Secure testing commits - Jul 2009 - r12351 - data/CVE

Author: joeyh
Date: 2009-07-15 21:14:36 +0000 (Wed, 15 Jul 2009)
New Revision: 12351

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-07-15 19:21:01 UTC (rev 12350)
+++ data/CVE/list	2009-07-15 21:14:36 UTC (rev 12351)
@@ -1,3 +1,53 @@
+CVE-2009-2461 (mathtex.cgi in mathTeX, when downloaded before 20090713, does
not ...)
+	TODO: check
+CVE-2009-2460 (Multiple stack-based buffer overflows in mathtex.cgi in mathTeX,
when ...)
+	TODO: check
+CVE-2009-2459 (Multiple unspecified vulnerabilities in mimeTeX, when downloaded
...)
+	TODO: check
+CVE-2009-2458 (Unspecified vulnerability in Sun Fire V215 Server, when using
XVR-100 ...)
+	TODO: check
+CVE-2009-2457 (The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows
...)
+	TODO: check
+CVE-2009-2456 (The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows
...)
+	TODO: check
+CVE-2009-2455 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2009-2454 (Cross-site scripting (XSS) vulnerability in Citrix Web Interface
4.6, ...)
+	TODO: check
+CVE-2009-2453 (Citrix XenApp (formerly Presentation Server) 4.5 Hotfix Rollup
Pack 3 ...)
+	TODO: check
+CVE-2009-2452 (Multiple unspecified vulnerabilities in Citrix Licensing 11.5
have ...)
+	TODO: check
+CVE-2009-2451 (Multiple SQL injection vulnerabilities in index.php in
MIM:InfiniX ...)
+	TODO: check
+CVE-2008-6867 (SQL injection vulnerability in content.php in Scripts For Sites
(SFS) ...)
+	TODO: check
+CVE-2008-6866 (SQL injection vulnerability in modules.php in the Current_Issue
module ...)
+	TODO: check
+CVE-2008-6865 (SQL injection vulnerability in modules.php in the Sectionsnew
module ...)
+	TODO: check
+CVE-2008-6864 (Xigla Software Absolute Live Support .NET 5.1 allows remote
attackers ...)
+	TODO: check
+CVE-2008-6863 (Xigla Software Absolute Form Processor .NET 4.0 allows remote
...)
+	TODO: check
+CVE-2008-6862 (Absolute Content Rotator 6.0 allows remote attackers to bypass
...)
+	TODO: check
+CVE-2008-6861 (Xigla Software Absolute Newsletter 6.0 and 6.1 allows remote
attackers ...)
+	TODO: check
+CVE-2008-6860 (Xigla Software Absolute Poll Manager XE 4.1 allows remote
attackers to ...)
+	TODO: check
+CVE-2008-6859 (Xigla Software Absolute Control Panel XE 1.5 allows remote
attackers ...)
+	TODO: check
+CVE-2008-6858 (Absolute Banner Manager .NET 4.0 allows remote attackers to
bypass ...)
+	TODO: check
+CVE-2008-6857 (Absolute Podcast .NET 1.0 allows remote attackers to bypass ...)
+	TODO: check
+CVE-2008-6856 (Xigla Software Absolute News Manager.NET 5.1 allows remote
attackers ...)
+	TODO: check
+CVE-2008-6855 (Xigla Software Absolute News Feed 1.0 and possibly 1.5 allows
remote ...)
+	TODO: check
+CVE-2008-6854 (Xigla Software Absolute FAQ Manager.NET 6.0 allows remote
attackers to ...)
+	TODO: check
 CVE-2009-XXXX [iceweasel: 0-day remote shellcode injection]
 	- iceweasel <unfixed> (high; bug #537104)
 CVE-2009-2450 (The OAmon.sys kernel driver 3.1.0.0 and earlier in Tall Emu
Online ...)
@@ -205,8 +255,8 @@
 	RESERVED
 CVE-2009-2348
 	RESERVED
-CVE-2009-2347 [libtiff issues]
-	RESERVED
+CVE-2009-2347 (Multiple integer overflows in inter-color spaces conversion
tools in ...)
