Author: joeyh
Date: 2009-05-15 21:14:13 +0000 (Fri, 15 May 2009)
New Revision: 11906
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-05-15 20:36:53 UTC (rev 11905)
+++ data/CVE/list 2009-05-15 21:14:13 UTC (rev 11906)
@@ -1,3 +1,19 @@
+CVE-2009-1636
+ RESERVED
+CVE-2009-1635
+ RESERVED
+CVE-2009-1634
+ RESERVED
+CVE-2009-1633
+ RESERVED
+CVE-2009-1632 (Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote
...)
+ TODO: check
+CVE-2009-1631 (The Mailer component in Evolution 2.26.1 and earlier uses ...)
+ TODO: check
+CVE-2009-1630 (The nfs_permission function in fs/nfs/dir.c in the NFS client
...)
+ TODO: check
+CVE-2009-1629 (ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs
with ...)
+ TODO: check
CVE-2009-XXXX [eggdrop buffer overflow]
- eggdrop <unfixed> (medium; bug #528778)
NOTE: CVE id request on oss-sec
@@ -141,21 +157,17 @@
NOT-FOR-US: DFLabs
CVE-2008-6792 (system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10, as
used ...)
- system-tools-backends <unfixed> (low; bug #527952)
-CVE-2009-1581 [SquirrelMail CSS positioning]
- RESERVED
+CVE-2009-1581 (functions/mime.php in SquirrelMail before 1.4.18 does not
protect the ...)
- squirrelmail 2:1.4.18-1 (low; bug #528528)
NOTE:
http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13667
-CVE-2009-1580 [SquirrelMail session fixation]
- RESERVED
+CVE-2009-1580 (Session fixation vulnerability in SquirrelMail before 1.4.18
allows ...)
- squirrelmail 2:1.4.18-1 (low; bug #528528)
NOTE:
http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13676
-CVE-2009-1579 [Squirrelmail map_yp_alias code injection]
- RESERVED
+CVE-2009-1579 (The map_yp_alias function in functions/imap_general.php in ...)
- squirrelmail 2:1.4.18-1 (medium; bug #528528)
NOTE:
http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13674
NOTE: doesn''t affect every setup
-CVE-2009-1578 [SquirrelMail XSS]
- RESERVED
+CVE-2009-1578 (Multiple cross-site scripting (XSS) vulnerabilities in
SquirrelMail ...)
- squirrelmail 2:1.4.18-1 (low; bug #528528)
NOTE:
http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13670
CVE-2009-1577 (Multiple stack-based buffer overflows in the putstring function
in ...)
@@ -481,12 +493,12 @@
NOT-FOR-US: IceWarp
CVE-2009-1467 (Multiple cross-site scripting (XSS) vulnerabilities in IceWarp
eMail ...)
NOT-FOR-US: IceWarp
-CVE-2009-1466
- RESERVED
-CVE-2009-1465
- RESERVED
-CVE-2009-1464
- RESERVED
+CVE-2009-1466 (Application Access Server (A-A-S) 2.0.48 stores (1) passwords
and (2) ...)
+ TODO: check
+CVE-2009-1465 (Application Access Server (A-A-S) 2.0.48 has
"wildbat" as its default ...)
+ TODO: check
+CVE-2009-1464 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
+ TODO: check
CVE-2009-1463 (Static code injection vulnerability in razorCMS before 0.4
allows ...)
NOT-FOR-US: razorCMS
CVE-2009-1462 (The Security Manager in razorCMS before 0.4 does not verify the
...)
@@ -556,7 +568,7 @@
CVE-2009-1441 (Heap-based buffer overflow in the
ParamTraits<SkBitmap>::Read function ...)
- chromium-browser <itp> (bug #520324)
CVE-2009-1439 (Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel
...)
- {DSA-1794-1 DSA-1787-1}
+ {DSA-1800-1 DSA-1794-1 DSA-1787-1}
- linux-2.6 <unfixed>
- linux-2.6.24 <removed>
CVE-2009-1438 (Integer overflow in the CSoundFile::ReadMed function ...)
@@ -852,11 +864,11 @@
- twiki <unfixed> (bug #526258)
NOTE: We should probably request removal from unstable, replaced by foswiki
CVE-2009-1338 (The kill_something_info function in kernel/signal.c in the Linux
...)
- {DSA-1787-1}
+ {DSA-1800-1 DSA-1787-1}
- linux-2.6 <unfixed>
[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2009-1337 (The exit_notify function in kernel/exit.c in the Linux kernel
before ...)
- {DSA-1794-1 DSA-1787-1}
+ {DSA-1800-1 DSA-1794-1 DSA-1787-1}
- linux-2.6 <unfixed>
- linux-2.6.24 <removed>
CVE-2009-1336 (fs/nfs/client.c in the Linux kernel before 2.6.23 does not
properly ...)
@@ -1162,7 +1174,7 @@
CVE-2009-1266 (Unspecified vulnerability in Wireshark before 1.0.7-0.1-1 has
unknown ...)
NOTE: Dupe of CVE-2009-1210
CVE-2009-1265 (Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the
Linux ...)
- {DSA-1794-1 DSA-1787-1}
+ {DSA-1800-1 DSA-1794-1 DSA-1787-1}
- linux-2.6 2.6.29-4
- linux-2.6.24 <removed>
CVE-2009-1264 (Frontend User Registration (sr_feuser_register) extension 2.5.20
and ...)
