Author: joeyh
Date: 2009-04-20 09:14:20 +0000 (Mon, 20 Apr 2009)
New Revision: 11663
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-04-20 08:53:41 UTC (rev 11662)
+++ data/CVE/list 2009-04-20 09:14:20 UTC (rev 11663)
@@ -1,10 +1,10 @@
CVE-2009-XXXX [linux-2.6: /dev/mem rootkit vulnerability]
- - linux-2.6 2.6.29-1 (low; bug #524373)
- NOTE: according to the kernel team (see bug report), they have no
interest in backporting a
- NOTE: fix for the stable releases because it could potentially cause
compatibility problems
- NOTE: should a DSA be issued stating that no action will be taken to
address the issue?
+ - linux-2.6 2.6.29-1 (low; bug #524373)
+ NOTE: according to the kernel team (see bug report), they have no interest in
backporting a
+ NOTE: fix for the stable releases because it could potentially cause
compatibility problems
+ NOTE: should a DSA be issued stating that no action will be taken to address
the issue?
CVE-2009-XXXX [pptp-linux: unrestrictive pptpsetup permissions]
- - pptp-linux <unfixed> (low; bug #523476)
+ - pptp-linux <unfixed> (low; bug #523476)
CVE-2009-XXXX [slurm-llnl doesn''t drop supplementary groups]
- slumn-llnl 1.3.15-1
CVE-2009-1330 (Stack-based buffer overflow in Easy RM to MP3 Converter allows
remote ...)
@@ -98,7 +98,6 @@
CVE-2008-6721 (SQL injection vulnerability in index.php in AJ Square AJ Article
...)
NOT-FOR-US: AJ Square AJ Article
CVE-2009-XXXX [clamav: UPack crash]
- {DSA-1771-1}
- clamav 0.95.1+dfsg-1
NOTE: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1552
CVE-2009-XXXX [clamav: cli_url_canon]
@@ -665,10 +664,10 @@
RESERVED
CVE-2009-1188 [pdf vulnerabilities]
RESERVED
- - poppler <unfixed> (medium; bug #524806)
+ - poppler <unfixed> (medium; bug #524806)
CVE-2009-1187 [pdf vulnerabilities]
RESERVED
- - poppler <unfixed> (medium; bug #524806)
+ - poppler <unfixed> (medium; bug #524806)
CVE-2009-1186 [udev: buffer overflow in util_path_encode]
RESERVED
{DSA-1772-1}
@@ -681,34 +680,34 @@
RESERVED
CVE-2009-1183 [pdf vulnerabilities]
RESERVED
- - poppler <unfixed> (medium; bug #524806)
- - cups <unfixed> (medium; bug #524807)
- - xpdf <unfixed> (medium; bug #524809)
- - kdegraphics <unfixed> (medium; bug #524810)
+ - poppler <unfixed> (medium; bug #524806)
+ - cups <unfixed> (medium; bug #524807)
+ - xpdf <unfixed> (medium; bug #524809)
+ - kdegraphics <unfixed> (medium; bug #524810)
CVE-2009-1182 [pdf vulnerabilites]
RESERVED
- - poppler <unfixed> (medium; bug #524806)
- - cups <unfixed> (medium; bug #524807)
- - xpdf <unfixed> (medium; bug #524809)
- - kdegraphics <unfixed> (medium; bug #524810)
+ - poppler <unfixed> (medium; bug #524806)
+ - cups <unfixed> (medium; bug #524807)
+ - xpdf <unfixed> (medium; bug #524809)
+ - kdegraphics <unfixed> (medium; bug #524810)
CVE-2009-1181 [pdf vulnerabilities]
RESERVED
- - poppler <unfixed> (medium; bug #524806)
- - cups <unfixed> (medium; bug #524807)
- - xpdf <unfixed> (medium; bug #524809)
- - kdegraphics <unfixed> (medium; bug #524810)
+ - poppler <unfixed> (medium; bug #524806)
+ - cups <unfixed> (medium; bug #524807)
+ - xpdf <unfixed> (medium; bug #524809)
+ - kdegraphics <unfixed> (medium; bug #524810)
CVE-2009-1180 [pdf vulnerabilities]
RESERVED
- - poppler <unfixed> (medium; bug #524806)
- - cups <unfixed> (medium; bug #524807)
- - xpdf <unfixed> (medium; bug #524809)
- - kdegraphics <unfixed> (medium; bug #524810)
+ - poppler <unfixed> (medium; bug #524806)
+ - cups <unfixed> (medium; bug #524807)
+ - xpdf <unfixed> (medium; bug #524809)
+ - kdegraphics <unfixed> (medium; bug #524810)
CVE-2009-1179 [pdf vulnerabilities]
RESERVED
- - poppler <unfixed> (medium; bug #524806)
- - cups <unfixed> (medium; bug #524807)
- - xpdf <unfixed> (medium; bug #524809)
- - kdegraphics <unfixed> (medium; bug #524810)
+ - poppler <unfixed> (medium; bug #524806)
+ - cups <unfixed> (medium; bug #524807)
+ - xpdf <unfixed> (medium; bug #524809)
+ - kdegraphics <unfixed> (medium; bug #524810)
CVE-2009-1178 (Unspecified vulnerability in the server in IBM Tivoli Storage
Manager ...)
