Secure testing commits - Dec 2009 - r13562 - data/CVE

Author: joeyh
Date: 2009-12-15 21:14:19 +0000 (Tue, 15 Dec 2009)
New Revision: 13562

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-12-15 20:32:50 UTC (rev 13561)
+++ data/CVE/list	2009-12-15 21:14:19 UTC (rev 13562)
@@ -1,3 +1,95 @@
+CVE-2010-0035
+	RESERVED
+CVE-2010-0034
+	RESERVED
+CVE-2010-0033
+	RESERVED
+CVE-2010-0032
+	RESERVED
+CVE-2010-0031
+	RESERVED
+CVE-2010-0030
+	RESERVED
+CVE-2010-0029
+	RESERVED
+CVE-2010-0028
+	RESERVED
+CVE-2010-0027
+	RESERVED
+CVE-2010-0026
+	RESERVED
+CVE-2010-0025
+	RESERVED
+CVE-2010-0024
+	RESERVED
+CVE-2010-0023
+	RESERVED
+CVE-2010-0022
+	RESERVED
+CVE-2010-0021
+	RESERVED
+CVE-2010-0020
+	RESERVED
+CVE-2010-0019
+	RESERVED
+CVE-2010-0018
+	RESERVED
+CVE-2010-0017
+	RESERVED
+CVE-2010-0016
+	RESERVED
+CVE-2010-0015
+	RESERVED
+CVE-2010-0014
+	RESERVED
+CVE-2010-0013
+	RESERVED
+CVE-2010-0012
+	RESERVED
+CVE-2010-0011
+	RESERVED
+CVE-2010-0010
+	RESERVED
+CVE-2010-0009
+	RESERVED
+CVE-2010-0008
+	RESERVED
+CVE-2010-0007
+	RESERVED
+CVE-2010-0006
+	RESERVED
+CVE-2010-0005
+	RESERVED
+CVE-2010-0004
+	RESERVED
+CVE-2010-0003
+	RESERVED
+CVE-2010-0002
+	RESERVED
+CVE-2010-0001
+	RESERVED
+CVE-2009-4324 (Unspecified vulnerability in Adobe Reader and Acrobat 9.2 and
earlier ...)
+	TODO: check
+CVE-2009-4323 (The installation for Zen Cart stores sensitive information and
...)
+	TODO: check
+CVE-2009-4322 (extras/ipn_test_return.php in Zen Cart allows remote attackers
to ...)
+	TODO: check
+CVE-2009-4321 (extras/curltest.php in Zen Cart 1.3.8 and 1.3.8a, and possibly
other ...)
+	TODO: check
+CVE-2009-4320 (Cross-site scripting (XSS) vulnerability in searchform.php in
The Next ...)
+	TODO: check
+CVE-2009-4319 (PHP remote file inclusion vulnerability in ...)
+	TODO: check
+CVE-2009-4318 (Cross-site scripting (XSS) vulnerability in index.php in Real
Estate ...)
+	TODO: check
+CVE-2009-4317 (Cross-site scripting (XSS) vulnerability in index.php in
ScriptsEz Ez ...)
+	TODO: check
+CVE-2009-4316 (Cross-site scripting (XSS) vulnerability in
searchresults_main.php in ...)
+	TODO: check
+CVE-2009-4315 (Directory traversal vulnerability in admin/ajaxsave.php in
Nuggetz CMS ...)
+	TODO: check
+CVE-2009-4314 (Sun Ray Server Software 4.1 on Solaris 10, when Automatic
Multi-Group ...)
+	TODO: check
 CVE-2009-4313 (ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows
2000 ...)
 	TODO: check
 CVE-2009-4312 (Unspecified vulnerability in the Indeo codec in Microsoft
Windows 2000 ...)
@@ -460,10 +552,10 @@
 CVE-2009-XXXX [monkey DoS]
 	- monkey 0.9.3-1 (low)
 	[lenny] - monkey <no-dsa> (Minor issue, fringe package)
-CVE-2009-4130
-	RESERVED
-CVE-2009-4129
-	RESERVED
+CVE-2009-4130 (Visual truncation vulnerability in the MakeScriptDialogTitle
function ...)
