thr3ads.net - Secure testing commits - [Secure-testing-commits] r12508

If this information is useful, please help other people find it:
Share via:
Joey Hess
2009-Aug-07 21:14 UTC
[Secure-testing-commits] r12508 - data/CVE

Author: joeyh
Date: 2009-08-07 21:14:13 +0000 (Fri, 07 Aug 2009)
New Revision: 12508

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-08-07 21:08:38 UTC (rev 12507)
+++ data/CVE/list	2009-08-07 21:14:13 UTC (rev 12508)
@@ -1,3 +1,27 @@
+CVE-2009-2710
+	RESERVED
+CVE-2009-2709
+	RESERVED
+CVE-2009-2708
+	RESERVED
+CVE-2009-2707
+	RESERVED
+CVE-2009-2706
+	RESERVED
+CVE-2008-6911 (SQL injection vulnerability in the authenticateUser function in
...)
+	TODO: check
+CVE-2008-6910 (Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module
for ...)
+	TODO: check
+CVE-2008-6909 (Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module
for ...)
+	TODO: check
+CVE-2008-6908 (Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module
for ...)
+	TODO: check
+CVE-2008-6907 (Multiple SQL injection vulnerabilities in checkuser.php in
2532designs ...)
+	TODO: check
+CVE-2008-6906 (Cross-site scripting (XSS) vulnerability in index.php in
BabbleBoard ...)
+	TODO: check
+CVE-2008-6905 (Cross-site request forgery (CSRF) vulnerability in index.php in
...)
+	TODO: check
 CVE-2009-2705
 	RESERVED
 CVE-2009-2704
@@ -94,6 +118,7 @@
 	TODO: check
 CVE-2009-2666 [fetchmail 0 byte cert injection]
 	RESERVED
+	{DSA-1852-1}
 	- fetchmail 6.3.9~rc2-6 
 CVE-2009-2665 (The nsDocument::SetScriptGlobalObject function in ...)
 	- xulrunner <not-affected>
@@ -249,8 +274,8 @@
 	RESERVED
 CVE-2009-2626
 	RESERVED
-CVE-2009-2625
-	RESERVED
+CVE-2009-2625 (Apache Xerces2 Java, as used in Sun Java Runtime Environment
(JRE) in ...)
+	TODO: check
 CVE-2009-2624
 	RESERVED
 CVE-2009-2623
@@ -815,8 +840,7 @@
 	RESERVED
 CVE-2009-2413
 	RESERVED
-CVE-2009-2412 [overflow in apr and apr-util]
-	RESERVED
+CVE-2009-2412 (Multiple integer overflows in the Apache Portable Runtime (APR)
...)
 	- apr <unfixed>
 	- apr-util <unfixed>
 CVE-2009-2411
@@ -1408,20 +1432,20 @@
 	RESERVED
 CVE-2009-2195
 	RESERVED
-CVE-2009-2194
-	RESERVED
-CVE-2009-2193
-	RESERVED
-CVE-2009-2192
-	RESERVED
-CVE-2009-2191
-	RESERVED
-CVE-2009-2190
-	RESERVED
+CVE-2009-2194 (Apple Mac OS X 10.5 before 10.5.8 does not properly share file
...)
+	TODO: check
+CVE-2009-2193 (Buffer overflow in the kernel in Apple Mac OS X 10.5 before
10.5.8 ...)
+	TODO: check
+CVE-2009-2192 (MobileMe in Apple Mac OS X 10.5 before 10.5.8 does not properly
delete ...)
+	TODO: check
+CVE-2009-2191 (Format string vulnerability in Login Window in Apple Mac OS X
10.4.11 ...)
+	TODO: check
+CVE-2009-2190 (launchd in Apple Mac OS X 10.5 before 10.5.8 allows remote
attackers ...)
+	TODO: check
 CVE-2009-2189
 	RESERVED
-CVE-2009-2188
-	RESERVED
+CVE-2009-2188 (Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8
allows ...)
+	TODO: check
 CVE-2009-2187 (Multiple memory leaks in the (1) IP and (2) IPv6 multicast ...)
 	NOT-FOR-US: Sun Solaris 
 CVE-2009-2186 (Unspecified vulnerability in Adobe Shockwave Player before
11.0.0.465 ...)
@@ -2567,12 +2591,12 @@
 	NOT-FOR-US: NetDecision TFTP Server
 CVE-2009-1729 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java
System ...)
 	NOT-FOR-US: Sun Java System Communications Express
-CVE-2009-1728
-	RESERVED
-CVE-2009-1727
-	RESERVED
-CVE-2009-1726
-	RESERVED
+CVE-2009-1728 (Stack-based buffer overflow in Image RAW in Apple Mac OS X 10.5
before ...)
+	TODO: check
+CVE-2009-1727 (Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS
X 10.5 ...)
+	TODO: check
+CVE-2009-1726 (Heap-based buffer overflow in ColorSync in Apple Mac OS X
10.4.11 and ...)
+	TODO: check
 CVE-2009-1725 (WebKit in Apple Safari before 4.0.2 does not properly handle
numeric ...)
 	- webkit <unfixed> (medium; bug #538346)
 	- qt4-x11 <unfixed> (medium; bug #538347)
@@ -2585,9 +2609,9 @@
 	- webkit <unfixed> (low; bug #538402)
 	NOTE: http://www.thespanner.co.uk/2009/06/19/minor-safari-cross-domain-bug/
 	TODO: check 
-CVE-2009-1723
-	RESERVED
-CVE-2009-1722 (Buffer overflow in the compression implementation in OpenEXR
1.2.2 ...)
+CVE-2009-1723 (CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an
incorrect URL ...)
+	TODO: check
+CVE-2009-1722 (Heap-based buffer overflow in the compression implementation in
...)
 	{DSA-1842-1}
 	- openexr <unfixed>
 CVE-2009-1721 (The decompression implementation in the Imf::hufUncompress
function in ...)
@@ -8541,8 +8565,8 @@
 	- icu 4.0.1-1 (low; bug #534590)
 CVE-2009-0152 (iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL
...)
 	NOT-FOR-US: iChat in Apple Mac OS X
-CVE-2009-0151
-	RESERVED
+CVE-2009-0151 (The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8
does not ...)
+	TODO: check
 CVE-2009-0150 (Stack-based buffer overflow in Apple Mac OS X 10.5 before 10.5.7
...)
 	NOT-FOR-US: Apple Mac OS X
 CVE-2009-0149 (Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows local users
to ...)
Secure testing commits - Aug 2009 - r12508 - data/CVE

[Secure-testing-commits] r12508 - data/CVE
