thr3ads.net - Secure testing commits - [Secure-testing-commits] r11411

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2009-Mar-16 21:14 UTC
[Secure-testing-commits] r11411 - data/CVE

Author: joeyh
Date: 2009-03-16 21:14:11 +0000 (Mon, 16 Mar 2009)
New Revision: 11411

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-03-16 09:14:13 UTC (rev 11410)
+++ data/CVE/list	2009-03-16 21:14:11 UTC (rev 11411)
@@ -1,3 +1,121 @@
+CVE-2009-0910
+	RESERVED
+CVE-2009-0909
+	RESERVED
+CVE-2009-0908
+	RESERVED
+CVE-2009-0907
+	RESERVED
+CVE-2009-0906
+	RESERVED
+CVE-2009-0905
+	RESERVED
+CVE-2009-0904
+	RESERVED
+CVE-2009-0903
+	RESERVED
+CVE-2009-0902
+	RESERVED
+CVE-2009-0901
+	RESERVED
+CVE-2009-0900
+	RESERVED
+CVE-2009-0899
+	RESERVED
+CVE-2009-0898
+	RESERVED
+CVE-2009-0897
+	RESERVED
+CVE-2009-0896
+	RESERVED
+CVE-2009-0895
+	RESERVED
+CVE-2009-0894
+	RESERVED
+CVE-2009-0893
+	RESERVED
+CVE-2009-0892
+	RESERVED
+CVE-2009-0891
+	RESERVED
+CVE-2009-0890
+	RESERVED
+CVE-2009-0889
+	RESERVED
+CVE-2009-0888
+	RESERVED
+CVE-2009-0887 (Integer signedness error in the _pam_StrTok function in ...)
+	TODO: check
+CVE-2009-0886 (Directory traversal vulnerability in login.php in OneOrZero
Helpdesk ...)
+	TODO: check
+CVE-2009-0885 (Multiple heap-based buffer overflows in Media Commands 1.0 allow
...)
+	TODO: check
+CVE-2009-0884 (Buffer overflow in FileZilla Server before 0.9.31 allows remote
...)
+	TODO: check
+CVE-2009-0883 (SQL injection vulnerability in Blue Eye CMS 1.0.0 and earlier,
when ...)
+	TODO: check
+CVE-2009-0882 (Multiple SQL injection vulnerabilities in nForum 1.5 allow
remote ...)
+	TODO: check
+CVE-2009-0881 (SQL injection vulnerability in ejemplo/paises.php in isiAJAX 1
allows ...)
+	TODO: check
+CVE-2009-0880 (Directory traversal vulnerability in the CIM server in IBM
Director ...)
+	TODO: check
+CVE-2009-0879 (The CIM server in IBM Director before 5.20.3 Service Update 2 on
...)
+	TODO: check
+CVE-2009-0878 (The read_game_map function in src/terrain_translation.cpp in
Wesnoth ...)
+	TODO: check
+CVE-2009-0877 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java
System ...)
+	TODO: check
+CVE-2009-0876 (Unspecified vulnerability in Sun xVM VirtualBox 2.0.0, 2.0.2,
2.0.4, ...)
+	TODO: check
+CVE-2009-0875 (Race condition in the Doors subsystem in the kernel in Sun
Solaris 8 ...)
+	TODO: check
+CVE-2009-0874 (Multiple unspecified vulnerabilities in the Doors subsystem in
the ...)
+	TODO: check
+CVE-2008-6472 (The WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows
remote ...)
+	TODO: check
+CVE-2008-6471 (SQL injection vulnerability in detail.php in MountainGrafix
easyLink ...)
+	TODO: check
+CVE-2008-6470 (Multiple unspecified vulnerabilities in ClanSphere before
2008.2.1 ...)
+	TODO: check
+CVE-2008-6469 (SQL injection vulnerability in index.php in PlainCart 1.1.2
allows ...)
+	TODO: check
+CVE-2008-6468 (SQL injection vulnerability in index.php in Diesel Pay allows
remote ...)
+	TODO: check
+CVE-2008-6467 (SQL injection vulnerability in jobs/jobseekers/job-info.php in
Diesel ...)
+	TODO: check
+CVE-2008-6466 (SQL injection vulnerability in image_gallery.php in the Akira
Powered ...)
+	TODO: check
+CVE-2008-6465 (Multiple cross-site scripting (XSS) vulnerabilities in login.php
in ...)
+	TODO: check
+CVE-2008-6464 (SQL injection vulnerability in event.php in Mevin Productions
Basic ...)