+	TODO: check
+CVE-2009-4129 (Race condition in Mozilla Firefox allows remote attackers to
produce a ...)
+	TODO: check
 CVE-2009-4128 (GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the
submitted ...)
 	- grub2 1.97+20091115-1 (bug #555195)
 	[lenny] - grub2 <not-affected> (Password authentication not yet present)
@@ -519,6 +611,7 @@
 CVE-2009-4103 (Buffer overflow in Robo-FTP 3.6.17, and possibly other versions,
...)
 	NOT-FOR-US: Robo-FTP
 CVE-2009-4102 (Sage 1.4.3 and earlier extension for Firefox performs certain
...)
+	{DSA-1951-1}
 	- firefox-sage 1.4.3-4 (medium; bug #559267)
 CVE-2009-4101 (infoRSS 1.1.4.2 and earlier extension for Firefox performs
certain ...)
 	NOT-FOR-US: infoRSS extension for Firefox
@@ -633,6 +726,7 @@
 CVE-2009-4056 (Directory traversal vulnerability in admin/popup.php in Betsy
CMS 3.5 ...)
 	NOT-FOR-US: Betsy CMS
 CVE-2009-4055 (rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before
...)
+	{DSA-1952-1}
 	- asterisk 1:1.6.2.0~rc7-1 (bug #559103)
 CVE-2009-4054
 	REJECTED
@@ -1524,6 +1618,7 @@
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3727 (Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3,
...)
+	{DSA-1952-1}
 	- asterisk 1:1.6.2.0~rc6-1
 	[lenny] - asterisk <no-dsa> (Minor issue)
 	[etch] - asterisk <no-dsa> (Minor issue)
@@ -2060,6 +2155,7 @@
 CVE-2009-3561 (Directory traversal vulnerability in Xerver HTTP Server 4.32
allows ...)
 	NOT-FOR-US: Xerver HTTP Server
 CVE-2009-3560 (The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat
2.0.1, ...)
+	{DSA-1953-1}
 	- expat 2.0.1-6 (low; bug #560901)
 	- w3c-libwww <removed>
 	[etch] - w3c-libwww <no-dsa> (Minor issue, only used by fringe apps)
@@ -3169,6 +3265,7 @@
 	[etch] - bugzilla <not-affected> (Vulnerable code not present)
 	NOTE: Introduced in 2.23.4
 CVE-2008-7220 (Unspecified vulnerability in Prototype JavaScript framework ...)
+	{DSA-1952-1}
 	- prototypejs 1.6.0.2-1
 	- asterisk 1:1.6.2.0~rc3-1 (low; bug #555220)
 	[etch] - asterisk <no-dsa> (Minor issue)
@@ -14252,6 +14349,7 @@
 CVE-2009-0042 (Multiple unspecified vulnerabilities in the Arclib library ...)
 	NOT-FOR-US: CA Anti-Virus
 CVE-2009-0041 (IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before
...)
+	{DSA-1952-1}
 	- asterisk 1:1.6.1.0~dfsg~rc3-1 (low; bug #513413)
 	[lenny] - asterisk <no-dsa> (Minor issue)
 	[etch] - asterisk <no-dsa> (Minor issue)
@@ -19105,6 +19203,7 @@
 	- ruby1.8 1.8.7.72-1 (bug #498978)
 	- ruby1.9 1.9.0.2-6 (bug #498977)
 CVE-2008-3903 (Asterisk Open Source 1.2.x before 1.2.32, 1.4.x before 1.4.24.1,
and ...)
+	{DSA-1952-1}
 	- asterisk 1:1.6.1.0~dfsg-1 (low; bug #522528)
 	[etch] - asterisk <no-dsa> (Minor issue)
 	[lenny] - asterisk <no-dsa> (Minor issue)
@@ -39926,6 +40025,7 @@
 	NOTE: only be considered vunerabile if they process confidential data.
 	NOTE: The frameworks should be fixed in any case.
 CVE-2007-2383 (The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges
data ...)
+	{DSA-1952-1}
 	- prototypejs <not-affected> (fixed before initial upload)
 	- auth2db 0.2.5-2+dfsg-1 (low; bug #555217)
 	- asterisk 1:1.6.2.0~rc3-1 (low; bug #555220)