Author: joeyh
Date: 2009-12-12 21:14:16 +0000 (Sat, 12 Dec 2009)
New Revision: 13532
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-12-12 21:04:14 UTC (rev 13531)
+++ data/CVE/list 2009-12-12 21:14:16 UTC (rev 13532)
@@ -110,8 +110,10 @@
CVE-2009-4239 (Cross-site scripting (XSS) vulnerability in the Web console in
IBM ...)
NOT-FOR-US: IBM InfoSphere Information Server
CVE-2009-4238
+ RESERVED
NOT-FOR-US: TestLink
CVE-2009-4237
+ RESERVED
NOT-FOR-US: TestLink
CVE-2009-4236 (The process function in ...)
NOT-FOR-US: EC-CUBE
@@ -229,16 +231,22 @@
CVE-2009-4182
RESERVED
CVE-2009-4181
+ RESERVED
NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-4180
+ RESERVED
NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-4179
+ RESERVED
NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-4178
+ RESERVED
NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-4177
+ RESERVED
NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-4176
+ RESERVED
NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-4175 (CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows
remote ...)
NOT-FOR-US: CuteNews
@@ -333,6 +341,7 @@
CVE-2009-4133
RESERVED
CVE-2009-4132
+ RESERVED
NOT-FOR-US: ** REJECT **
CVE-2009-4131 [linux-2.6: ext4 move extents issue]
RESERVED
@@ -792,6 +801,7 @@
CVE-2009-3952
RESERVED
CVE-2009-3951
+ RESERVED
NOT-FOR-US: ActiveX
CVE-2009-3950 (Multiple cross-site scripting (XSS) vulnerabilities in Bractus
...)
NOT-FOR-US: Bractus SunTrack
@@ -896,10 +906,13 @@
- gimp 2.6.7-1.1 (medium; bug #556750)
NOTE: http://secunia.com/secunia_research/2009-43/
CVE-2009-3908
+ RESERVED
NOT-FOR-US: ** REJECT **
CVE-2009-3907
+ RESERVED
NOT-FOR-US: ** REJECT **
CVE-2009-3906
+ RESERVED
NOT-FOR-US: ** REJECT **
CVE-2009-3905 (Multiple cross-site scripting (XSS) vulnerabilities in e-Courier
CMS ...)
NOT-FOR-US: e-Courier CMS
@@ -1060,14 +1073,19 @@
NOTE: a malicious .blend file. by design, blend files support
NOTE: all python operations, so ultimately any code can be executed
CVE-2009-3849
+ RESERVED
NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-3848
+ RESERVED
NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-3847
+ RESERVED
NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-3846
+ RESERVED
NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-3845
+ RESERVED
NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-3844 (Unspecified vulnerability in HP OpenView Data Protector
Application ...)
NOT-FOR-US: HP OpenView Data Protector Application
@@ -3554,6 +3572,7 @@
CVE-2009-3028
RESERVED
CVE-2009-3027
+ RESERVED
NOT-FOR-US: Symantec Backup Exec Continuous Protection Server
CVE-2009-3025 (Unspecified vulnerability in Pidgin 2.6.0 allows remote
attackers to ...)
- pidgin 2.6.1-1 (low)
@@ -7601,6 +7620,7 @@
CVE-2009-1726 (Heap-based buffer overflow in ColorSync in Apple Mac OS X
10.4.11 and ...)
NOT-FOR-US: ColorSync in Apple Mac OS X
CVE-2009-1725 (WebKit in Apple Safari before 4.0.2, as used on iPhone OS before
3.1, ...)
+ {DSA-1950-1}
- webkit 1.1.13-1 (medium; bug #538346)
- qt4-x11 4:4.5.2-2 (medium; bug #538347)
- kdelibs <not-affected> (medium; bug #538350)
@@ -7635,18 +7655,22 @@
CVE-2009-1715 (Cross-site scripting (XSS) vulnerability in Web Inspector in
WebKit in ...)
- webkit 1.0.1-4 (medium; bug #535793)
CVE-2009-1714 (Cross-site scripting (XSS) vulnerability in Web Inspector in
WebKit in ...)
+ {DSA-1950-1}
- webkit 1.1.12-1 (low; bug #535793)
NOTE: http://trac.webkit.org/changeset/36359
CVE-2009-1713 (The XSLT functionality in WebKit in Apple Safari before 4.0 does
not ...)
- webkit 1.0.1-4 (medium; bug #535793)
NOTE: http://trac.webkit.org/changeset/34533
CVE-2009-1712 (WebKit in Apple Safari before 4.0 does not prevent remote
loading of ...)
+ {DSA-1950-1}
- webkit 1.1.12-1 (medium; bug #535793)
NOTE: http://trac.webkit.org/changeset/41568
CVE-2009-1711 (WebKit in Apple Safari before 4.0 does not properly initialize
memory ...)
+ {DSA-1950-1}
- webkit 1.1.12-1 (medium; bug #535793)
NOTE: http://trac.webkit.org/changeset/36918
CVE-2009-1710 (WebKit in Apple Safari before 4.0 allows remote attackers to
spoof the ...)
