thr3ads.net - Secure testing commits - [Secure-testing-commits] r10957

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2009-Jan-14 21:14 UTC
[Secure-testing-commits] r10957 - data/CVE

Author: joeyh
Date: 2009-01-14 21:14:14 +0000 (Wed, 14 Jan 2009)
New Revision: 10957

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-01-14 20:44:23 UTC (rev 10956)
+++ data/CVE/list	2009-01-14 21:14:14 UTC (rev 10957)
@@ -1,40 +1,46 @@
-CVE-2008-5901
+CVE-2009-0117
+	RESERVED
+CVE-2009-0116
+	RESERVED
+CVE-2009-0115
+	RESERVED
+CVE-2008-5901 (iyzi Forum 1.0 beta 3 stores sensitive information under the web
root ...)
 	NOT-FOR-US: iyzi Forum
-CVE-2008-5900
+CVE-2008-5900 (CodeAvalanche Articles stores sensitive information under the
web root ...)
 	NOT-FOR-US: CodeAvalanche Articles
-CVE-2008-5899
+CVE-2008-5899 (CodeAvalanche FreeForAll stores sensitive information under the
web ...)
 	NOT-FOR-US: CodeAvalanche FreeForAll
-CVE-2008-5898
+CVE-2008-5898 (CodeAvalanche Directory stores sensitive information under the
web ...)
 	NOT-FOR-US: CodeAvalanche Directory
-CVE-2008-5897
+CVE-2008-5897 (CodeAvalanche FreeWallpaper stores sensitive information under
the web ...)
 	NOT-FOR-US: CodeAvalanche FreeWallpaper
-CVE-2008-5896
+CVE-2008-5896 (CodeAvalanche RateMySite stores sensitive information under the
web ...)
 	NOT-FOR-US: CodeAvalanche RateMySite
-CVE-2008-5895
+CVE-2008-5895 (SQL injection vulnerability in connection.php in Mediatheka 4.2
and ...)
 	NOT-FOR-US: Mediatheka
-CVE-2008-5894
+CVE-2008-5894 (Directory traversal vulnerability in index.php in Mediatheka 4.2
...)
 	NOT-FOR-US: Mediatheka
-CVE-2008-5893
+CVE-2008-5893 (Cross-site scripting (XSS) vulnerability in admin_dblayers.asp
in ...)
 	NOT-FOR-US: ClickAndEmail
-CVE-2008-5892
+CVE-2008-5892 (Multiple SQL injection vulnerabilities in ClickAndEmail allow
remote ...)
 	NOT-FOR-US: ClickAndEmail
-CVE-2008-5891
+CVE-2008-5891 (Cross-site scripting (XSS) vulnerability in the profile editing
...)
 	NOT-FOR-US: Injader
-CVE-2008-5890
+CVE-2008-5890 (SQL injection vulnerability in feeds.php in Injader before 2.1.2
...)
 	NOT-FOR-US: Injader
-CVE-2008-5889
+CVE-2008-5889 (Cross-site scripting (XSS) vulnerability in user.asp in
Click&amp;Rank ...)
 	NOT-FOR-US: Click&Rank
-CVE-2008-5888
+CVE-2008-5888 (Multiple SQL injection vulnerabilities in Click&amp;Rank
allow remote ...)
 	NOT-FOR-US: Click&Rank
-CVE-2008-5887
+CVE-2008-5887 (phplist before 2.10.8 allows remote attackers to include files
via ...)
 	NOT-FOR-US: phplist
-CVE-2008-5886
+CVE-2008-5886 (TAKempis Discussion Web 4.0 stores sensitive information under
the web ...)
 	NOT-FOR-US: TAKempis Discussion Web
-CVE-2008-5885
+CVE-2008-5885 (The Net Guys ASPired2Quote stores sensitive information under
the web ...)
 	NOT-FOR-US: Net Guys ASPired2Quote
-CVE-2008-5884
+CVE-2008-5884 (AyeView 2.20 allows user-assisted attackers to cause a denial of
...)
 	NOT-FOR-US: AyeView
-CVE-2008-5883
+CVE-2008-5883 (Absolute path traversal vulnerability in front-end/dir.php in
mini-pub ...)