NOT-FOR-US: Tivoli
CVE-2009-1177 (Multiple stack-based buffer overflows in maptemplate.c in
mapserv in ...)
@@ -1953,16 +1952,16 @@
- squid3 <unfixed> (low; bug #521052)
CVE-2009-0800 [pdf vulnerabilities]
RESERVED
- - poppler <unfixed> (medium; bug #524806)
- - cups <unfixed> (medium; bug #524807)
- - xpdf <unfixed> (medium; bug #524809)
- - kdegraphics <unfixed> (medium; bug #524810)
+ - poppler <unfixed> (medium; bug #524806)
+ - cups <unfixed> (medium; bug #524807)
+ - xpdf <unfixed> (medium; bug #524809)
+ - kdegraphics <unfixed> (medium; bug #524810)
CVE-2009-0799 [pdf vulnerabilities]
RESERVED
- - poppler <unfixed> (medium; bug #524806)
- - cups <unfixed> (medium; bug #524807)
- - xpdf <unfixed> (medium; bug #524809)
- - kdegraphics <unfixed> (medium; bug #524810)
+ - poppler <unfixed> (medium; bug #524806)
+ - cups <unfixed> (medium; bug #524807)
+ - xpdf <unfixed> (medium; bug #524809)
+ - kdegraphics <unfixed> (medium; bug #524810)
CVE-2009-0798
RESERVED
CVE-2009-0797
@@ -1980,7 +1979,7 @@
- openjdk-6 <unfixed>
CVE-2009-0792 (Multiple integer overflows in icc.c in the International Color
...)
- argyll <unfixed> (low; bug #523472)
- - ghostscript <unfixed>
+ - ghostscript <unfixed>
CVE-2009-0791
RESERVED
CVE-2009-0790 (The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before
...)
@@ -2725,11 +2724,11 @@
- sysvinit <unfixed> (bug #517018; unimportant)
NOTE: hardly a security issue, if an attacker has local access to the machine
and you
NOTE: don''t use encryption or something similar you have lost anyway
- NOTE: - this ^ philosophy is flawed; it should not be trivial to get
root just because you
- NOTE: have local access to the machine. it is worth it to make it as
difficult as
- NOTE: possible without impacting authorized users. otherwise, why
spend so much effort
- NOTE: to make sure xscreensaver, gdm, and login are rock solid?
- NOTE: - i would like to track as low, rather than unimportant
+ NOTE: - this ^ philosophy is flawed; it should not be trivial to get root just
because you
+ NOTE: have local access to the machine. it is worth it to make it as
difficult as
+ NOTE: possible without impacting authorized users. otherwise, why spend so
much effort
+ NOTE: to make sure xscreensaver, gdm, and login are rock solid?
+ NOTE: - i would like to track as low, rather than unimportant
NOTE: should a CVE be requested for this problem?
CVE-2009-0753 (Absolute path traversal vulnerability in MLDonkey 2.8.4 through
2.9.7 ...)
{DSA-1739-1}
@@ -4517,10 +4516,10 @@
NOT-FOR-US: lpadmin in Sun Solaris 10 and OpenSolaris
CVE-2009-0166 [pdf vulnerabilities]
RESERVED
- - poppler <unfixed> (medium; bug #524806)
- - cups <unfixed> (medium; bug #524807)
- - xpdf <unfixed> (medium; bug #524809)
- - kdegraphics <unfixed> (medium; bug #524810)
+ - poppler <unfixed> (medium; bug #524806)
+ - cups <unfixed> (medium; bug #524807)
+ - xpdf <unfixed> (medium; bug #524809)
+ - kdegraphics <unfixed> (medium; bug #524810)
CVE-2009-0165
RESERVED
CVE-2009-0164 [cups web interface DNS rebinding issue]
@@ -4562,16 +4561,16 @@
RESERVED
CVE-2009-0147 [pdf vulnerabilities]
RESERVED
- - poppler <unfixed> (medium; bug #524806)
- - cups <unfixed> (medium; bug #524807)
- - xpdf <unfixed> (medium; bug #524809)
- - kdegraphics <unfixed> (medium; bug #524810)
+ - poppler <unfixed> (medium; bug #524806)
+ - cups <unfixed> (medium; bug #524807)
+ - xpdf <unfixed> (medium; bug #524809)
+ - kdegraphics <unfixed> (medium; bug #524810)
CVE-2009-0146 [pdf vulnerabilities]
RESERVED
- - poppler <unfixed> (medium; bug #524806)
- - cups <unfixed> (medium; bug #524807)
- - xpdf <unfixed> (medium; bug #524809)
- - kdegraphics <unfixed> (medium; bug #524810)
+ - poppler <unfixed> (medium; bug #524806)
+ - cups <unfixed> (medium; bug #524807)
+ - xpdf <unfixed> (medium; bug #524809)
+ - kdegraphics <unfixed> (medium; bug #524810)
CVE-2009-0145
RESERVED
CVE-2009-0144