thr3ads.net - Secure testing commits - [Secure-testing-commits] r11506

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2009-Mar-31 21:14 UTC
[Secure-testing-commits] r11506 - data/CVE

Author: joeyh
Date: 2009-03-31 21:14:10 +0000 (Tue, 31 Mar 2009)
New Revision: 11506

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-03-31 17:28:29 UTC (rev 11505)
+++ data/CVE/list	2009-03-31 21:14:10 UTC (rev 11506)
@@ -1,46 +1,253 @@
-CVE-2009-1107 [Multiple Java issues]
+CVE-2009-1175 (Cross-site scripting (XSS) vulnerability in apps/web/vs_diag.cgi
in ...)
+	TODO: check
+CVE-2009-1174 (The Web Services Security component in IBM WebSphere Application
...)
+	TODO: check
+CVE-2009-1173 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3 uses
weak ...)
+	TODO: check
+CVE-2009-1172 (The JAX-RPC WS-Security runtime in the Web Services Security
component ...)
+	TODO: check
+CVE-2009-1171 (The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+,
1.8 ...)
+	TODO: check
+CVE-2009-1170 (Unspecified vulnerability in Sun OpenSolaris snv_100 through
snv_101 ...)
+	TODO: check
+CVE-2009-1169 (The txMozillaXSLTProcessor::TransformToDoc function in Mozilla
Firefox ...)
+	{DSA-1756-1}
+	TODO: check
+CVE-2009-1168
+	RESERVED
+CVE-2009-1167
+	RESERVED
+CVE-2009-1166
+	RESERVED
+CVE-2009-1165
+	RESERVED
+CVE-2009-1164
+	RESERVED
+CVE-2009-1163
+	RESERVED
+CVE-2009-1162
+	RESERVED
+CVE-2009-1161
+	RESERVED
+CVE-2009-1160
+	RESERVED
+CVE-2009-1159
+	RESERVED
+CVE-2009-1158
+	RESERVED
+CVE-2009-1157
+	RESERVED
+CVE-2009-1156
+	RESERVED
+CVE-2009-1155
+	RESERVED
+CVE-2009-1154
+	RESERVED
+CVE-2009-1153
+	RESERVED
+CVE-2009-1152 (Siemens Gigaset SE461 WiMAX router 1.5-BL024.9.6401, and
possibly ...)
+	TODO: check
+CVE-2009-1151 (Static code injection vulnerability in setup.php in phpMyAdmin
2.11.x ...)
+	TODO: check
+CVE-2009-1150 (Multiple cross-site scripting (XSS) vulnerabilities in the
export page ...)
+	TODO: check
+CVE-2009-1149 (CRLF injection vulnerability in bs_disp_as_mime_type.php in the
BLOB ...)
+	TODO: check
+CVE-2009-1148 (Directory traversal vulnerability in bs_disp_as_mime_type.php in
the ...)
+	TODO: check
+CVE-2009-1147
+	RESERVED
+CVE-2009-1146
+	RESERVED
+CVE-2009-1145
+	RESERVED
+CVE-2009-1144
+	RESERVED
+CVE-2009-1143
+	RESERVED
+CVE-2009-1142
+	RESERVED
+CVE-2009-1141
+	RESERVED
+CVE-2009-1140
+	RESERVED
+CVE-2009-1139
+	RESERVED
+CVE-2009-1138
+	RESERVED
+CVE-2009-1137
+	RESERVED
+CVE-2009-1136
+	RESERVED
+CVE-2009-1135
+	RESERVED
+CVE-2009-1134
+	RESERVED
+CVE-2009-1133
+	RESERVED
+CVE-2009-1132
+	RESERVED
+CVE-2009-1131
+	RESERVED
+CVE-2009-1130
+	RESERVED
+CVE-2009-1129
+	RESERVED
+CVE-2009-1128
+	RESERVED
+CVE-2009-1127
+	RESERVED
+CVE-2009-1126
+	RESERVED
+CVE-2009-1125
+	RESERVED
+CVE-2009-1124
+	RESERVED
+CVE-2009-1123
+	RESERVED
+CVE-2009-1122
+	RESERVED
+CVE-2009-1121
+	RESERVED
+CVE-2009-1120
+	RESERVED
+CVE-2009-1119
+	RESERVED
+CVE-2009-1118
+	RESERVED
+CVE-2009-1117
+	RESERVED
+CVE-2009-1116
+	RESERVED
+CVE-2009-1115
+	RESERVED
+CVE-2009-1114
+	RESERVED
+CVE-2009-1113
+	RESERVED
+CVE-2009-1112
+	RESERVED
+CVE-2009-1111
+	RESERVED
+CVE-2009-1110
+	RESERVED
+CVE-2009-1109
+	RESERVED
+CVE-2009-1108
+	RESERVED
+CVE-2009-1086 (Heap-based buffer overflow in the ldns_rr_new_frm_str_internal
...)
