bug #496390; low)
@@ -14869,7 +14915,7 @@
CVE-2008-4979 (getipacctg in rancid 2.3.2~a8 allows local users to overwrite
...)
- rancid 2.3.2~a8-2 (low; bug #496426)
[etch] - rancid <no-dsa> (Minor issue)
-CVE-2008-4985 (vdrleaktest in vdr 1.6.0 allows local users to overwrite
arbitrary ...)
+CVE-2008-4985 (vdrleaktest in Video Disk Recorder (aka vdr-dbg or vdr) 1.6.0
allows ...)
- vdr 1.6.0-6 (low; bug #496421)
[etch] - vdr <not-affected> (Vulnerable code not present)
CVE-2008-5007 (create_lazarus_export_tgz.sh in lazarus 0.9.24 allows local
users to ...)
@@ -23464,7 +23510,7 @@
NOT-FOR-US: Pragma TelnetServer
CVE-2008-0152 (SLnet.exe in SeattleLab SLNet RF Telnet Server 4.1.1.3758 and
earlier ...)
NOT-FOR-US: SeattleLab SLNet RF Telnet Server
-CVE-2008-0151 (Foxit WAC Server 2.1.0.910, 2.0 Build 3503, and earlier allows
remote ...)
+CVE-2008-0151 (Heap-based buffer overflow in Foxit WAC Server 2.1.0.910, 2.0
Build ...)
NOT-FOR-US: Foxit WAC Server
CVE-2008-0150 (Unspecified vulnerability in the LDAP authentication feature in
Aruba ...)
NOT-FOR-US: Aruba Mobility Controller
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