+	{DSA-1835-1}
 	- tiff 3.8.2-13
 CVE-2009-2346
 	RESERVED
@@ -383,6 +433,7 @@
 	NOTE: upstream 2.6.30 does not contain the patch for this issue 
 	TODO: check 2.6.31 when it is released
 CVE-2009-2285 (Buffer underflow in the LZWDecodeCompat function in libtiff
3.8.2 ...)
+	{DSA-1835-1}
 	- tiff 3.8.2-12 (low; bug #534137)
 	NOTE: this doesn''t allow code execution, only a crash.
 CVE-2009-2283 (Multiple cross-site scripting (XSS) vulnerabilities in the help
jsp ...)
@@ -1108,60 +1159,60 @@
 	RESERVED
 CVE-2009-1990
 	RESERVED
-CVE-2009-1989
-	RESERVED
-CVE-2009-1988
-	RESERVED
-CVE-2009-1987
-	RESERVED
-CVE-2009-1986
-	RESERVED
+CVE-2009-1989 (Unspecified vulnerability in the PeopleSoft Enterprise FMS
component ...)
+	TODO: check
+CVE-2009-1988 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS
eProfile ...)
+	TODO: check
+CVE-2009-1987 (Unspecified vulnerability in the PeopleSoft Enterprise
PeopleTools - ...)
+	TODO: check
+CVE-2009-1986 (Unspecified vulnerability in the Oracle Applications Manager
component ...)
+	TODO: check
 CVE-2009-1985
 	RESERVED
-CVE-2009-1984
-	RESERVED
-CVE-2009-1983
-	RESERVED
-CVE-2009-1982
-	RESERVED
-CVE-2009-1981
-	RESERVED
-CVE-2009-1980
-	RESERVED
+CVE-2009-1984 (Unspecified vulnerability in the Application Install component
in ...)
+	TODO: check
+CVE-2009-1983 (Unspecified vulnerability in the Oracle iStore component in
Oracle ...)
+	TODO: check
+CVE-2009-1982 (Unspecified vulnerability in the Oracle Applications Framework
...)
+	TODO: check
+CVE-2009-1981 (Unspecified vulnerability in the Highly Interactive Client
component ...)
+	TODO: check
+CVE-2009-1980 (Unspecified vulnerability in the Oracle Application Object
Library ...)
+	TODO: check
 CVE-2009-1979
 	RESERVED
-CVE-2009-1978
-	RESERVED
-CVE-2009-1977
-	RESERVED
-CVE-2009-1976
-	RESERVED
-CVE-2009-1975
-	RESERVED
-CVE-2009-1974
-	RESERVED
-CVE-2009-1973
-	RESERVED
+CVE-2009-1978 (Unspecified vulnerability in the Oracle Secure Backup component
in ...)
+	TODO: check
+CVE-2009-1977 (Unspecified vulnerability in the Oracle Secure Backup component
in ...)
+	TODO: check
+CVE-2009-1976 (Unspecified vulnerability in the HTTP Server component in Oracle
...)
+	TODO: check
+CVE-2009-1975 (Unspecified vulnerability in the WebLogic Server component in
BEA ...)
+	TODO: check
+CVE-2009-1974 (Unspecified vulnerability in the WebLogic Server component in
BEA ...)
+	TODO: check
+CVE-2009-1973 (Unspecified vulnerability in the Virtual Private Database
component in ...)
+	TODO: check
 CVE-2009-1972
 	RESERVED
 CVE-2009-1971
 	RESERVED
-CVE-2009-1970
-	RESERVED
-CVE-2009-1969
-	RESERVED
-CVE-2009-1968
-	RESERVED
-CVE-2009-1967
-	RESERVED
-CVE-2009-1966
-	RESERVED
+CVE-2009-1970 (Unspecified vulnerability in the Listener component in Oracle
Database ...)
+	TODO: check
+CVE-2009-1969 (Unspecified vulnerability in the Auditing component in Oracle
Database ...)
