thr3ads.net - Secure testing commits - [Secure-testing-commits] r12157

If this information is useful, please help other people find it:
Share via:
Joey Hess
2009-Jun-18 21:14 UTC
[Secure-testing-commits] r12157 - data/CVE

Author: joeyh
Date: 2009-06-18 21:14:13 +0000 (Thu, 18 Jun 2009)
New Revision: 12157

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-06-18 20:59:06 UTC (rev 12156)
+++ data/CVE/list	2009-06-18 21:14:13 UTC (rev 12157)
@@ -1,3 +1,71 @@
+CVE-2009-2107 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
+	TODO: check
+CVE-2009-2106 (SQL injection vulnerability in the Virtual Civil Services
(civserv) ...)
+	TODO: check
+CVE-2009-2105 (SQL injection vulnerability in the References database
(t3references) ...)
+	TODO: check
+CVE-2009-2104 (Cross-site scripting (XSS) vulnerability in the Modern Guestbook
/ ...)
+	TODO: check
+CVE-2009-2103 (SQL injection vulnerability in the Frontend MP3 Player
(fe_mp3player) ...)
+	TODO: check
+CVE-2009-2102 (SQL injection vulnerability in the Jumi (com_jumi) component
2.0.3 and ...)
+	TODO: check
+CVE-2009-2101 (Directory traversal vulnerability in archive.php in TorrentVolve
1.4, ...)
+	TODO: check
+CVE-2009-2100 (Directory traversal vulnerability in the JoomlaPraise
Projectfork ...)
+	TODO: check
+CVE-2009-2099 (SQL injection vulnerability in the iJoomla RSS Feeder ...)
+	TODO: check
+CVE-2009-2098 (SQL injection vulnerability in topicler.php in phPortal 1.0
allows ...)
+	TODO: check
+CVE-2009-2097 (SQL injection vulnerability in ...)
+	TODO: check
+CVE-2009-2096 (SQL injection vulnerability in house/listing_view.php in ...)
+	TODO: check
+CVE-2009-2095 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2009-2094
+	RESERVED
+CVE-2009-2093
+	RESERVED
+CVE-2009-2092
+	RESERVED
+CVE-2009-2091
+	RESERVED
+CVE-2009-2090
+	RESERVED
+CVE-2009-2089
+	RESERVED
+CVE-2009-2088
+	RESERVED
+CVE-2009-2087
+	RESERVED
+CVE-2009-2086
+	RESERVED
+CVE-2009-2085
+	RESERVED
+CVE-2009-2084 (Simple Linux Utility for Resource Management (SLURM) 1.2 and 1.3
...)
+	TODO: check
+CVE-2009-2083 (Cross-site scripting (XSS) vulnerability in the term data detail
page ...)
+	TODO: check
+CVE-2009-2082 (SQL injection vulnerability in insidepage.php in Creative Web
...)
+	TODO: check
+CVE-2009-2081 (Directory traversal vulnerability in help.php in phpWebThings
1.5.2 ...)
+	TODO: check
+CVE-2009-2080 (admin.php in MRCGIGUY The Ticket System 2.0 does not properly
restrict ...)
+	TODO: check
+CVE-2009-2079 (Cross-site scripting (XSS) vulnerability in the administrative
page ...)
+	TODO: check
+CVE-2009-2078 (Multiple cross-site scripting (XSS) vulnerabilities in Booktree
5.x ...)
+	TODO: check
+CVE-2009-2077 (Drupal 6.x before 6.x-2.6, a module for Drupal, allows remote
...)
+	TODO: check
+CVE-2009-2076 (Cross-site scripting (XSS) vulnerability in Views 6.x before
6.x-2.6, ...)
+	TODO: check
+CVE-2009-2075 (Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module
for ...)
+	TODO: check
+CVE-2009-2074 (Cross-site scripting (XSS) vulnerability in Nodequeue 5.x before
...)