+	TODO: check
+CVE-2008-6560 (Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1
on ...)
+	TODO: check
+CVE-2008-6559 (Merge mcd in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local
users ...)
+	TODO: check
+CVE-2008-6558 (Untrusted search path vulnerability in (1) hvdisp and (2) rcvm
in ...)
+	TODO: check
+CVE-2008-6557 (cgi-bin/webutil.pl in The Puppet Master WebUtil 2.7 allows
remote ...)
+	TODO: check
+CVE-2008-6556 (cgi-bin/webutil.pl in The Puppet Master WebUtil 2.3 allows
remote ...)
+	TODO: check
+CVE-2008-6555 (cgi-bin/webutil.pl in The Puppet Master WebUtil allows remote
...)
+	TODO: check
+CVE-2008-6554 (cgi-bin/script in Aztech ADSL2/2+ 4-port router 3.7.0 build
070426 ...)
+	TODO: check
+CVE-2008-6553 (microcms-admin-home.php in Implied by Design Micro CMS
(Micro-CMS) 3.5 ...)
+	TODO: check
+CVE-2008-6552 (Red Hat Cluster Project 2.x allows local users to modify or
overwrite ...)
+	TODO: check
+CVE-2008-6551 (Multiple directory traversal vulnerabilities in e-Vision CMS
2.0.2 and ...)
+	TODO: check
+CVE-2008-6550 (Cross-site scripting (XSS) vulnerability in glossaire.php in
Glossaire ...)
+	TODO: check
+CVE-2008-6549 (The password_checker function in config/multiconfig.py in
MoinMoin ...)
+	TODO: check
+CVE-2008-6548 (The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not
check ...)
+	TODO: check
+CVE-2008-6547 (schema.py in FormEncode for Python (python-formencode) 1.0 does
not ...)
+	TODO: check
+CVE-2008-6546 (Unspecified vulnerability in phpns before 2.1.3 has unknown
impact and ...)
+	TODO: check
+CVE-2008-6545 (PHP remote file inclusion vulnerability in
news/include/createdb.php ...)
+	TODO: check
+CVE-2008-6544 (** DISPUTED ** ...)
+	TODO: check
+CVE-2008-6543 (Multiple PHP remote file inclusion vulnerabilities in ComScripts
TEAM ...)
+	TODO: check
+CVE-2008-6542 (Unspecified vulnerability in the Skin Manager in DotNetNuke
before ...)
+	TODO: check
+CVE-2008-6541 (Unrestricted file upload vulnerability in the file manager
module in ...)
+	TODO: check
+CVE-2008-6540 (DotNetNuke before 4.8.2, during installation or upgrade, does
not warn ...)
+	TODO: check
+CVE-2008-6539 (Static code injection vulnerability in user/settings/ in DeStar
...)
+	TODO: check
+CVE-2008-6538 (DeStar 0.2.2-5 allows remote attackers to add arbitrary users
via a ...)
+	TODO: check
+CVE-2008-6537 (LightNEasy/lightneasy.php in LightNEasy No database version 1.2
allows ...)
+	TODO: check
+CVE-2008-6536 (Unspecified vulnerability in 7-zip before 4.5.7 has unknown
impact and ...)
+	TODO: check
+CVE-2008-6535 (admin/settings.php in PayPal eStores allows remote attackers to
bypass ...)
