thr3ads.net - Secure testing commits - [Secure-testing-commits] r10899

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2009-Jan-08 21:14 UTC
[Secure-testing-commits] r10899 - data/CVE

Author: joeyh
Date: 2009-01-08 21:14:10 +0000 (Thu, 08 Jan 2009)
New Revision: 10899

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-01-08 20:41:23 UTC (rev 10898)
+++ data/CVE/list	2009-01-08 21:14:10 UTC (rev 10899)
@@ -1,3 +1,101 @@
+CVE-2009-0069 (Unspecified vulnerability in the nfs4rename_persistent_fh
function in ...)
+	TODO: check
+CVE-2009-0068 (Interaction error in xdg-open allows remote attackers to execute
...)
+	TODO: check
+CVE-2009-0067
+	RESERVED
+CVE-2009-0066 (Multiple unspecified vulnerabilities in Intel system software
for ...)
+	TODO: check
+CVE-2009-0065 (Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control
...)
+	TODO: check
+CVE-2009-0064
+	RESERVED
+CVE-2009-0063
+	RESERVED
+CVE-2009-0062
+	RESERVED
+CVE-2009-0061
+	RESERVED
+CVE-2009-0060
+	RESERVED
+CVE-2009-0059
+	RESERVED
+CVE-2009-0058
+	RESERVED
+CVE-2009-0057
+	RESERVED
+CVE-2009-0056
+	RESERVED
+CVE-2009-0055
+	RESERVED
+CVE-2009-0054
+	RESERVED
+CVE-2009-0053
+	RESERVED
+CVE-2009-0052
+	RESERVED
+CVE-2009-0051 (ZXID 0.29 and earlier does not properly check the return value
from ...)
+	TODO: check
+CVE-2009-0050 (Lasso 2.2.1 and earlier does not properly check the return value
from ...)
+	TODO: check
+CVE-2009-0049 (Belgian eID middleware (eidlib) 2.6.0 and earlier does not
properly ...)
+	TODO: check
+CVE-2009-0048 (OpenEvidence 1.0.6 and earlier does not properly check the
return ...)
+	TODO: check
+CVE-2009-0047 (Gale 0.99 and earlier does not properly check the return value
from ...)
+	TODO: check
+CVE-2009-0046 (Sun GridEngine 5.3 and earlier does not properly check the
return ...)
+	TODO: check
+CVE-2009-0045
+	RESERVED
+CVE-2009-0044
+	RESERVED
+CVE-2009-0043
+	RESERVED
+CVE-2009-0042
+	RESERVED
+CVE-2009-0041
+	RESERVED
+CVE-2008-5867 (Directory traversal vulnerability in Yerba SACphp 6.3 allows
remote ...)
+	TODO: check
+CVE-2008-5866 (The Proxim Wireless Tsunami MP.11 2411 with firmware 3.0.3 has
public ...)
+	TODO: check
+CVE-2008-5865 (SQL injection vulnerability in the com_hbssearch component 1.0
in the ...)
+	TODO: check
+CVE-2008-5864 (SQL injection vulnerability in the Top Hotel
(com_tophotelmodule) ...)
+	TODO: check
+CVE-2008-5863 (SQL injection vulnerability in locator.php in the Userlocator
module ...)
+	TODO: check
+CVE-2008-5862 (Directory traversal vulnerability in webcamXP 5.3.2.375 and
5.3.2.410 ...)
+	TODO: check
+CVE-2008-5861 (Directory traversal vulnerability in source.php in FreeLyrics
1.0 ...)
+	TODO: check
+CVE-2008-5860 (Directory traversal vulnerability in backend/template.php in
...)
+	TODO: check
+CVE-2008-5859 (SQL injection vulnerability in index.php in Constructr CMS
3.02.5 and ...)
+	TODO: check
+CVE-2008-5858 (Multiple cross-site scripting (XSS) vulnerabilities in
KnowledgeTree ...)
+	TODO: check
+CVE-2008-5857 (The DropDocuments plugin in KnowledgeTree before 3.5.4a allows
remote ...)
+	TODO: check
+CVE-2008-5856 (Directory traversal vulnerability in scripts/export.php in ClaSS
...)
+	TODO: check
+CVE-2008-5855 (myPHPscripts Login Session 2.0 stores sensitive information
under the ...)
+	TODO: check
+CVE-2008-5854 (Multiple cross-site scripting (XSS) vulnerabilities in login.php
in ...)
+	TODO: check
+CVE-2008-5853 (Chilek Content Management System (aka ChiCoMaS) 2.0.4 and
earlier ...)
+	TODO: check
+CVE-2008-5852 (Emefa Guestbook 3.0 stores sensitive information under the web
root ...)
+	TODO: check
+CVE-2008-5851 (SQL injection vulnerability in index.php in My PHP Baseball
Stats ...)
+	TODO: check
+CVE-2008-5850 (Unspecified vulnerability in the SmartCenter server for Check