+	TODO: check
 CVE-2009-XXXX [backuppc: web frontend installed insecurely by default]
 	- backuppc 3.1.0-6
 	[lenny] - backuppc 3.1.0-4lenny1
@@ -117,7 +185,7 @@
 CVE-2009-XXXX [adtool leaks password in environment]
 	- adtool 1.3.2-1 (unimportant)
 	NOTE: adtool has safe means to specify the password, so this boils
-        NOTE: down to potential insecure usage
+	NOTE: down to potential insecure usage
 CVE-2009-2027 (The Installer in Apple Safari before 4.0 on Windows allows local
users ...)
 	NOT-FOR-US: Apple Safari
 CVE-2009-2026
@@ -150,8 +218,8 @@
 	NOT-FOR-US: Frontis
 CVE-2009-2012 (Unspecified vulnerability in idmap in Sun OpenSolaris snv_88
through ...)
 	NOT-FOR-US: OpenSolaris
-CVE-2009-2011
-	RESERVED
+CVE-2009-2011 (Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and
...)
+	TODO: check
 CVE-2009-2010 (Multiple SQL injection vulnerabilities in Haudenschilt Family
...)
 	NOT-FOR-US: Haudenschilt Family Connections CMS
 CVE-2009-2009 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos
1.8.5, ...)
@@ -563,40 +631,50 @@
 	- strongswan 4.2.14-1.1 (medium; bug #531612)
 	[etch] - strongswan <not-affected> (Vulnerable code not present, IKEv2
was introduced in 4.3)
 CVE-2009-1841 (js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox
before ...)
+	{DSA-1820-1}
 	- xulrunner 1.9.0.11-1
 	- icedove <unfixed>
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
 CVE-2009-1840 (Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not
check ...)
+	{DSA-1820-1}
 	- xulrunner 1.9.0.11-1
 	- icedove <unfixed>
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
 CVE-2009-1839 (Mozilla Firefox 3 before 3.0.11 associates an incorrect
principal with ...)
+	{DSA-1820-1}
 	- xulrunner 1.9.0.11-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
 CVE-2009-1838 (The garbage-collection implementation in Mozilla Firefox before
...)
+	{DSA-1820-1}
 	- xulrunner 1.9.0.11-1
 	- icedove <unfixed>
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
 CVE-2009-1837 (Race condition in the NPObjWrapper_NewResolve function in ...)
+	{DSA-1820-1}
 	- xulrunner 1.9.0.11-1
 	[etch] - xulrunner <not-affected> (Doesn''t affect Gecko 1.8)
 CVE-2009-1836 (Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and
...)
+	{DSA-1820-1}
 	- xulrunner 1.9.0.11-1
 	- icedove <unfixed>
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
 CVE-2009-1835 (Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17
associate ...)
+	{DSA-1820-1}
 	- xulrunner 1.9.0.11-1
 	- icedove <unfixed>
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
 CVE-2009-1834 (Visual truncation vulnerability in
netwerk/dns/src/nsIDNService.cpp in ...)
+	{DSA-1820-1}
 	- xulrunner 1.9.0.11-1
 	- icedove <unfixed>
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
 CVE-2009-1833 (The JavaScript engine in Mozilla Firefox before 3.0.11,
Thunderbird ...)
+	{DSA-1820-1}
 	- xulrunner 1.9.0.11-1
 	- icedove <unfixed>
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
 CVE-2009-1832 (Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and
...)
+	{DSA-1820-1}
 	- xulrunner 1.9.0.11-1
 	- icedove <unfixed>
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
@@ -750,8 +828,8 @@
 	- radare (low)
 	TODO: file bug
 	NOTE: see the portions of code of #530178
-CVE-2009-1761
-	RESERVED
+CVE-2009-1761 (The message engine in CA ARCserve Backup r12.0 and r12.0 SP1 for
...)