+	TODO: check
+CVE-2008-6534 (Incomplete blacklist vulnerability in NULL FTP Server Free and
Pro ...)
+	TODO: check
+CVE-2008-6533 (Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all
related ...)
+	TODO: check
+CVE-2008-6532 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
+	TODO: check
+CVE-2008-6531 (The WebWork 1 web application framework in Atlassian JIRA before
...)
+	TODO: check
+CVE-2008-6530 (Unrestricted file upload vulnerability in editimage.php in ...)
+	TODO: check
+CVE-2008-6529 (Cross-site scripting (XSS) vulnerability in listtest.php in ...)
+	TODO: check
+CVE-2008-6528 (NTFS TmaxSoft JEUS 5 before Fix 26 allows remote attackers to
read the ...)
+	TODO: check
+CVE-2007-6721 (The Legion of the Bouncy Castle Java Cryptography API before
release ...)
+	TODO: check
+CVE-2009-1107 (The Java Plug-in in Java SE Development Kit (JDK) and Java
Runtime ...)
 	- sun-java6 6-13-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2009-1106 [Multiple Java issues]
+CVE-2009-1106 (The Java Plug-in in Java SE Development Kit (JDK) and Java
Runtime ...)
 	- sun-java6 6-13-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2009-1105 [Multiple Java issues]
+CVE-2009-1105 (The Java Plug-in in Java SE Development Kit (JDK) and Java
Runtime ...)
 	- sun-java6 6-13-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2009-1104 [Multiple Java issues]
+CVE-2009-1104 (The Java Plug-in in Java SE Development Kit (JDK) and Java
Runtime ...)
 	- sun-java6 6-13-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2009-1103 [Multiple Java issues]
+CVE-2009-1103 (Unspecified vulnerability in the Java Plug-in in Java SE
Development ...)
 	- sun-java6 6-13-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2009-1102 [Multiple Java issues]
+CVE-2009-1102 (Unspecified vulnerability in the Virtual Machine in Java SE ...)
 	- sun-java6 6-13-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2009-1101 [Multiple Java issues]
+CVE-2009-1101 (Unspecified vulnerability in the lightweight HTTP server ...)
 	- sun-java6 6-13-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2009-1100 [Multiple Java issues]
+CVE-2009-1100 (Multiple unspecified vulnerabilities in Java SE Development Kit
(JDK) ...)
 	- sun-java6 6-13-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2009-1099 [Multiple Java issues]
+CVE-2009-1099 (Integer signedness error in Java SE Development Kit (JDK) and
Java ...)
 	- sun-java6 6-13-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2009-1098 [Multiple Java issues]
+CVE-2009-1098 (Buffer overflow in Java SE Development Kit (JDK) and Java
Runtime ...)
 	- sun-java6 6-13-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2009-1097 [Multiple Java issues]
+CVE-2009-1097 (Multiple buffer overflows in Java SE Development Kit (JDK) and
Java ...)
 	- sun-java6 6-13-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2009-1096 [Multiple Java issues]
+CVE-2009-1096 (Buffer overflow in unpack200 in Java SE Development Kit (JDK)
and Java ...)
 	- sun-java6 6-13-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2009-1095 [Multiple Java issues]
+CVE-2009-1095 (Integer overflow in unpack200 in Java SE Development Kit (JDK)
and ...)
 	- sun-java6 6-13-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2009-1094 [Multiple Java issues]
+CVE-2009-1094 (Unspecified vulnerability in the LDAP implementation in Java SE
...)
 	- sun-java6 6-13-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
-CVE-2009-1093 [Multiple Java issues]
+CVE-2009-1093 (LdapCtx in the LDAP service in Java SE Development Kit (JDK) and
Java ...)
 	- sun-java6 6-13-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-XXXX [unspecified xfig temp issue]
@@ -50,65 +257,65 @@
 	- auth2db 0.2.5-2+dfsg-1.1 (bug #521823; low)
 	[lenny] - auth2db 0.2.5-2+dfsg-1+lenny1
 	NOTE: CVE id requested
-CVE-2009-1092
+CVE-2009-1092 (Use after free vulnerability in the LIVEAUDIO.LiveAudioCtrl.1
ActiveX ...)