 	NOT-FOR-US: mini-pub
 CVE-2009-XXXX [xrdp: multiple vulnerabilities]
 	- xrdp <unfixed> (bug #511641)
@@ -259,7 +265,8 @@
 	NOT-FOR-US: Emefa Guestbook
 CVE-2008-5851 (SQL injection vulnerability in index.php in My PHP Baseball
Stats ...)
 	NOT-FOR-US: My PHP Baseball Stats
-CVE-2008-5850 (** UNVERIFIABLE ** ...)
+CVE-2008-5850
+	REJECTED
 	NOT-FOR-US: Check Point
 CVE-2008-5849 (Check Point VPN-1 R55, R65, and other versions, when Port
Address ...)
 	NOT-FOR-US: Check Point
@@ -852,8 +859,7 @@
 	NOTE: unlike the advisory states it is DSA_do_verify not DSA_verify
 	NOTE: low severity because it is believed hard to trigger and only
 	NOTE: affects DNSSEC with DSA, which is supposedly rarely used.
-CVE-2009-0024 [sys_remap_file_pages privilege escalation]
-	RESERVED
+CVE-2009-0024 (The sys_remap_file_pages function in mm/fremap.c in the Linux
kernel ...)
 	- linux-2.6 2.6.24-4
 	[etch] - linux-2.6 <not-affected> (Introduced in 2.6.23)
 	NOTE: Fixed in 2.6.24 before initial upload
@@ -1046,8 +1052,8 @@
 	RESERVED
 CVE-2008-5518
 	RESERVED
-CVE-2008-5517
-	RESERVED
+CVE-2008-5517 (The web interface in git in SUSE openSUSE 10.3 allows remote
attackers ...)
+	TODO: check
 CVE-2008-5516
 	RESERVED
 CVE-2008-5515
@@ -1059,13 +1065,13 @@
 CVE-2008-5513 (Unspecified vulnerability in the session-restore feature in
Mozilla ...)
 	- iceweasel 3.0.5-1
 CVE-2008-5512 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x
before ...)
-	{DSA-1697-1 DSA-1696-1}
+	{DSA-1704-1 DSA-1697-1 DSA-1696-1}
 	- iceweasel 3.0.5-1
 	- icedove 2.0.0.19-1
 	- iceape 1.1.14-1
 	- xulrunner 1.9.0.5-1
 CVE-2008-5511 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19,
Thunderbird ...)
-	{DSA-1697-1 DSA-1696-1}
+	{DSA-1704-1 DSA-1697-1 DSA-1696-1}
 	- iceweasel 3.0.5-1
 	- icedove 2.0.0.19-1
 	- iceape 1.1.14-1
@@ -1078,19 +1084,19 @@
 CVE-2008-5509
 	RESERVED
 CVE-2008-5508 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19,
Thunderbird ...)
-	{DSA-1697-1 DSA-1696-1}
+	{DSA-1704-1 DSA-1697-1 DSA-1696-1}
 	- iceweasel 3.0.5-1
 	- icedove 2.0.0.19-1
 	- iceape 1.1.14-1
 	- xulrunner 1.9.0.5-1
 CVE-2008-5507 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19,
Thunderbird ...)
-	{DSA-1697-1 DSA-1696-1}
+	{DSA-1704-1 DSA-1697-1 DSA-1696-1}
 	- iceweasel 3.0.5-1
 	- icedove 2.0.0.19-1
 	- iceape 1.1.14-1
 	- xulrunner 1.9.0.5-1
 CVE-2008-5506 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19,
Thunderbird ...)
-	{DSA-1697-1 DSA-1696-1}
+	{DSA-1704-1 DSA-1697-1 DSA-1696-1}
 	- iceweasel 3.0.5-1
 	- icedove 2.0.0.19-1
 	- iceape 1.1.14-1
@@ -1103,7 +1109,7 @@
 	NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected
 	NOTE: Original fix for CVE-2008-3836 was incomplete
 CVE-2008-5503 (The loadBindingDocument function in Mozilla Firefox 2.x before
...)
-	{DSA-1697-1 DSA-1696-1}
+	{DSA-1704-1 DSA-1697-1 DSA-1696-1}
 	- iceape 1.1.13-1
 	- iceweasel 3.0
 	- xulrunner 1.9
@@ -1123,7 +1129,7 @@
 	[etch] - xulrunner <not-affected> (Xulrunner 1.8 not affected)
 	- icedove <not-affected> (This issue was FF3 only, CVE-2008-5500 affects
icedove)
 CVE-2008-5500 (The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x
before ...)