+	TODO: check
+CVE-2008-6463 (SQL injection vulnerability in the Diocese of Portsmouth Church
Search ...)
+	TODO: check
+CVE-2008-6462 (SQL injection vulnerability in the My quiz and poll (myquizpoll)
...)
+	TODO: check
+CVE-2008-6461 (SQL injection vulnerability in the Random Prayer 2 (ste_prayer2)
...)
+	TODO: check
+CVE-2008-6460 (SQL injection vulnerability in the Simple Random Objects ...)
+	TODO: check
+CVE-2008-6459 (SQL injection vulnerability in the auto BE User Registration
...)
+	TODO: check
+CVE-2008-6458 (SQL injection vulnerability in the FE address edit for
tt_address &amp; ...)
+	TODO: check
+CVE-2008-6457 (SQL injection vulnerability in the Swigmore institute
(cgswigmore) ...)
+	TODO: check
+CVE-2008-6456 (SQL injection vulnerability in the HBook (h_book) extension
2.3.0 and ...)
+	TODO: check
+CVE-2008-6455 (Session fixation vulnerability in Edikon phpShop 0.8.1 allows
remote ...)
+	TODO: check
+CVE-2008-6454 (SQL injection vulnerability in section.php in 6rbScript 3.3
allows ...)
+	TODO: check
+CVE-2008-6453 (Directory traversal vulnerability in section.php in 6rbScript
3.3, ...)
+	TODO: check
+CVE-2008-6452 (SQL injection vulnerability in show_vote.php in Oceandir 2.9 and
...)
+	TODO: check
+CVE-2008-6451 (SQL injection vulnerability in humor.php in jPORTAL 2 allows
remote ...)
+	TODO: check
 CVE-2009-0873 (The NFS daemon (aka nfsd) in Sun Solaris 10 and OpenSolaris
before ...)
 	NOT-FOR-US: Solaris
 CVE-2009-0872 (The NFS server in Sun Solaris 10, and OpenSolaris before
snv_111, does ...)
@@ -164,8 +282,8 @@
 	NOT-FOR-US: BlogHelper
 CVE-2009-0825 (SQL injection vulnerability in system/rss.php in TinX/cms 3.x
before ...)
 	NOT-FOR-US: TinX/cms
-CVE-2009-0824
-	RESERVED
+CVE-2009-0824 (Elaborate Bytes ElbyCDIO.sys 6.0.2.0 and earlier, as distributed
in ...)
+	TODO: check
 CVE-2009-0823
 	RESERVED
 CVE-2009-0822
@@ -298,8 +416,7 @@
 	NOT-FOR-US: CVE-2009-0780
 CVE-2009-0779 (Buffer overflow in pppdial in IBM AIX 5.3 and 6.1 allows local
users ...)
 	NOT-FOR-US: IBM AIX
-CVE-2009-0778 [Linux: rt_cache leak leads to loss of network connectivity]
-	RESERVED
+CVE-2009-0778 (The icmp_send function in net/ipv4/icmp.c in the Linux kernel
before ...)
 	- linux-2.6 <not-affected> (affected upstream kernel versions not part
of Debian)
 	- linux-2.6.24 <not-affected> (affected upstream kernel versions not
part of Debian)
 CVE-2009-0777 (Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and
...)
@@ -1133,8 +1250,8 @@
 	RESERVED
 CVE-2009-0633
 	RESERVED
-CVE-2009-0632
-	RESERVED
+CVE-2009-0632 (The IP Phone Personal Address Book (PAB) Synchronizer feature in
Cisco ...)
+	TODO: check
 CVE-2009-0631
 	RESERVED
 CVE-2009-0630
@@ -1264,18 +1381,18 @@
 	RESERVED
 CVE-2009-0588
 	RESERVED
-CVE-2009-0587
-	RESERVED
-CVE-2009-0586
-	RESERVED
-CVE-2009-0585
-	RESERVED
+CVE-2009-0587 (Multiple integer overflows in Evolution Data Server (aka ...)
+	TODO: check
+CVE-2009-0586 (Integer overflow in gst-libs/gst/tag/gstvorbistag.c in vorbistag
in ...)
+	TODO: check
+CVE-2009-0585 (Integer overflow in the soup_base64_encode function in
soup-misc.c in ...)
+	TODO: check
 CVE-2009-0584
 	RESERVED
 CVE-2009-0583
 	RESERVED
-CVE-2009-0582
-	RESERVED
+CVE-2009-0582 (The ntlm_challenge function in the NTLM SASL authentication
mechanism ...)