 	NOT-FOR-US: LIVEAUDIO.LiveAudioCtrl.1 ActiveX
-CVE-2009-1091
+CVE-2009-1091 (Cross-site scripting (XSS) vulnerability in upload.php in
Rapidleech ...)
 	NOT-FOR-US: Rapidleech
-CVE-2009-1090
+CVE-2009-1090 (Directory traversal vulnerability in upload.php in Rapidleech
rev.36 ...)
 	NOT-FOR-US: Rapidleech
-CVE-2009-1089
+CVE-2009-1089 (Absolute path traversal vulnerability in upload.php in
Rapidleech ...)
 	NOT-FOR-US: Rapidleech
-CVE-2009-1088
+CVE-2009-1088 (Hannon Hill Cascade Server 5.7 and other versions allows remote
...)
 	NOT-FOR-US: Hannon Hill Cascade Server
-CVE-2009-1087
+CVE-2009-1087 (Multiple argument injection vulnerabilities in PPLive.exe in
PPLive ...)
 	NOT-FOR-US: PPLive
-CVE-2009-1085
+CVE-2009-1085 (Piwik 0.2.32 and earlier stores sensitive information under the
web ...)
 	NOT-FOR-US: Piwik
-CVE-2009-1084
+CVE-2009-1084 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not
...)
 	NOT-FOR-US: Sun Java System Identity Manager
-CVE-2009-1083
+CVE-2009-1083 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 on Linux,
AIX, ...)
 	NOT-FOR-US: Sun Java System Identity Manager
-CVE-2009-1082
+CVE-2009-1082 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 allows
remote ...)
 	NOT-FOR-US: Sun Java System Identity Manager
-CVE-2009-1081
+CVE-2009-1081 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java
System ...)
 	NOT-FOR-US: Sun Java System Identity Manager
-CVE-2009-1080
+CVE-2009-1080 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java
System ...)
 	NOT-FOR-US: Sun Java System Identity Manager
-CVE-2009-1079
+CVE-2009-1079 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java
System ...)
 	NOT-FOR-US: Sun Java System Identity Manager
-CVE-2009-1078
+CVE-2009-1078 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not
...)
 	NOT-FOR-US: Sun Java System Identity Manager
-CVE-2009-1077
+CVE-2009-1077 (The Change My Password implementation in the admin interface in
Sun ...)
 	NOT-FOR-US: Sun Java System Identity Manager
-CVE-2009-1076
+CVE-2009-1076 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds
...)
 	NOT-FOR-US: Sun Java System Identity Manager
-CVE-2009-1075
+CVE-2009-1075 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds
...)
 	NOT-FOR-US: Sun Java System Identity Manager
-CVE-2009-1074
+CVE-2009-1074 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not
use ...)
 	NOT-FOR-US: Sun Java System Identity Manager
-CVE-2008-6527
+CVE-2008-6527 (SQL injection vulnerability in forum.asp in GO4I.NET ASP Forum
1.0 ...)
 	NOT-FOR-US: GO4I.NET ASP Forum
-CVE-2008-6526
+CVE-2008-6526 (SQL injection vulnerability in index.php in BosDev
BosClassifieds ...)
 	NOT-FOR-US: BosClassifieds
-CVE-2008-6525
+CVE-2008-6525 (SQL injection vulnerability in the Admin Panel in Nice PHP FAQ
Script ...)
 	NOT-FOR-US: Nice PHP FAQ Script
-CVE-2008-6524
+CVE-2008-6524 (resetpass.php in openInvoice 0.90 beta and earlier allows remote
...)
 	NOT-FOR-US: openInvoice
-CVE-2008-6523
+CVE-2008-6523 (auth.php in openInvoice 0.90 beta and earlier allows remote
attackers ...)
 	NOT-FOR-US: openInvoice
-CVE-2008-6522
+CVE-2008-6522 (Multiple directory traversal vulnerabilities in the RenderFile
...)
 	NOT-FOR-US: OpenTerracotta
-CVE-2008-6521
+CVE-2008-6521 (index.php in Terracotta (aka OpenTerracotta) 0.6.1 allows remote
...)
