Author: joeyh
Date: 2009-09-11 21:14:11 +0000 (Fri, 11 Sep 2009)
New Revision: 12792
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-09-11 18:40:00 UTC (rev 12791)
+++ data/CVE/list 2009-09-11 21:14:11 UTC (rev 12792)
@@ -1,36 +1,80 @@
-CVE-2009-3162
+CVE-2009-3164 (Unspecified vulnerability in the IPv6 networking stack in Sun
Solaris ...)
+ TODO: check
+CVE-2009-3163 (Multiple format string vulnerabilities in
lib/silcclient/command.c in ...)
+ TODO: check
+CVE-2009-3145
+ RESERVED
+CVE-2009-3144
+ RESERVED
+CVE-2009-3143
+ RESERVED
+CVE-2009-3142
+ RESERVED
+CVE-2009-3141
+ RESERVED
+CVE-2009-3140
+ RESERVED
+CVE-2009-3139
+ RESERVED
+CVE-2009-3138
+ RESERVED
+CVE-2009-3137
+ RESERVED
+CVE-2009-3136
+ RESERVED
+CVE-2009-3135
+ RESERVED
+CVE-2009-3134
+ RESERVED
+CVE-2009-3133
+ RESERVED
+CVE-2009-3132
+ RESERVED
+CVE-2009-3131
+ RESERVED
+CVE-2009-3130
+ RESERVED
+CVE-2009-3129
+ RESERVED
+CVE-2009-3128
+ RESERVED
+CVE-2009-3127
+ RESERVED
+CVE-2009-3126
+ RESERVED
+CVE-2009-3162 (Cross-site scripting (XSS) vulnerability in Multi Website 1.5
allows ...)
NOT-FOR-US: Multi Website
-CVE-2009-3161
+CVE-2009-3161 (The server in IBM WebSphere MQ 7.0.0.1, 7.0.0.2, and 7.0.1.0
allows ...)
NOT-FOR-US: IBM WebSphere MQ
-CVE-2009-3160
+CVE-2009-3160 (IBM WebSphere MQ 6.x through 6.0.2.7, 7.0.0.0, 7.0.0.1,
7.0.0.2, and ...)
NOT-FOR-US: IBM WebSphere MQ
-CVE-2009-3159
+CVE-2009-3159 (Unspecified vulnerability in the rriDecompress function in IBM
...)
NOT-FOR-US: IBM WebSphere MQ
-CVE-2009-3158
+CVE-2009-3158 (admin/files.php in simplePHPWeb 0.2 does not require
authentication, ...)
NOT-FOR-US: simplePHPWeb
-CVE-2009-3157
+CVE-2009-3157 (Cross-site scripting (XSS) vulnerability in the Calendar module
6.x ...)
NOT-FOR-US: Calendar module for Drupal
-CVE-2009-3156
+CVE-2009-3156 (Cross-site scripting (XSS) vulnerability in the Date Tools
sub-module ...)
NOT-FOR-US: Date module for Drupal
-CVE-2009-3155
+CVE-2009-3155 (Cross-site scripting (XSS) vulnerability in gmap.php in the
Almond ...)
NOT-FOR-US: Almond Classifieds component for Joomla!
-CVE-2009-3154
+CVE-2009-3154 (SQL injection vulnerability in the Almond Classifieds
(com_aclassf) ...)
NOT-FOR-US: Almond Classifieds component for Joomla!
-CVE-2009-3153
+CVE-2009-3153 (Multiple cross-site scripting (XSS) vulnerabilities in x10 MP3
Search ...)
NOT-FOR-US: x10 MP3 Search engine
-CVE-2009-3152
+CVE-2009-3152 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: NTSOFT BBS E-Market Professional
-CVE-2009-3151
+CVE-2009-3151 (Directory traversal vulnerability in actions/downloadFile.php
in ...)
NOT-FOR-US: Ultrize TimeSheet
-CVE-2009-3150
+CVE-2009-3150 (SQL injection vulnerability in index.php in Multi Website 1.5
allows ...)
NOT-FOR-US: Multi Website
-CVE-2009-3149
+CVE-2009-3149 (Directory traversal vulnerability in _css/js.php in Elgg 1.5,
when ...)
NOT-FOR-US: Elgg
-CVE-2009-3148
+CVE-2009-3148 (Multiple SQL injection vulnerabilities in PortalXP Teacher
Edition 1.2 ...)
NOT-FOR-US: PortalXP Teacher Edition
-CVE-2009-3147
+CVE-2009-3147 (Cross-site scripting (XSS) vulnerability in showproduct.php in
...)