Point ...)
+	TODO: check
+CVE-2008-5849 (Check Point VPN-1 R55, R65, and other versions, when Port
Address ...)
+	TODO: check
+CVE-2008-5848 (The Advantech ADAM-6000 module has 00000000 as its default
password, ...)
+	TODO: check
 CVE-2008-5847 (Constructr CMS 3.02.5 and earlier stores passwords in cleartext
in a ...)
 	NOT-FOR-US: Constructr CMS
 CVE-2008-5846 (Six Apart Movable Type (MT) before 4.23 allows remote
authenticated ...)
@@ -342,10 +440,10 @@
 	NOT-FOR-US: Solaris
 CVE-2008-5689 (tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through
snv_76 ...)
 	NOT-FOR-US: Solaris
-CVE-2008-5688 (MediaWiki 1.8.1 through 1.13.3, when the wgShowExceptionDetails
...)
+CVE-2008-5688 (MediaWiki 1.8.1, and other versions before 1.13.3, when the ...)
 	- mediawiki <unfixed> (unimportant)
 	NOTE: Installation path disclosure not treated as a security issue
-CVE-2008-5687 (MediaWiki 1.11 through 1.13.3 does not properly protect against
the ...)
+CVE-2008-5687 (MediaWiki 1.11, and other versions before 1.13.3, does not
properly ...)
 	- mediawiki 1:1.13.3-1 (low)
 	NOTE: the CVE id description is wrong, this is fixed in 1.13.3, notified mitre
 CVE-2008-5686 (IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006,
when its ...)
@@ -575,8 +673,7 @@
 	RESERVED
 CVE-2009-0026
 	RESERVED
-CVE-2009-0025 [OpenSSL signature verification API misuse: bind9 incarnation]
-	RESERVED
+CVE-2009-0025 (BIND 9.4.3 and earlier does not properly check the return value
from ...)
 	- bind9 <unfixed> (low)
 	NOTE: low severity because it is believed hard to trigger and only
 	NOTE: affects DNSSEC with DSA, which is supposedly rarely used.
@@ -587,8 +684,8 @@
 CVE-2009-0022 (Samba 3.2.0 through 3.2.6, when registry shares are enabled,
allows ...)
 	- samba 2:3.2.5-3
 	[etch] - samba <not-affected> (Only 3.2.x affected)
-CVE-2009-0021
-	RESERVED
+CVE-2009-0021 (NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not
properly ...)
+	TODO: check
 CVE-2009-0020
 	RESERVED
 CVE-2009-0019
@@ -1483,7 +1580,7 @@
 	- mediawiki 1:1.13.3-1 (bug #508869)
 CVE-2008-5249 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.0
through ...)
 	- mediawiki <not-affected> (vulnerable code was introduced in 1.13.0)
-        NOTE: Fixed for the 1.13 branch in experimental: 1:1.13.3-1, bug
#508868
+	NOTE: Fixed for the 1.13 branch in experimental: 1:1.13.3-1, bug #508868
 CVE-2008-5276 (Integer overflow in the ReadRealIndex function in real.c in the
Real ...)
 	- vlc <not-affected> (vulnerable code not present)
 	NOTE: affected versions are >= 0.9.x (experimental)
@@ -1923,8 +2020,7 @@
 	NOTE: http://marc.info/?l=linux-netdev&m=122841256115780&w=2
 CVE-2008-5078 (Multiple buffer overflows in the (1) recognize_eps_file function
...)
 	TODO: check
-CVE-2008-5077 [OpenSSL signature verification misuse]
-	RESERVED
+CVE-2008-5077 (OpenSSL 0.9.8i and earlier does not properly check the return
value ...)
 	- openssl 0.9.8g-15
 CVE-2008-5075 (Multiple SQL injection vulnerabilities in E-Uploader Pro 1.0
(aka ...)
 	NOT-FOR-US: E-Uploader Pro
@@ -2520,8 +2616,8 @@
 CVE-2008-XXXX [ktorrent issues]
 	- ktorrent2.2 2.2.8.dfsg.1-1 (bug #504178)
 	- ktorrent 3.1.4+dfsg.1-1
-        [etch] - ktorrent <not-affected> (Doesn''t include the
web interface)
-        NOTE: CVE requested
+	[etch] - ktorrent <not-affected> (Doesn''t include the web
interface)
+	NOTE: CVE requested
 CVE-2008-XXXX [epiphany-browser: Python scripts load modules from current
directory]
 	- epiphany-browser 2.22.3-7 (bug #504363; low)
 	[etch] - epiphany-browser <no-dsa> (Minor issue, only vulnerable when
called from certain dir)
Secure testing commits - Jan 2009 - r10899 - data/CVE

[Secure-testing-commits] r10899 - data/CVE