 	NOT-FOR-US: OpenTerracotta
-CVE-2008-6520
+CVE-2008-6520 (Multiple format string vulnerabilities in the SSI filter in
Xitami Web ...)
 	NOT-FOR-US: Xitami Web Server
-CVE-2008-6519
+CVE-2008-6519 (Format string vulnerability in Xitami Web Server 2.2a through
2.5c2, ...)
 	NOT-FOR-US: Xitami Web Server
-CVE-2008-6518
+CVE-2008-6518 (Unrestricted file upload vulnerability in the profile feature in
...)
 	NOT-FOR-US: VidiScript
-CVE-2008-6517
+CVE-2008-6517 (SQL injection vulnerability in NewsHOWLER 1.03 Beta allows
remote ...)
 	NOT-FOR-US: NewsHOWLER
-CVE-2008-6516
+CVE-2008-6516 (Multiple directory traversal vulnerabilities in phpKF-Portal
1.10 ...)
 	NOT-FOR-US: phpKF-Portal
 CVE-2009-1073
 	RESERVED
@@ -181,7 +388,7 @@
 	TODO: check
 CVE-2009-1045 (requests/status.xml in VLC 0.9.8a allows remote attackers to
cause a ...)
 	TODO: check
-CVE-2009-1044 (Unspecified vulnerability in Mozilla Firefox 3.0.7 on Windows 7
allows ...)
+CVE-2009-1044 (Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to
execute ...)
 	{DSA-1756-1}
 	TODO: check
 CVE-2009-1043 (Unspecified vulnerability in Microsoft Internet Explorer 8 on
Windows ...)
@@ -215,7 +422,7 @@
 	NOT-FOR-US: Send by e-mail module for Drupal
 CVE-2009-1036 (Cross-site request forgery (CSRF) vulnerability in the Plus 1
module ...)
 	NOT-FOR-US: Plus 1 module for Drupal
-CVE-2009-1035 (Cross-site scripting (XSS) vulnerability in Tasklist module
5.x-1.x ...)
+CVE-2009-1035 (Cross-site scripting (XSS) vulnerability in the Tasklist module
...)
 	NOT-FOR-US: Tasklist module for Drupal
 CVE-2009-1034 (SQL injection vulnerability in the Tasklist module 5.x-1.x
before ...)
 	NOT-FOR-US: Tasklist module for Drupal
@@ -477,7 +684,7 @@
 	NOT-FOR-US: Nucleus CMS
 CVE-2009-0928 (Heap-based buffer overflow in Adobe Acrobat Reader and Acrobat
...)
 	TODO: check
-CVE-2009-0927 (Unspecified vulnerability in Adobe Reader and Adobe Acrobat 9.1
and ...)
+CVE-2009-0927 (Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9
before ...)
 	NOT-FOR-US: Adobe Reader and Adobe Acrobat
 CVE-2009-0926 (Unspecified vulnerability in the UFS filesystem functionality in
Sun ...)
 	NOT-FOR-US: Sun OpenSolaris
@@ -568,8 +775,8 @@
 	RESERVED
 CVE-2009-0893
 	RESERVED
-CVE-2009-0892
-	RESERVED
+CVE-2009-0892 (The administrative console in IBM WebSphere Application Server
(WAS) ...)
+	TODO: check
 CVE-2009-0891 (The Web Services Security component in IBM WebSphere Application
...)
 	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2009-0890
@@ -710,8 +917,8 @@
 	RESERVED
 CVE-2009-0846
 	RESERVED
-CVE-2009-0845
-	RESERVED
+CVE-2009-0845 (The spnego_gss_accept_sec_context function in ...)
+	TODO: check
 CVE-2009-0844
 	RESERVED
 CVE-2009-0843
@@ -937,8 +1144,7 @@
 	{DSA-1760-1 DSA-1759-1}
 	- openswan <unfixed> (medium; bug #521949)
 	- strongswan <unfixed> (medium; bug #521950)
-CVE-2009-0789
-	RESERVED
+CVE-2009-0789 (OpenSSL before 0.9.8k on WIN64 and certain other platforms does
not ...)