+	TODO: check
+CVE-2009-1968 (Unspecified vulnerability in the Secure Enterprise Search
component in ...)
+	TODO: check
+CVE-2009-1967 (Unspecified vulnerability in the Config Management component in
(1) ...)
+	TODO: check
+CVE-2009-1966 (Unspecified vulnerability in the Config Management component in
(1) ...)
+	TODO: check
 CVE-2009-1965
 	RESERVED
 CVE-2009-1964
 	RESERVED
-CVE-2009-1963
-	RESERVED
+CVE-2009-1963 (Unspecified vulnerability in the Network Foundation component in
...)
+	TODO: check
 CVE-2008-6832 (Cross-site request forgery (CSRF) vulnerability in Atlassian
JIRA ...)
 	NOT-FOR-US: Atlassian JIRA Enterprise Edition
 CVE-2008-6831 (Multiple cross-site scripting (XSS) vulnerabilities in Atlassian
JIRA ...)
@@ -1373,6 +1424,7 @@
 	- dhcp3 <unfixed> (low)
 	[etch] - dhcp3 <not-affected> (problematic assert is not present)
 CVE-2009-1891 (The mod_deflate module in Apache httpd 2.2.11 and earlier
compresses ...)
+	{DSA-1834-1}
 	- apache2 2.2.11-7 (medium; bug #534712)
 CVE-2009-1890 (The stream_reqbody_cl function in mod_proxy_http.c in the
mod_proxy ...)
 	- apache2 2.2.11-7 (medium; bug #536718)
@@ -1380,7 +1432,6 @@
 	[lenny] - apache2-mpm-itk 2.2.6-02-1+lenny2
 	[lenny] - apache2 2.2.9-10+lenny4
 CVE-2009-1889 (The OSCAR protocol implementation in Pidgin before 2.5.8
misinterprets ...)
-	{DSA-1834-1}
 	- pidgin 2.5.8-1 (low; bug #535790)
 	NOTE: http://developer.pidgin.im/ticket/9483
 	NOTE:
http://developer.pidgin.im/viewmtn/revision/info/9bac0a540156fb1848eedd61c8630737dee752c7
@@ -2681,14 +2732,14 @@
 	RESERVED
 CVE-2009-1426
 	RESERVED
-CVE-2009-1425
-	RESERVED
-CVE-2009-1424
-	RESERVED
-CVE-2009-1423
-	RESERVED
-CVE-2009-1422
-	RESERVED
+CVE-2009-1425 (Unspecified vulnerability in HP ProCurve Threat Management
Services zl ...)
+	TODO: check
+CVE-2009-1424 (Unspecified vulnerability in HP ProCurve Threat Management
Services zl ...)
+	TODO: check
+CVE-2009-1423 (Unspecified vulnerability in HP ProCurve Threat Management
Services zl ...)
+	TODO: check
+CVE-2009-1422 (Unspecified vulnerability in HP ProCurve Threat Management
Services zl ...)
+	TODO: check
 CVE-2009-1421 (Unspecified vulnerability in NFS / ONCplus B.11.31_06 and
B.11.31_07 ...)
 	NOT-FOR-US: ONCplus on HP HP-UX
 CVE-2009-1420 (Stack-based buffer overflow in rping in HP OpenView Network Node
...)
@@ -2785,10 +2836,10 @@
 	- linux-2.6.24 <removed>
 CVE-2009-1384 (pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise
Linux ...)
 	NOT-FOR-US: Different code base than Debian''s libpam-krb5
-CVE-2009-1383
-	RESERVED
-CVE-2009-1382
-	RESERVED
+CVE-2009-1383 (The getdirective function in mathtex.cgi in mathTeX, when
downloaded ...)
+	TODO: check
+CVE-2009-1382 (Multiple stack-based buffer overflows in mimetex.cgi in mimeTeX,
when ...)
+	TODO: check
 CVE-2009-1381 (The map_yp_alias function in functions/imap_general.php in ...)