NOT-FOR-US: ReviewPost Pro
-CVE-2009-3146
+CVE-2009-3146 (Cross-site scripting (XSS) vulnerability in search_advance.php
in ...)
NOT-FOR-US: ArticleFriend Script
CVE-2009-3125
RESERVED
@@ -177,50 +221,39 @@
NOT-FOR-US: Uiga Church Portal
CVE-2009-3080
RESERVED
-CVE-2009-3079 [Chrome privilege escalation with FeedWriter]
- RESERVED
+CVE-2009-3079 (Unspecified vulnerability in Mozilla Firefox before 3.0.14, and
3.5.x ...)
- iceweasel 3.0.14-1
[etch] - iceweasel <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-CVE-2009-3078 [Location bar spoofing via tall line-height Unicode characters]
- RESERVED
+CVE-2009-3078 (Visual truncation vulnerability in Mozilla Firefox before
3.0.14, and ...)
- xulrunner 1.9.0.14-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-CVE-2009-3077 [TreeColumns dangling pointer vulnerability]
- RESERVED
+CVE-2009-3077 (Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not
...)
- xulrunner 1.9.0.14-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-CVE-2009-3076 [Insufficient warning for PKCS11 module installation and removal]
- RESERVED
+CVE-2009-3076 (Mozilla Firefox before 3.0.14 does not properly implement
certain ...)
- xulrunner 1.9.0.14-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
NOTE: Huh?
-CVE-2009-3075 [Crashes with evidence of memory corruption]
- RESERVED
+CVE-2009-3075 (Multiple unspecified vulnerabilities in the JavaScript engine
in ...)
- xulrunner 1.9.0.14-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-CVE-2009-3074 [Crashes with evidence of memory corruption]
- RESERVED
+CVE-2009-3074 (Unspecified vulnerability in the JavaScript engine in Mozilla
Firefox ...)
- xulrunner 1.9.0.14-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-CVE-2009-3073 [Crashes with evidence of memory corruption]
- RESERVED
+CVE-2009-3073 (Unspecified vulnerability in the JavaScript engine in Mozilla
Firefox ...)
- xulrunner <not-affected> (Only affects Firefox 3.5.x)
[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5.x)
[etch] - xulrunner <not-affected> (Only affects Firefox 3.5.x)
-CVE-2009-3072 [Crashes with evidence of memory corruption]
- RESERVED
+CVE-2009-3072 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
- xulrunner 1.9.0.14-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-CVE-2009-3071 [Crashes with evidence of memory corruption]
- RESERVED
+CVE-2009-3071 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
- xulrunner 1.9.0.14-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-CVE-2009-3070 [Crashes with evidence of memory corruption]
- RESERVED
+CVE-2009-3070 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
- xulrunner 1.9.0.14-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-CVE-2009-3069 [Crashes with evidence of memory corruption]
- RESERVED
+CVE-2009-3069 (Unspecified vulnerability in the browser engine in Mozilla
Firefox ...)
- xulrunner <not-affected> (Only affects Firefox 3.5.x)
[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5.x)
[etch] - xulrunner <not-affected> (Only affects Firefox 3.5.x)
@@ -302,23 +335,20 @@
NOT-FOR-US: Hero Super Player
CVE-2008-7161 (Fortinet FortiGuard Fortinet FortiGate-1000 3.00 build
040075,070111 ...)
NOT-FOR-US: Fortinet FortiGuard Fortinet
-CVE-2008-7159 [silc ASN1 encoding format string vulnerability]
- RESERVED
+CVE-2008-7159 (The silc_asn1_encoder function in
lib/silcasn1/silcasn1_encode.c in ...)
{DSA-1879-1}
[lenny] - silc-toolkit 1.1.7-2+lenny1
- silc-toolkit 1.1.10-1 (low)
- silc-client 1.1-2 (low)
- silc-server <not-affected> (Vulnerable code not present)
NOTE: silc-client uses libsilc from silc-toolkit since 1.1-2
-CVE-2009-3051 [silc various format string vulnerabilities]
- RESERVED
+CVE-2009-3051 (Multiple format string vulnerabilities in ...)
{DSA-1879-1}
- silc-toolkit 1.1.10-1 (medium)
- silc-client 1.1-2 (medium)
- silc-server 1.1.2-1 (medium)
NOTE: silc-client/silc-server use libsilc from silc-toolkit since 1.1-2
-CVE-2008-7160 [silcd format string vulnerability in http server]
- RESERVED
+CVE-2008-7160 (The silc_http_server_parse function in
lib/silchttp/silchttpserver.c ...)