 	- openssl <not-affected> (only non-Debian architectures affected)
 CVE-2009-0788
 	RESERVED
@@ -948,14 +1154,13 @@
 	RESERVED
 CVE-2009-0785
 	RESERVED
-CVE-2009-0784 [Race condition in the stap tool shipped by Systemtap]
-	RESERVED
+CVE-2009-0784 (Race condition in the SystemTap stap tool 0.0.20080705 and ...)
 	{DSA-1755-1}
 	- systemtap 0.0.20090314-2
 CVE-2009-0783
 	RESERVED
 CVE-2009-0782
-	RESERVED
+	REJECTED
 CVE-2009-0781 (Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in
the ...)
 	- tomcat5.5 <unfixed> (unimportant)
 	- tomcat6 <unfixed> (unimportant)
@@ -1819,30 +2024,30 @@
 	- acidbase 1.2.1-1
 CVE-2009-0638
 	RESERVED
-CVE-2009-0637
-	RESERVED
-CVE-2009-0636
-	RESERVED
-CVE-2009-0635
-	RESERVED
-CVE-2009-0634
-	RESERVED
-CVE-2009-0633
-	RESERVED
+CVE-2009-0637 (The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based
CLI ...)
+	TODO: check
+CVE-2009-0636 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when
SIP ...)
+	TODO: check
+CVE-2009-0635 (Memory leak in the Cisco Tunneling Control Protocol (cTCP) ...)
+	TODO: check
+CVE-2009-0634 (Multiple unspecified vulnerabilities in the home agent (HA) ...)
+	TODO: check
+CVE-2009-0633 (Multiple unspecified vulnerabilities in the (1) Mobile IP NAT
...)
+	TODO: check
 CVE-2009-0632 (The IP Phone Personal Address Book (PAB) Synchronizer feature in
Cisco ...)
 	NOT-FOR-US: Cisco Unified Communications Manager
-CVE-2009-0631
-	RESERVED
-CVE-2009-0630
-	RESERVED
-CVE-2009-0629
-	RESERVED
-CVE-2009-0628
-	RESERVED
+CVE-2009-0631 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when
...)
+	TODO: check
+CVE-2009-0630 (The (1) Cisco Unified Communications Manager Express; (2) SIP
Gateway ...)
+	TODO: check
+CVE-2009-0629 (The (1) Airline Product Set (aka ALPS), (2) Serial Tunnel Code
(aka ...)
+	TODO: check
+CVE-2009-0628 (Memory leak in the SSLVPN feature in Cisco IOS 12.3 through 12.4
...)
+	TODO: check
 CVE-2009-0627
 	RESERVED
-CVE-2009-0626
-	RESERVED
+CVE-2009-0626 (The SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote
...)
+	TODO: check
 CVE-2009-0625 (Unspecified vulnerability in Cisco ACE Application Control
Engine ...)
 	NOT-FOR-US: Cisco
 CVE-2009-0624 (Unspecified vulnerability in the SNMPv2c implementation in Cisco
ACE ...)
@@ -1952,14 +2157,12 @@
 	NOT-FOR-US: OwenPoll
 CVE-2008-6142 (Multiple SQL injection vulnerabilities in admin/usercheck.php in
...)
 	NOT-FOR-US: FlexPHPic
-CVE-2009-0591
-	RESERVED
+CVE-2009-0591 (The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when
CMS is ...)
 	- openssl <not-affected> (vulnerable versions not uploaded to Debian)
-CVE-2009-0590
-	RESERVED
+CVE-2009-0590 (The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k
allows ...)
 	- openssl <unfixed> (low; bug #522002)
 CVE-2009-0589
-	RESERVED
+	REJECTED
 CVE-2009-0588
 	RESERVED
 CVE-2009-0587 (Multiple integer overflows in Evolution Data Server (aka ...)
@@ -1986,7 +2189,7 @@
 	RESERVED
 CVE-2009-0579
 	RESERVED
-CVE-2009-0578 (network-manager-applet in Ubuntu 8.10 does not properly verify
...)
+CVE-2009-0578 (NetworkManager, possibly before 0.7.1, does not properly verify
...)
 	- network-manager-applet 0.7.0.99-1 (medium)
 CVE-2009-0577 (Integer overflow in the WriteProlog function in texttops in CUPS
...)