+	TODO: check
 CVE-2009-1760 (Directory traversal vulnerability in src/torrent_info.cpp in
Rasterbar ...)
 	{DSA-1815-1}
 	- libtorrent-rasterbar 0.14.4-1 (medium)
@@ -834,8 +912,8 @@
 	RESERVED
 CVE-2009-1720
 	RESERVED
-CVE-2009-1719
-	RESERVED
+CVE-2009-1719 (The Aqua Look and Feel for Java implementation in Java 1.5 on
Mac OS X ...)
+	TODO: check
 CVE-2009-1718 (WebKit in Apple Safari before 4.0 allows user-assisted remote
...)
 	TODO: check
 CVE-2009-1717 (Integer overflow in Terminal in Apple Mac OS X 10.5 before
10.5.7 ...)
@@ -895,7 +973,7 @@
 CVE-2009-1691 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
 	- webkit <unfixed>
 	TODO: File bug
-CVE-2009-1690 (Use after free vulnerability in WebKit, as used in Apple Safari
before ...)
+CVE-2009-1690 (Use-after-free vulnerability in WebKit, as used in Apple Safari
before ...)
 	TODO: check
 CVE-2009-1689 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
 	TODO: check
@@ -1737,17 +1815,16 @@
 CVE-2009-1393
 	RESERVED
 CVE-2009-1392 (The browser engine in Mozilla Firefox 3 before 3.0.11,
Thunderbird ...)
+	{DSA-1820-1}
 	- xulrunner 1.9.0.11-1
 	- icedove <unfixed>
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-CVE-2009-1391 [Compress::Raw::Zlib buffer overflow]
-	RESERVED
+CVE-2009-1391 (Off-by-one error in the inflate function in Zlib.xs in ...)
 	- perl 5.10.0-23 (medium; bug #532736)
 	- libcompress-raw-zlib-perl 2.015-2 (medium; bug #532738)
-CVE-2009-1390
-	RESERVED
-CVE-2009-1389 [linux-2.6: packet overflow]
-	RESERVED
+CVE-2009-1390 (Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2)
...)
+	TODO: check
+CVE-2009-1389 (Buffer overflow in the RTL8169 NIC driver (drivers/net/r8169.c)
in the ...)
 	- linux-2.6 2.6.26-16 (high; bug #532376)
 	- linux-2.6.24 <removed>
 	NOTE: potential for kernel memory corruption by remote attacker
@@ -3120,7 +3197,7 @@
 	- xfig 1:3.2.5.a-1
 	[etch] - xfig <no-dsa> (Minor issue)
 	[lenny] - xfig <no-dsa> (Minor issue)
-CVE-2009-1092 (Use after free vulnerability in the LIVEAUDIO.LiveAudioCtrl.1
ActiveX ...)
+CVE-2009-1092 (Use-after-free vulnerability in the LIVEAUDIO.LiveAudioCtrl.1
ActiveX ...)
 	NOT-FOR-US: LIVEAUDIO.LiveAudioCtrl.1 ActiveX
 CVE-2009-1091 (Cross-site scripting (XSS) vulnerability in upload.php in
Rapidleech ...)
 	NOT-FOR-US: Rapidleech
@@ -4443,6 +4520,7 @@
 CVE-2008-6289 (SQL injection vulnerability in cityview.php in Tours Manager 1.0
...)
 	NOT-FOR-US: Tours Manager
 CVE-2009-0770 (dkim-milter 2.6.0 through 2.8.0 allows remote attackers to cause
a ...)
+	{DSA-1728-1}
 	- dkim-milter 2.6.0.dfsg-2 (low)
 	[lenny] - dkim-milter 2.6.0.dfsg-1+lenny1
 	NOTE:
http://sourceforge.net/tracker/index.php?func=detail&aid=2508602&group_id=139420&atid=744358
@@ -6921,7 +6999,7 @@
 	NOT-FOR-US: Microsoft Windows
 CVE-2009-0085 (The Secure Channel (aka SChannel) authentication component in
...)
