Author: joeyh
Date: 2009-05-06 21:14:15 +0000 (Wed, 06 May 2009)
New Revision: 11821
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-05-06 18:34:51 UTC (rev 11820)
+++ data/CVE/list 2009-05-06 21:14:15 UTC (rev 11821)
@@ -1,3 +1,59 @@
+CVE-2009-1547
+ RESERVED
+CVE-2009-1546
+ RESERVED
+CVE-2009-1545
+ RESERVED
+CVE-2009-1544
+ RESERVED
+CVE-2009-1543
+ RESERVED
+CVE-2009-1542
+ RESERVED
+CVE-2009-1541
+ RESERVED
+CVE-2009-1540
+ RESERVED
+CVE-2009-1539
+ RESERVED
+CVE-2009-1538
+ RESERVED
+CVE-2009-1537
+ RESERVED
+CVE-2009-1536
+ RESERVED
+CVE-2009-1535
+ RESERVED
+CVE-2009-1534
+ RESERVED
+CVE-2009-1533
+ RESERVED
+CVE-2009-1532
+ RESERVED
+CVE-2009-1531
+ RESERVED
+CVE-2009-1530
+ RESERVED
+CVE-2009-1529
+ RESERVED
+CVE-2009-1528
+ RESERVED
+CVE-2009-1527 (Race condition in the ptrace_attach function in kernel/ptrace.c
in the ...)
+ TODO: check
+CVE-2009-1526 (JBMC Software DirectAdmin before 1.334 allows local users to
create or ...)
+ TODO: check
+CVE-2009-1525 (CMD_DB in JBMC Software DirectAdmin before 1.334 allows remote
...)
+ TODO: check
+CVE-2009-1524 (Cross-site scripting (XSS) vulnerability in Mort Bay Jetty
before ...)
+ TODO: check
+CVE-2009-1523 (Directory traversal vulnerability in the HTTP server in Mort Bay
Jetty ...)
+ TODO: check
+CVE-2009-1522 (The IBM Tivoli Storage Manager (TSM) client 5.5.0.0 through
5.5.1.17 ...)
+ TODO: check
+CVE-2009-1521 (Unspecified vulnerability in the Java GUI in the IBM Tivoli
Storage ...)
+ TODO: check
+CVE-2009-1520 (Buffer overflow in the Web GUI in the IBM Tivoli Storage Manager
(TSM) ...)
+ TODO: check
CVE-2009-XXXX [moin: XSS in AttachFile.py via attachements]
- moin <unfixed> (low; bug #526594)
[lenny] - moin 1.7.1-3+lenny2
@@ -120,15 +176,16 @@
NOT-FOR-US: Adobe Reader
CVE-2009-1492 (The getAnnots Doc method in the JavaScript API in Adobe Reader
and ...)
NOT-FOR-US: Adobe Reader
-CVE-2009-1491
- RESERVED
-CVE-2009-1490
- RESERVED
+CVE-2009-1491 (McAfee GroupShield for Microsoft Exchange on Exchange Server
2000, and ...)
+ TODO: check
+CVE-2009-1490 (Heap-based buffer overflow in Sendmail before 8.13.2 allows
remote ...)
+ TODO: check
CVE-2009-XXXX [samba: Account locking out doesnt work with an LDAP backend]
- samba 2:3.2.6 (bug #514151)
[lenny] - samba 2:3.2.5-4lenny1
[etch] - samba <not-affected> (Bug not yet present in Etch''s
version)
CVE-2009-1572 [Quagga bgpd crash related to 4-byte AS numbers]
+ {DSA-1788-1}
- quagga 0.99.11-2 (high; bug #526270)
[lenny] - quagga 0.99.10-1lenny2
[etch] - quagga <not-affected> (no AS4 code)
@@ -147,6 +204,7 @@
CVE-2009-1483 (Unrestricted file upload vulnerability in upload-file.php in
Adam ...)