 	{DSA-1802-2}
 	- squirrelmail 2:1.4.19-1
@@ -4359,20 +4410,20 @@
 	NOT-FOR-US: phpComasy
 CVE-2009-1022 (Heap-based buffer overflow in the Preview/ Set Segment function
in ...)
 	NOT-FOR-US: Gretech GOMlab GOM Encoder
-CVE-2009-1021
-	RESERVED
-CVE-2009-1020
-	RESERVED
-CVE-2009-1019
-	RESERVED
+CVE-2009-1021 (Unspecified vulnerability in the Advanced Replication component
in ...)
+	TODO: check
+CVE-2009-1020 (Unspecified vulnerability in the Network Foundation component in
...)
+	TODO: check
+CVE-2009-1019 (Unspecified vulnerability in the Network Authentication
component in ...)
+	TODO: check
 CVE-2009-1018
 	RESERVED
 CVE-2009-1017 (Unspecified vulnerability in the BI Publisher component in
Oracle ...)
 	NOT-FOR-US: Oracle Application Server
 CVE-2009-1016 (Unspecified vulnerability in the WebLogic Server component in
BEA ...)
 	NOT-FOR-US: BEA Product Suite
-CVE-2009-1015
-	RESERVED
+CVE-2009-1015 (Unspecified vulnerability in the Core RDBMS component in Oracle
...)
+	TODO: check
 CVE-2009-1014 (Unspecified vulnerability in the PeopleSoft Enterprise
PeopleTools ...)
 	NOT-FOR-US: Oracle PeopleSoft Enterprise
 CVE-2009-1013 (Unspecified vulnerability in the PeopleSoft Enterprise
PeopleTools ...)
@@ -4427,8 +4478,8 @@
 	NOT-FOR-US: Oracle Application Server
 CVE-2009-0988 (Unspecified vulnerability in the Password Policy component in
Oracle ...)
 	NOT-FOR-US: Oracle Database
-CVE-2009-0987
-	RESERVED
+CVE-2009-0987 (Unspecified vulnerability in the Upgrade component in Oracle
Database ...)
+	TODO: check
 CVE-2009-0986 (Unspecified vulnerability in the Workspace Manager component in
Oracle ...)
 	NOT-FOR-US: Oracle Database
 CVE-2009-0985 (Unspecified vulnerability in the Core RDBMS component in Oracle
...)
@@ -5607,8 +5658,7 @@
 	RESERVED
 CVE-2009-0693
 	RESERVED
-CVE-2009-0692
-	RESERVED
+CVE-2009-0692 (Stack-based buffer overflow in the script_write_params method in
...)
 	{DSA-1833-1}
 	- dhcp3 <unfixed> (medium)
 	NOTE: dhcp in etch is not affected.
@@ -7568,8 +7618,8 @@
 	NOT-FOR-US: BlackBerry
 CVE-2009-0218 (Insecure method vulnerability in Particle Software IntraLaunch
...)
 	NOT-FOR-US: IntraLaunch Application Launcher ActiveX control
-CVE-2009-0217
-	RESERVED
+CVE-2009-0217 (The design of the W3C XML Signature Syntax and Processing
(XMLDsig) ...)
+	TODO: check
 CVE-2009-0216 (GE Fanuc iFIX 5.0 and earlier relies on client-side
authentication ...)
 	NOT-FOR-US: GE Fanuc iFIX
 CVE-2009-0215 (Stack-based buffer overflow in the GetXMLValue method in the IBM
...)
@@ -7622,8 +7672,8 @@
 	NOT-FOR-US: Garmin Communicator Plug-In
 CVE-2009-0193 (Heap-based buffer overflow in Adobe Acrobat Reader 9 before 9.1,
8 ...)
 	NOT-FOR-US: Adobe Acrobat Reader
-CVE-2009-0192
-	RESERVED
+CVE-2009-0192 (Off-by-one error in the iMonitor component in Novell eDirectory
8.8 ...)
+	TODO: check
 CVE-2009-0191 (Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506,
...)
 	NOT-FOR-US: Foxit Reader
 CVE-2009-0190