 	NOT-FOR-US: Microsoft Windows
-CVE-2009-0084 (Use after free vulnerability in DirectShow in Microsoft DirectX
8.1 ...)
+CVE-2009-0084 (Use-after-free vulnerability in DirectShow in Microsoft DirectX
8.1 ...)
 	NOT-FOR-US: DirectX
 CVE-2009-0083 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and
Server ...)
 	NOT-FOR-US: Microsoft Windows
@@ -7910,8 +7988,7 @@
 CVE-2008-5516 (The web interface in git (gitweb) 1.5.x before 1.5.5 allows
remote ...)
 	{DSA-1708-1}
 	- git-core 1:1.5.6-1
-CVE-2008-5515 [Apache Tomcat information disclosure vulnerability]
-	RESERVED
+CVE-2008-5515 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0
...)
 	- tomcat5 <removed> (bug #532363)
 	- tomcat5.5 <unfixed> (bug #532366)
 	- tomcat6 6.0.20-1 (bug #532362)
@@ -9215,7 +9292,7 @@
 	NOT-FOR-US: Graphiks MyForum
 CVE-2008-5039 (Cross-site scripting (XSS) vulnerability in the League module
for ...)
 	NOT-FOR-US: PHP-Nuke
-CVE-2008-5038 (Use after free vulnerability in the NetWare Core Protocol (NCP)
...)
+CVE-2008-5038 (Use-after-free vulnerability in the NetWare Core Protocol (NCP)
...)
 	NOT-FOR-US:  Novell eDirectory
 CVE-2008-5037 (SQL injection vulnerability in view.php in ElkaGroup Image
Gallery 1.0 ...)
 	NOT-FOR-US: ElkaGroup Image Gallery
@@ -9414,7 +9491,7 @@
 CVE-2008-XXXX [universalindentgui insecure usage of temp files]
 	- universalindentgui 0.8.1-1.2 (low; bug #504726)
 CVE-2008-5032 (Stack-based buffer overflow in VideoLAN VLC media player 0.5.0
through ...)
-	{DTSA-176-1}
+	{DSA-1819-1 DTSA-176-1}
 	- vlc 0.8.6.h-5 (medium; bug #504639)
 CVE-2008-5036 (Stack-based buffer overflow in VideoLAN VLC media player 0.9.x
before ...)
 	- vlc <not-affected> (Vulnerable code not present in 0.8.x)
@@ -10231,7 +10308,7 @@
 	NOTE: code in 0.8.6.i-2 does not have this flaw, experimental version (0.9.4
is vulnerable)
 	TODO: check if >= 0.9.4 is uploaded to unstable
 CVE-2008-4686 (Multiple integer overflows in ty.c in the TY demux plugin (aka
the ...)
-	{DTSA-175-1}
+	{DSA-1819-1 DTSA-175-1}
 	- vlc 0.8.6.h-4.1 (medium; bug #503118)
 CVE-2008-4687 (manage_proj_page.php in Mantis before 1.1.4 allows remote ...)
 	- mantis 1.1.2+dfsg-7 (medium; bug #502728)
@@ -12399,7 +12476,7 @@
 	NOTE: vulnerable script only called when updating the source
 	NOTE: thus neither actively used nor invoked automatically
 CVE-2008-3794 (Integer signedness error in the mms_ReceiveCommand function in
...)
-	{DTSA-166-1}
+	{DSA-1819-1 DTSA-166-1}
 	- vlc 0.8.6.h-4 (medium; bug #496265)
 CVE-2008-3747 (The (1) get_edit_post_link and (2) get_edit_comment_link
functions in ...)
 	- wordpress 2.5.1-6 (low; bug #497216)
@@ -15497,7 +15574,7 @@
 CVE-2008-2431 (Multiple buffer overflows in Novell iPrint Client before 5.06
allow ...)