NOT-FOR-US: Adam Patterson Studio Lounge Address Book
CVE-2009-1482 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+ {DSA-1791-1}
- moin <unfixed> (low; bug #526594)
[etch] - moin <not-affected> (Not exploitable)
NOTE: http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1
@@ -188,12 +246,12 @@
RESERVED
CVE-2009-1470
RESERVED
-CVE-2009-1469
- RESERVED
-CVE-2009-1468
- RESERVED
-CVE-2009-1467
- RESERVED
+CVE-2009-1469 (CRLF injection vulnerability in the Forgot Password
implementation in ...)
+ TODO: check
+CVE-2009-1468 (Multiple SQL injection vulnerabilities in the search form in
...)
+ TODO: check
+CVE-2009-1467 (Multiple cross-site scripting (XSS) vulnerabilities in IceWarp
eMail ...)
+ TODO: check
CVE-2009-1466
RESERVED
CVE-2009-1465
@@ -520,7 +578,7 @@
CVE-2006-7238 (Cross-site scripting (XSS) vulnerability in MyShoutPro before
1.2 ...)
NOT-FOR-US: MyShoutPro
CVE-2009-1358 (apt-get in apt before 0.7.21 does not check for the correct
error code ...)
- {DSA-1779-1}
+ {DSA-1779-1 DTSA-199-1}
- apt 0.7.21 (bug #433091)
CVE-2009-1440 (Incomplete blacklist vulnerability in DownloadListCtrl.cpp in
amule ...)
- amule <unfixed> (low; bug #525078)
@@ -674,7 +732,7 @@
NOTE: unlike secunia states I can''t see that this allows code
execution but is just an invalid read
NOTE: crashing the application
CVE-2009-1300 (apt 0.7.20 does not check when the date command returns an
"invalid ...)
- {DSA-1779-1}
+ {DSA-1779-1 DTSA-199-1}
- apt 0.7.21 (bug #523213)
CVE-2008-6726 (Multiple directory traversal vulnerabilities in CMScout 2.06,
when ...)
NOT-FOR-US: CMScout
@@ -1286,34 +1344,33 @@
CVE-2009-1185 (udev before 1.4.1 does not verify whether a NETLINK message
originates ...)
{DSA-1772-1}
- udev 0.141-1 (medium)
-CVE-2009-1184 [selinux ip postroute]
- RESERVED
+CVE-2009-1184 (The selinux_ip_postroute_iptables_compat function in ...)
- linux-2.6 2.6.30-1
NOTE: compat code was removed in 30-rc1, so marking 2.6.30 as fixed
[etch] - linux-2.6 <not-affected> (Issue was introduced after 2.6.24
release)
- linux-2.6.24 <not-affected> (Issue was introduced after 2.6.24
release)
CVE-2009-1183 (The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9
and ...)
- {DSA-1790-1}
+ {DSA-1793-1 DSA-1790-1}
- poppler 0.10.6-1 (medium; bug #524806)
- xpdf <unfixed> (medium; bug #524809)
- kdegraphics 4.0-1 (medium; bug #524810)
CVE-2009-1182 (Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf
3.02pl2 and ...)
- {DSA-1790-1}
+ {DSA-1793-1 DSA-1790-1}
- poppler 0.10.6-1 (medium; bug #524806)
- xpdf <unfixed> (medium; bug #524809)
- kdegraphics 4.0-1 (medium; bug #524810)
CVE-2009-1181 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and
earlier, ...)
- {DSA-1790-1}
+ {DSA-1793-1 DSA-1790-1}
- poppler 0.10.6-1 (medium; bug #524806)
- xpdf <unfixed> (medium; bug #524809)
- kdegraphics 4.0-1 (medium; bug #524810)
CVE-2009-1180 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and
earlier, ...)
- {DSA-1790-1}
+ {DSA-1793-1 DSA-1790-1}
- poppler 0.10.6-1 (medium; bug #524806)
- xpdf <unfixed> (medium; bug #524809)
- kdegraphics 4.0-1 (medium; bug #524810)
CVE-2009-1179 (Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier, ...)