+	TODO: check
 CVE-2009-0581
 	RESERVED
 CVE-2009-0580
@@ -1801,7 +1918,8 @@
 	NOT-FOR-US: Microsoft
 CVE-2009-0418 (The IPv6 Neighbor Discovery Protocol (NDP) implementation in HP
HP-UX ...)
 	NOT-FOR-US: HP HP-UX
-CVE-2008-6067 (SQL injection vulnerability in search_results.php in E-Shop
Shopping ...)
+CVE-2008-6067
+	REJECTED
 	NOT-FOR-US: E-Shop Shopping Cart
 CVE-2008-6066 (Multiple PHP remote file inclusion vulnerabilities in Meet#Web
0.8 ...)
 	NOT-FOR-US: Meet#Web
@@ -2061,8 +2179,7 @@
 CVE-2009-0367 (The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11
allows ...)
 	{DSA-1737-1}
 	- wesnoth 1:1.4.7-4
-CVE-2009-0366 [wesnoth server memory exhaustion]
-	RESERVED
+CVE-2009-0366 (The uncompress_buffer function in src/server/simple_wml.cpp in
Wesnoth ...)
 	{DSA-1737-1}
 	- wesnoth 1:1.4.7-4
 CVE-2009-0365 (The dbus request handler in (1) network-manager-applet and (2)
...)
@@ -2785,8 +2902,8 @@
 	RESERVED
 CVE-2009-0144
 	RESERVED
-CVE-2009-0143
-	RESERVED
+CVE-2009-0143 (Apple iTunes before 8.1 does not properly inform the user about
the ...)
+	TODO: check
 CVE-2009-0142 (Race condition in AFP Server in Apple Mac OS X 10.5.6 allows
local ...)
 	NOT-FOR-US: Apple Mac OS X
 CVE-2009-0141 (XTerm in Apple Mac OS X 10.4.11 and 10.5.6, when used with luit,
...)
@@ -3771,8 +3888,8 @@
 	NOT-FOR-US: Apple Mac OS X
 CVE-2009-0017 (csregprinter in the Printing component in Apple Mac OS X 10.4.11
and ...)
 	NOT-FOR-US: Apple Mac OS X
-CVE-2009-0016
-	RESERVED
+CVE-2009-0016 (Apple iTunes before 8.1 on Windows allows remote attackers to
cause a ...)
+	TODO: check
 CVE-2009-0015 (Unspecified vulnerability in fseventsd in the FSEvents framework
in ...)
 	NOT-FOR-US: Apple Mac OS X
 CVE-2009-0014 (Folder Manager in Apple Mac OS X 10.5.6 uses insecure default
...)
@@ -6936,8 +7053,8 @@
 	NOT-FOR-US: Observer
 CVE-2008-4317
 	RESERVED
-CVE-2008-4316
-	RESERVED
+CVE-2008-4316 (Multiple integer overflows in glib/gbase64.c in GLib before 2.20
allow ...)
+	TODO: check
 CVE-2008-4315 (tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise
Linux ...)
 	NOT-FOR-US: OpenPegasus
 CVE-2008-4314 (smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers
to ...)
@@ -8660,7 +8777,7 @@
 	- ruby1.8 1.8.7.72-1 (bug #494401)
 	- ruby1.9 1.9.0.2-6 (bug #494402)
 	NOTE:
http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
-CVE-2008-3656 (Algorithmic complexity vulnerability in ...)
+CVE-2008-3656 (Algorithmic complexity vulnerability in the ...)
 	{DSA-1652-1 DSA-1651-1}
 	- ruby1.8 1.8.7.72-1 (bug #494401)
 	- ruby1.9 1.9.0.2-6 (bug #494402)
@@ -24999,7 +25116,7 @@
 	NOT-FOR-US: husrevforum
 CVE-2007-3884 (SQL injection vulnerability in philboard_forum.asp in
husrevforum ...)
 	NOT-FOR-US: husrevforum
-CVE-2007-3883 (The Data Dynamics ActiveBar ActiveX control (actbar3.ocx) 3.1
and ...)
+CVE-2007-3883 (The Data Dynamics ActiveBar ActiveX control (actbar3.ocx) 3.2
and ...)
 	NOT-FOR-US: Data Dynamics ActiveBar ActiveX control
 CVE-2007-3882 (SQL injection vulnerability in index.php in Expert Advisor
allows ...)
 	NOT-FOR-US: Expert Advisor
Secure testing commits - Mar 2009 - r11411 - data/CVE

[Secure-testing-commits] r11411 - data/CVE