 	NOT-FOR-US: Novell iPrint
 CVE-2008-2430 (Integer overflow in the Open function in modules/demux/wav.c in
VLC ...)
-	{DTSA-148-1}
+	{DSA-1819-1 DTSA-148-1}
 	- vlc 0.8.6.h-1 (medium; bug #489004)
 CVE-2008-2429 (Multiple SQL injection vulnerabilities in Calendarix Basic ...)
 	NOT-FOR-US: Calendarix
@@ -15624,7 +15701,7 @@
 CVE-2008-2378 (Untrusted search path vulnerability in hfkernel in hf 0.7.3 and
0.8 ...)
 	{DSA-1668-1}
 	- hf 0.8-8.1 (medium; bug #504182)
-CVE-2008-2377 (Use after free vulnerability in the ...)
+CVE-2008-2377 (Use-after-free vulnerability in the ...)
 	- gnutls26 2.4.1-1 (medium)
 	- gnutls13 <not-affected> (Problem was introduced in 2.3.5)
 CVE-2008-2376 (Integer overflow in the rb_ary_fill function in array.c in Ruby
before ...)
@@ -16232,7 +16309,7 @@
 	- emacs21 21.4a+1-5.5 (low; bug #480877)
 	[etch] - emacs21 <no-dsa> (Minor issue)
 CVE-2008-2147 (Untrusted search path vulnerability in VideoLAN VLC before 0.9.0
...)
-	{DTSA-132-1}
+	{DSA-1819-1 DTSA-132-1}
 	- vlc 0.8.6.e-2.2 (low; bug #480724)
 	NOTE: https://trac.videolan.org/vlc/ticket/1578
 	NOTE:
http://git.videolan.org/?p=vlc.git;a=commit;h=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181
@@ -16778,7 +16855,7 @@
 CVE-2008-1882
 	RESERVED
 CVE-2008-1881 (Stack-based buffer overflow in the ParseSSA function ...)
-	{DTSA-125-1}
+	{DSA-1819-1 DTSA-125-1}
 	- vlc 0.8.6.e-2.1 (medium; bug #477805)
 CVE-2008-1880 (The default configuration of Firebird before 2.0.3.12981.0-r6 on
...)
 	- firebird2 <removed>
@@ -17032,10 +17109,10 @@
 CVE-2008-1770 (CRLF injection vulnerability in Akamai Download Manager ActiveX
...)
 	NOT-FOR-US: Akamai Download Manager
 CVE-2008-1769 (VLC before 0.8.6f allow remote attackers to cause a denial of
service ...)
-	{DTSA-125-1}
+	{DSA-1819-1 DTSA-125-1}
 	- vlc 0.8.6.e-2.1 (low; bug #478140)
 CVE-2008-1768 (Multiple integer overflows in VLC before 0.8.6f allow remote
attackers ...)
-	{DTSA-125-1}
+	{DSA-1819-1 DTSA-125-1}
 	- vlc 0.8.6.e-2.1 (medium; bug #478140)
 CVE-2008-1767 (Buffer overflow in pattern.c in libxslt before 1.1.24 allows
...)
 	{DSA-1589-1}
@@ -18761,7 +18838,7 @@
 	NOT-FOR-US: Microsoft
 CVE-2008-1086 (The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft
...)
 	NOT-FOR-US: Microsoft
-CVE-2008-1085 (Use after free vulnerability in Microsoft Internet Explorer 5.01
SP4, ...)
+CVE-2008-1085 (Use-after-free vulnerability in Microsoft Internet Explorer 5.01
SP4, ...)
 	NOT-FOR-US: Microsoft
 CVE-2008-1084 (Unspecified vulnerability in the kernel in Microsoft Windows
2000 SP4, ...)
 	NOT-FOR-US: Microsoft
Secure testing commits - Jun 2009 - r12157 - data/CVE

[Secure-testing-commits] r12157 - data/CVE