 	NOT-FOR-US: RedHat specific, because they had a problem applying the fix for
CVE-2008-3640
@@ -2766,7 +2969,7 @@
 CVE-2009-0366 (The uncompress_buffer function in src/server/simple_wml.cpp in
Wesnoth ...)
 	{DSA-1737-1}
 	- wesnoth 1:1.4.7-4
-CVE-2009-0365 (The dbus request handler in (1) network-manager-applet and (2)
...)
+CVE-2009-0365 (The dbus request handler in NetworkManager, possibly before
0.7.1, ...)
 	- network-manager-applet 0.7.0.99-1 (medium)
 	- network-manager 0.7.0.99-1 (medium)
 CVE-2009-0364 (Format string vulnerability in the mini_calendar component in
...)
@@ -3321,8 +3524,7 @@
 	RESERVED
 CVE-2009-0216 (GE Fanuc iFIX 5.0 and earlier relies on client-side
authentication ...)
 	NOT-FOR-US: GE Fanuc iFIX
-CVE-2009-0215
-	RESERVED
+CVE-2009-0215 (Stack-based buffer overflow in the GetXMLValue method in the IBM
...)
 	NOT-FOR-US: IBM Access Support ActiveX
 CVE-2009-0214 (Unspecified vulnerability in the WebFGServer application in
AREVA ...)
 	NOT-FOR-US: WebFGServer
@@ -3366,7 +3568,7 @@
 	RESERVED
 CVE-2009-0194
 	RESERVED
-CVE-2009-0193 (Unspecified vulnerability in Adobe Acrobat Reader 9 before 9.1,
8 ...)
+CVE-2009-0193 (Heap-based buffer overflow in Adobe Acrobat Reader 9 before 9.1,
8 ...)
 	TODO: check
 CVE-2009-0192
 	RESERVED
@@ -3584,8 +3786,8 @@
 	RESERVED
 CVE-2009-0116
 	RESERVED
-CVE-2009-0115
-	RESERVED
+CVE-2009-0115 (multipath-tools in SUSE openSUSE 10.3 through 11.0 and SUSE
Linux ...)
+	TODO: check
 CVE-2008-5901 (iyzi Forum 1.0 beta 3 stores sensitive information under the web
root ...)
 	NOT-FOR-US: iyzi Forum
 CVE-2008-5900 (CodeAvalanche Articles stores sensitive information under the
web root ...)
@@ -6017,7 +6219,7 @@
 	- icedove 2.0.0.19-1
 	- iceape 1.1.13-1
 CVE-2008-5020
-	RESERVED
+	REJECTED
 CVE-2008-5019 (The session restore feature in Mozilla Firefox 3.x before 3.0.4
and ...)
 	{DSA-1671-1}
 	- iceweasel 3.0.4-1
@@ -7651,7 +7853,7 @@
 CVE-2008-4318 (Observer 0.3.2.1 and earlier allows remote attackers to execute
...)
 	NOT-FOR-US: Observer
 CVE-2008-4317
-	RESERVED
+	REJECTED
 CVE-2008-4316 (Multiple integer overflows in glib/gbase64.c in GLib before 2.20
allow ...)
 	{DSA-1747-1}
 	- glib2.0 2.20.0-1 (medium; bug #520046)
@@ -7663,7 +7865,7 @@
 CVE-2008-4313 (A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus
2.7.0 ...)
 	NOT-FOR-US: OpenPegasus
 CVE-2008-4312
-	RESERVED
+	REJECTED
 CVE-2008-4311 (The default configuration of system.conf in D-Bus (aka DBus)
before ...)
 	- dbus 1.2.1-5 (low; bug #508032)
 	[etch] - dbus <no-dsa> (Backport for Etch too risky for regressions for
too little gain)
@@ -9712,9 +9914,9 @@
 CVE-2008-3519 (The default configuration of the JBossAs component in Red Hat
JBoss ...)
 	- jbossas4 <not-affected> (configuration not yet included in Debian
package)
 CVE-2008-3518
-	RESERVED
+	REJECTED
 CVE-2008-3517
-	RESERVED
+	REJECTED
 CVE-2008-3516 (Multiple cross-site scripting (XSS) vulnerabilities in files
generated ...)
