Secure testing commits - May 2009 - r11877 - data/CVE

Author: joeyh
Date: 2009-05-11 21:14:13 +0000 (Mon, 11 May 2009)
New Revision: 11877

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-05-11 21:13:43 UTC (rev 11876)
+++ data/CVE/list	2009-05-11 21:14:13 UTC (rev 11877)
@@ -1,3 +1,17 @@
+CVE-2009-1594
+	RESERVED
+CVE-2009-1593
+	RESERVED
+CVE-2009-1592 (Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24
allows ...)
+	TODO: check
+CVE-2009-1591 (CRLF injection vulnerability in CGI RESCUE Web Mailer before
1.04 ...)
+	TODO: check
+CVE-2009-1590 (Unspecified vulnerability in CGI RESCUE FORM2MAIL before 1.42
allows ...)
+	TODO: check
+CVE-2009-1589 (Unspecified vulnerability in CGI RESCUE MiniBBS22 before 1.01
allows ...)
+	TODO: check
+CVE-2009-1588 (Cross-site scripting (XSS) vulnerability in CGI RESCUE MiniBBS
8t ...)
+	TODO: check
 CVE-2009-XXXX [hex-a-hop: buffer overflow in loading save games]
 	- hex-a-hop <unfixed> (low; bug #528250)
 	[lenny] - hex-a-hop <no-dsa> (Minor issue, very obscure attack vector)
@@ -9087,6 +9101,7 @@
 CVE-2008-4540 (Windows Mobile 6 on the HTC Hermes device makes WLAN passwords
...)
 	NOT-FOR-US: Windows Mobile
 CVE-2008-4539 (Heap-based buffer overflow in the Cirrus VGA implementation in
(1) KVM ...)
+	{DSA-1799-1}
 	- qemu 0.9.1+svn20081101-1 (low; bug #526040)
 	[etch] - qemu <not-affected> (Vulnerable code not present)
 CVE-2008-4538
@@ -10591,7 +10606,7 @@
 	{DSA-1652-1 DSA-1651-1}
 	- ruby1.8 1.8.7.72-1 (bug #498978)
 	- ruby1.9 1.9.0.2-6 (bug #498977)
-CVE-2008-3903 (Asterisk PBX 1.2 through 1.6 and Trixbox PBX 2.6.1, when running
with ...)
+CVE-2008-3903 (Asterisk Open Source 1.2.x before 1.2.32, 1.4.x before 1.4.24.1,
and ...)
 	NOT-FOR-US: Asterisk PBX
 CVE-2008-3902 (HP firmware 68DTT F.0D stores pre-boot authentication passwords
in the ...)
 	NOT-FOR-US: HP firmware 68DTT
@@ -15348,6 +15363,7 @@
 CVE-2008-1946 (The default configuration of su in /etc/pam.d/su in GNU
coreutils ...)
 	- coreutils 5.93-1
 CVE-2008-1945 (QEMU 0.9.0 does not properly handle changes to removable media,
which ...)
+	{DSA-1799-1}
 	- qemu 0.9.1-5 (low; bug #526013)
 CVE-2008-1944 (Buffer overflow in the backend framebuffer of XenSource Xen ...)
 	- xen-3 3.2.1-2 (medium; bug #487095)
@@ -17825,7 +17841,7 @@
 CVE-2008-0929
 	REJECTED
 CVE-2008-0928 (Qemu 0.9.1 and earlier does not perform range checks for block
device ...)
-	{DTSA-133-1}
+	{DSA-1799-1 DTSA-133-1}
 	- qemu 0.9.1+svn20081207-1 (low; bug #469649)
 	- xen-unstable 3.2.0-4 (bug #469654)
 	- xen-3 3.2.0-4 (bug #469662)