+ {DSA-1950-1}
- webkit 1.1.12-1 (medium; bug #535793)
CVE-2009-1709 (Use-after-free vulnerability in the garbage-collection
implementation ...)
{DSA-1866-1}
@@ -7679,25 +7703,30 @@
CVE-2009-1699 (The XSL stylesheet implementation in WebKit in Apple Safari
before ...)
- webkit 1.0.1-4 (medium; bug #535793)
CVE-2009-1698 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1,
and ...)
- {DSA-1868-1 DSA-1867-1}
+ {DSA-1950-1 DSA-1868-1 DSA-1867-1}
- webkit 1.1.5-1 (medium; bug #534946)
NOTE: http://trac.webkit.org/changeset/42081
- kdelibs 4:3.5.10.dfsg.1-2.1 (medium; bug #534952)
- kde4libs 4:4.3.0-1 (medium; bug #534949)
- qt4-x11 4:4.5.2-1 (medium; bug #534947)
CVE-2009-1697 (CRLF injection vulnerability in WebKit in Apple Safari before
4.0, ...)
+ {DSA-1950-1}
- webkit 1.1.15.2-1 (medium; bug #535793)
CVE-2009-1696 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1,
and ...)
- webkit 1.1.12-1 (medium; bug #535793)
[lenny] - webkit <not-affected> (Vulnerable code not present)
CVE-2009-1695 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
+ {DSA-1950-1}
- webkit 1.1.12-1 (low; bug #535793)
CVE-2009-1694 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1,
and ...)
+ {DSA-1950-1}
- webkit 1.1.12-1 (low; bug #535793)
CVE-2009-1693 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1,
and ...)
+ {DSA-1950-1}
- webkit 1.1.12-1 (medium; bug #535793)
NOTE: http://trac.webkit.org/changeset/35928
CVE-2009-1692 (WebKit before r41741, as used in Apple iPhone OS 1.0 through
2.2.1, ...)
+ {DSA-1950-1}
- webkit 1.1.12-1 (low; bug #535793)
NOTE: upstream (undisclosed) bug report is
https://bugs.webkit.org/show_bug.cgi?id=23319
NOTE: http://trac.webkit.org/changeset/41741
@@ -7706,7 +7735,7 @@
[lenny] - webkit <not-affected> (Vulnerable code not present)
NOTE: http://trac.webkit.org/changeset/32791
CVE-2009-1690 (Use-after-free vulnerability in WebKit, as used in Apple Safari
before ...)
- {DSA-1868-1 DSA-1867-1}
+ {DSA-1950-1 DSA-1868-1 DSA-1867-1}
- webkit 1.1.5-1 (medium; bug #534946)
NOTE: http://trac.webkit.org/changeset/42532
- kdelibs 4:3.5.10.dfsg.1-2.1 (medium; bug #534952)
@@ -7720,7 +7749,7 @@
- webkit 1.1.12-1 (low; bug #535793)
[lenny] - webkit <not-affected> (Vulnerable code not present)
CVE-2009-1687 (The JavaScript garbage collector in WebKit in Apple Safari
before 4.0, ...)
- {DSA-1868-1 DSA-1867-1}
+ {DSA-1950-1 DSA-1868-1 DSA-1867-1}
- webkit 1.1.5-1 (medium; bug #534946)
- kdelibs 4:3.5.10.dfsg.1-2.1 (bug #534952)
- kde4libs 4:4.3.0-1
@@ -7732,12 +7761,14 @@
CVE-2009-1685 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
- webkit 1.0.1-4 (medium; bug #535793)
CVE-2009-1684 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
+ {DSA-1950-1}
- webkit 1.1.12-1 (low; bug #535793)
CVE-2009-1683 (The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and
...)
NOT-FOR-US: iPhone
CVE-2009-1682 (Apple Safari before 4.0 does not properly check for revoked
Extended ...)
NOT-FOR-US: Apple Safari
CVE-2009-1681 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1,
and ...)
+ {DSA-1950-1}
- webkit 1.1.12-1 (low; bug #535793)
CVE-2009-1680 (Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for
iPod ...)
NOT-FOR-US: Safari in Apple iPhone OS
@@ -10349,7 +10380,7 @@
{DSA-1784-1}
- freetype 2.3.9-4.1 (medium; bug #524925)
CVE-2009-0945 (Array index error in the insertItemBefore method in WebKit, as
used in ...)
- {DSA-1866-1}
+ {DSA-1950-1 DSA-1866-1}
- qt4-x11 4:4.5.2-1 (medium; bug #532718)
- webkit 1.1.5-1 (medium; bug #532724; bug #532725)
NOTE: http://trac.webkit.org/changeset/43590
@@ -10499,6 +10530,7 @@
CVE-2009-0899 (IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.24 and
7.0 ...)
NOT-FOR-US: IBM WebSphere
CVE-2009-0898
+ RESERVED
NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-0897 (IBM WebSphere Partner Gateway (WPG) 6.1.0 before 6.1.0.1 and
6.1.1 ...)
NOT-FOR-US: IBM WebSphere