 	NOT-FOR-US: Adobe Presenter
 CVE-2008-3515 (Multiple cross-site scripting (XSS) vulnerabilities in files
generated ...)
@@ -10215,7 +10417,7 @@
 CVE-2008-3285 (The Filesys::SmbClientParser module 2.7 and earlier for Perl
allows ...)
 	NOT-FOR-US: Filesys::SmbClientParser
 CVE-2008-3284
-	RESERVED
+	REJECTED
 CVE-2008-3283 (Multiple memory leaks in Red Hat Directory Server 7.1 before
SP7, Red ...)
 	NOT-FOR-US: Red Hat Directory Server
 CVE-2008-3282 (Integer overflow in the rtl_allocateMemory function in ...)
@@ -11400,7 +11602,7 @@
 	- iceape 1.1.10
 	- xulrunner 1.9.0.1-1
 CVE-2008-2804
-	RESERVED
+	REJECTED
 CVE-2008-2803 (The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox
...)
 	{DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1}
 	- iceweasel 3.0~b2-1
@@ -12375,7 +12577,7 @@
 	[etch] - bluez-utils <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2374
 CVE-2008-2373
-	RESERVED
+	REJECTED
 CVE-2008-2372 (The Linux kernel 2.6.24 and 2.6.25 before 2.6.25.9 allows local
users ...)
 	- linux-2.6 2.6.26-1
 	[etch] - linux-2.6 <not-affected> (Introduced between 2.6.23 and 2.6.24)
@@ -13991,7 +14193,7 @@
 	- linux-2.6.24 2.6.24-6~etchnhalf.2
 	NOTE: Fixed in 2.6.24.6 and 2.6.25.1
 CVE-2008-1674
-	RESERVED
+	REJECTED
 CVE-2008-1673 (The asn1 implementation in (a) the Linux kernel 2.4 before
2.4.36.6 ...)
 	{DSA-1592-1}
 	- linux-2.6 2.6.25-5 (bug #485944)
@@ -14723,7 +14925,7 @@
 	{DSA-1595-1 DTSA-141-1}
 	- xorg-server 2:1.4.1~git20080517-2
 CVE-2008-1378
-	RESERVED
+	REJECTED
 CVE-2008-1377 (The (1) SProcRecordCreateContext and (2)
SProcRecordRegisterClients ...)
 	{DSA-1595-1 DTSA-141-1}
 	- xorg-server 2:1.4.1~git20080517-2
@@ -18255,9 +18457,9 @@
 	- tcpreen 1.4.3-0.3 (medium; bug #457781)
 CVE-2007-6561 (Multiple stack-based buffer overflows in PDFLib allow
user-assisted ...)
 	NOT-FOR-US: PDFLib
-CVE-2007-6560 (Multiple cross-site scripting (XSS) vulnerabilities in Logaholic
allow ...)
+CVE-2007-6560 (Multiple cross-site scripting (XSS) vulnerabilities in Logaholic
...)
 	NOT-FOR-US: Logaholic
-CVE-2007-6559 (Multiple SQL injection vulnerabilities in Logaholic allow remote
...)
+CVE-2007-6559 (Multiple SQL injection vulnerabilities in Logaholic before 2.0
RC8 ...)
 	NOT-FOR-US: Logaholic
 CVE-2007-6558 (TotalPlayer 3.0 allows user-assisted remote attackers to cause a
...)
 	NOT-FOR-US: TotalPlayer
@@ -19152,7 +19354,7 @@
 	[sarge] - apache2 <no-dsa> (browser issue; low impact)
 	[etch] - apache2 2.2.3-4+etch4 (low)
 CVE-2008-0004
-	RESERVED
+	REJECTED
 CVE-2008-0003 (Stack-based buffer overflow in the
PAMBasicAuthenticator::PAMCallback ...)
 	NOT-FOR-US: OpenPegasus CIM management server
 CVE-2008-0002 (Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the
context ...)
Secure testing commits - Mar 2009 - r11506 - data/CVE

[Secure-testing-commits] r11506 - data/CVE