{DSA-1879-1}
- silc-toolkit 1.1.10-1 (low)
- silc-client <not-affected> (Vulnerable code not present)
@@ -761,7 +791,7 @@
{DSA-1882-1}
- xapian-omega 1.0.15-2
CVE-2009-2946 (Eval injection vulnerability in scripts/uscan.pl before Rev
1984 in ...)
- {DSA-1878-1}
+ {DSA-1878-2 DSA-1878-1}
- devscripts 2.10.54
CVE-2009-2945
RESERVED
@@ -1159,8 +1189,8 @@
RESERVED
CVE-2009-2816
RESERVED
-CVE-2009-2815
- RESERVED
+CVE-2009-2815 (The Telephony component in Apple iPhone OS before 3.1 does not
...)
+ TODO: check
CVE-2009-2814
RESERVED
CVE-2009-2813
@@ -1191,18 +1221,18 @@
RESERVED
CVE-2009-2800
RESERVED
-CVE-2009-2799
- RESERVED
-CVE-2009-2798
- RESERVED
-CVE-2009-2797
- RESERVED
-CVE-2009-2796
- RESERVED
-CVE-2009-2795
- RESERVED
-CVE-2009-2794
- RESERVED
+CVE-2009-2799 (Heap-based buffer overflow in Apple QuickTime before 7.6.4
allows ...)
+ TODO: check
+CVE-2009-2798 (Heap-based buffer overflow in Apple QuickTime before 7.6.4
allows ...)
+ TODO: check
+CVE-2009-2797 (The WebKit component in Safari in Apple iPhone OS before 3.1,
and ...)
+ TODO: check
+CVE-2009-2796 (The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1
for ...)
+ TODO: check
+CVE-2009-2795 (Heap-based buffer overflow in the Recovery Mode component in
Apple ...)
+ TODO: check
+CVE-2009-2794 (The Exchange Support component in Apple iPhone OS before 3.1,
and ...)
+ TODO: check
CVE-2009-2793
RESERVED
CVE-2009-2792 (Directory traversal vulnerability in plugings/pagecontent.php
in ...)
@@ -3173,18 +3203,18 @@
- kfreebsd-7 7.2-2
[lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
NOTE: http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
-CVE-2009-2207
- RESERVED
-CVE-2009-2206
- RESERVED
+CVE-2009-2207 (The MobileMail component in Apple iPhone OS 3.0 and 3.0.1, and
iPhone ...)
+ TODO: check
+CVE-2009-2206 (Multiple heap-based buffer overflows in the CoreAudio component
in ...)
+ TODO: check
CVE-2009-2205 (Stack-based buffer overflow in the Java Web Start command
launcher in ...)
NOT-FOR-US: Mac OS X
CVE-2009-2204 (Unspecified vulnerability in the CoreTelephony component in
Apple ...)
NOT-FOR-US: Apple iPhone OS
-CVE-2009-2203
- RESERVED
-CVE-2009-2202
- RESERVED
+CVE-2009-2203 (Buffer overflow in Apple QuickTime before 7.6.4 allows remote
...)
+ TODO: check
+CVE-2009-2202 (Apple QuickTime before 7.6.4 allows remote attackers to execute
...)
+ TODO: check
CVE-2009-2201
RESERVED
CVE-2009-2200 (WebKit in Apple Safari before 4.0.3 does not properly restrict
the URL ...)
@@ -3846,7 +3876,7 @@
RESERVED
CVE-2009-1927
RESERVED
-CVE-2009-1926 (Microsoft Windows 2000 SP4, Server 2003 SP2, Vista Gold, SP1,
and SP2, ...)
+CVE-2009-1926 (Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2,
Vista ...)
NOT-FOR-US: Microsoft Windows
CVE-2009-1925 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1,
and ...)
NOT-FOR-US: Microsoft Windows Vista Gold
@@ -4376,7 +4406,7 @@
NOT-FOR-US: CoreTypes in Apple Mac OS X
CVE-2009-1726 (Heap-based buffer overflow in ColorSync in Apple Mac OS X
10.4.11 and ...)
NOT-FOR-US: ColorSync in Apple Mac OS X
-CVE-2009-1725 (WebKit in Apple Safari before 4.0.2, KHTML in kdelibs in KDE,
QtWebKit ...)
+CVE-2009-1725 (WebKit in Apple Safari before 4.0.2, as used on iPhone OS
before 3.1, ...)
- webkit 1.1.13-1 (medium; bug #538346)
- qt4-x11 4:4.5.2-2 (medium; bug #538347)
- kdelibs <not-affected> (medium; bug #538350)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