- {DSA-1790-1}
+ {DSA-1793-1 DSA-1790-1}
- poppler 0.10.6-1 (medium; bug #524806)
- xpdf <unfixed> (medium; bug #524809)
- kdegraphics 4.0-1 (medium; bug #524810)
@@ -2576,12 +2633,12 @@
NOTE: Also, same origin validations in the browsers still apply and keep this
mostly harmless
NOTE: http://marc.info/?l=squid-dev&m=123542836103750&w=4
CVE-2009-0800 (Multiple "input validation flaws" in the JBIG2
decoder in Xpdf 3.02pl2 ...)
- {DSA-1790-1}
+ {DSA-1793-1 DSA-1790-1}
- poppler 0.10.6-1 (medium; bug #524806)
- xpdf <unfixed> (medium; bug #524809)
- kdegraphics 4.0 (medium; bug #524810)
CVE-2009-0799 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and
earlier, ...)
- {DSA-1790-1}
+ {DSA-1793-1 DSA-1790-1}
- poppler 0.10.6-1 (medium; bug #524806)
- xpdf <unfixed> (medium; bug #524809)
- kdegraphics 4.0 (medium; bug #524810)
@@ -3024,8 +3081,8 @@
NOT-FOR-US: Potato News
CVE-2009-0721
RESERVED
-CVE-2009-0720
- RESERVED
+CVE-2009-0720 (Unspecified vulnerability in HP OpenView Network Node Manager
(OV NNM) ...)
+ TODO: check
CVE-2009-0719 (Unspecified vulnerability in useradd in HP HP-UX B.11.11,
B.11.23, and ...)
NOT-FOR-US: HP-UX
CVE-2009-0718 (Unspecified vulnerability in HP StorageWorks Storage Mirroring 5
...)
@@ -5157,13 +5214,13 @@
CVE-2009-0167 (Unspecified vulnerability in lpadmin in Sun Solaris 10 and
OpenSolaris ...)
NOT-FOR-US: lpadmin in Sun Solaris 10 and OpenSolaris
CVE-2009-0166 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and
earlier, ...)
- {DSA-1790-1}
+ {DSA-1793-1 DSA-1790-1}
- poppler <unfixed> (medium; bug #524806)
- cups <not-affected> (Uses poppler''s pdftops)
- xpdf <unfixed> (medium; bug #524809)
- kdegraphics <unfixed> (medium; bug #524810)
CVE-2009-0165 (Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and
earlier, as ...)
- {DSA-1790-1}
+ {DSA-1793-1 DSA-1790-1}
TODO: check
CVE-2009-0164 (The web interface for CUPS before 1.3.10 does not validate the
HTTP ...)
- cups 1.3.10-1 (low)
@@ -5204,16 +5261,16 @@
RESERVED
CVE-2009-0149
RESERVED
-CVE-2009-0148
- RESERVED
+CVE-2009-0148 (Multiple buffer overflows in Cscope before 15.7a allow remote
...)
+ TODO: check
CVE-2009-0147 (Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2
and ...)
- {DSA-1790-1}
+ {DSA-1793-1 DSA-1790-1}
- poppler <unfixed> (medium; bug #524806)
- cups <not-affected> (Uses poppler''s pdftops)
- xpdf <unfixed> (medium; bug #524809)
- kdegraphics <unfixed> (medium; bug #524810)
CVE-2009-0146 (Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2
and ...)
- {DSA-1790-1}
+ {DSA-1793-1 DSA-1790-1}
- poppler <unfixed> (medium; bug #524806)
- cups <not-affected> (Uses poppler''s pdftops)
- xpdf <unfixed> (medium; bug #524809)
@@ -8179,8 +8236,8 @@
CVE-2008-4829 (Multiple buffer overflows in lib/http.c in Streamripper 1.63.5
allow ...)
{DSA-1683-1}
- streamripper 1.63.5-2 (bug #506377)
-CVE-2008-4828
- RESERVED
+CVE-2008-4828 (Multiple stack-based buffer overflows in dsmagent.exe in the
Remote ...)
+ TODO: check
CVE-2008-4827 (Multiple heap-based buffer overflows in the AddTab method in the
(1) ...)
NOT-FOR-US: ComponentOne SizerOne
CVE-2008-4826