@@ -1280,7 +1292,7 @@
- linux-2.6 <not-affected> (Issue was introduced after 2.6.27 release)
- linux-2.6.24 <not-affected> (Issue was introduced after 2.6.27
release)
CVE-2009-1242 (The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX ...)
- {DSA-1787-1}
+ {DSA-1800-1 DSA-1787-1}
- linux-2.6 <unfixed>
[etch] - linux-2.6 <not-affected> (Doesn''t include KVM yet)
- linux-2.6.24 <removed>
@@ -1577,7 +1589,7 @@
CVE-2009-1193
RESERVED
CVE-2009-1192 (drivers/char/agp/generic.c in the agp subsystem in the Linux
kernel ...)
- {DSA-1794-1 DSA-1787-1}
+ {DSA-1800-1 DSA-1794-1 DSA-1787-1}
- linux-2.6 <unfixed>
- linux-2.6.24 <removed>
CVE-2009-1191 (mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP
Server ...)
@@ -1600,6 +1612,7 @@
{DSA-1772-1}
- udev 0.141-1 (medium)
CVE-2009-1184 (The selinux_ip_postroute_iptables_compat function in ...)
+ {DSA-1800-1}
- linux-2.6 2.6.30-1
NOTE: compat code was removed in 30-rc1, so marking 2.6.30 as fixed
[etch] - linux-2.6 <not-affected> (Issue was introduced after 2.6.24
release)
@@ -2060,6 +2073,7 @@
{DSA-1758-1}
- nss-ldapd 0.6.8
CVE-2009-1072 (nfsd in the Linux kernel before 2.6.28.9 does not drop the
CAP_MKNOD ...)
+ {DSA-1800-1}
- linux-2.6 2.6.29-1
[etch] - linux-2.6 <not-affected> (Issue was introduced after 2.6.24
release)
- linux-2.6.24 <not-affected> (Issue was introduced after 2.6.24
release)
@@ -2126,7 +2140,7 @@
CVE-2009-1047 (Cross-site scripting (XSS) vulnerability in the Send by e-mail
module ...)
NOT-FOR-US: Send by e-mail module for Drupal
CVE-2009-1046 (The console selection feature in the Linux kernel 2.6.28 before
...)
- {DSA-1787-1}
+ {DSA-1800-1 DSA-1787-1}
- linux-2.6 2.6.29-1
- linux-2.6.24 <removed>
[etch] - linux-2.6 <not-affected> (Introduced in 2.6.23-rc1)
@@ -2643,7 +2657,7 @@
CVE-2009-0860 (Cross-site scripting (XSS) vulnerability in the web user
interface in ...)
NOT-FOR-US: NetMRI
CVE-2009-0859 (The shm_get_stat function in ipc/shm.c in the shm subsystem in
the ...)
- {DSA-1794-1 DSA-1787-1}
+ {DSA-1800-1 DSA-1794-1 DSA-1787-1}
- linux-2.6 2.6.29-1 (unimportant)
NOTE: All Debian kernels set CONFIG_SHMEM, so this is moot except
NOTE: for locally modified configs and even for that I fail to
@@ -2772,12 +2786,13 @@
CVE-2009-0854 (Untrusted search path vulnerability in dash 0.5.4, when used as
a ...)
- dash <not-affected> (Debian uses upstream''s patch to
implement -l)
CVE-2009-0835 (The __secure_computing function in kernel/seccomp.c in the
seccomp ...)
+ {DSA-1800-1}
- linux-2.6 <unfixed> (low)
[etch] - linux-2.6 <not-affected> (Not enabled in 2.6.18)
- linux-2.6.24 <unfixed> (unimportant)
NOTE: CONFIG_SECCOMP has only been enabled in 2.6.26
CVE-2009-0834 (The audit_syscall_entry function in the Linux kernel 2.6.28.7
and ...)
- {DSA-1794-1 DSA-1787-1}
+ {DSA-1800-1 DSA-1794-1 DSA-1787-1}
- linux-2.6 <unfixed> (low)
- linux-2.6.24 <unfixed> (low)
CVE-2009-0833 (Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin
0.31 ...)
@@ -3356,8 +3371,8 @@
NOT-FOR-US: HP StorageWorks Storage Mirroring
CVE-2009-0715 (Unspecified vulnerability in Secure NaviCLI in HP Storage
Essentials ...)
NOT-FOR-US: HP Storage Essentials
-CVE-2009-0714
- RESERVED
+CVE-2009-0714 (Unspecified vulnerability in HP Data Protector Express and
Express SSE ...)
+ TODO: check
CVE-2009-0713 (Unspecified vulnerability in WMI Mapper for HP Systems Insight
Manager ...)
NOT-FOR-US: WMI Mapper
CVE-2009-0712 (Unspecified vulnerability in WMI Mapper for HP Systems Insight
Manager ...)
@@ -6519,7 +6534,7 @@
- linux-2.6 <unfixed> (medium)
- linux-2.6.24 <removed>
CVE-2009-0028 (The clone system call in the Linux kernel 2.6.28 and earlier
allows ...)
- {DSA-1794-1 DSA-1787-1}
+ {DSA-1800-1 DSA-1794-1 DSA-1787-1}
- linux-2.6 2.6.29-1
- linux-2.6.24 <removed>
CVE-2009-0027 (The request handler in JBossWS in JBoss Enterprise Application
...)