-	{DSA-1697-1 DSA-1696-1}
+	{DSA-1704-1 DSA-1697-1 DSA-1696-1}
 	- iceweasel 3.0.5-1
 	- icedove 2.0.0.19-1
 	- iceape 1.1.14-1
@@ -1216,62 +1222,62 @@
 	RESERVED
 CVE-2008-5464
 	RESERVED
-CVE-2008-5463
-	RESERVED
-CVE-2008-5462
-	RESERVED
-CVE-2008-5461
-	RESERVED
-CVE-2008-5460
-	RESERVED
-CVE-2008-5459
-	RESERVED
-CVE-2008-5458
-	RESERVED
-CVE-2008-5457
-	RESERVED
-CVE-2008-5456
-	RESERVED
-CVE-2008-5455
-	RESERVED
-CVE-2008-5454
-	RESERVED
+CVE-2008-5463 (Unspecified vulnerability in the PeopleSoft Enterprise Campus
...)
+	TODO: check
+CVE-2008-5462 (Unspecified vulnerability in the WebLogic Portal component in
BEA ...)
+	TODO: check
+CVE-2008-5461 (Unspecified vulnerability in the WebLogic Server component in
BEA ...)
+	TODO: check
+CVE-2008-5460 (Unspecified vulnerability in the WebLogic Server component in
BEA ...)
+	TODO: check
+CVE-2008-5459 (Unspecified vulnerability in the WebLogic Server component in
BEA ...)
+	TODO: check
+CVE-2008-5458 (Unspecified vulnerability in the Oracle Application Object
Library ...)
+	TODO: check
+CVE-2008-5457 (Unspecified vulnerability in the Oracle BEA WebLogic Server
Plugins ...)
+	TODO: check
+CVE-2008-5456 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS
component ...)
+	TODO: check
+CVE-2008-5455 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS -
...)
+	TODO: check
+CVE-2008-5454 (Unspecified vulnerability in the iProcurement component in
Oracle ...)
+	TODO: check
 CVE-2008-5453
 	RESERVED
-CVE-2008-5452
-	RESERVED
-CVE-2008-5451
-	RESERVED
-CVE-2008-5450
-	RESERVED
-CVE-2008-5449
-	RESERVED
-CVE-2008-5448
-	RESERVED
-CVE-2008-5447
-	RESERVED
-CVE-2008-5446
-	RESERVED
-CVE-2008-5445
-	RESERVED
-CVE-2008-5444
-	RESERVED
-CVE-2008-5443
-	RESERVED
-CVE-2008-5442
-	RESERVED
-CVE-2008-5441
-	RESERVED
-CVE-2008-5440
-	RESERVED
-CVE-2008-5439
-	RESERVED
-CVE-2008-5438
-	RESERVED
-CVE-2008-5437
-	RESERVED
-CVE-2008-5436
-	RESERVED
+CVE-2008-5452 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS
component ...)
+	TODO: check
+CVE-2008-5451 (Unspecified vulnerability in the JD Edwards Tools component in
Oracle ...)
+	TODO: check
+CVE-2008-5450 (Unspecified vulnerability in the Oracle Applications Platform
...)
+	TODO: check
+CVE-2008-5449 (Unspecified vulnerability in the Oracle Secure Backup component
in ...)
+	TODO: check
+CVE-2008-5448 (Unspecified vulnerability in the Oracle Secure Backup component
in ...)
+	TODO: check
+CVE-2008-5447 (Unspecified vulnerability in the Oracle Enterprise Manager
component ...)
+	TODO: check
+CVE-2008-5446 (Unspecified vulnerability in the Oracle Applications Framework
...)
+	TODO: check
+CVE-2008-5445 (Unspecified vulnerability in the Oracle Secure Backup component
in ...)
+	TODO: check
+CVE-2008-5444 (Unspecified vulnerability in the Oracle Secure Backup component
in ...)
+	TODO: check
+CVE-2008-5443 (Unspecified vulnerability in the Oracle Secure Backup component
in ...)
+	TODO: check
+CVE-2008-5442 (Unspecified vulnerability in the Oracle Secure Backup component
in ...)
+	TODO: check
+CVE-2008-5441 (Unspecified vulnerability in the Oracle Secure Backup component
in ...)
+	TODO: check
+CVE-2008-5440 (Unspecified vulnerability in the TimesTen Data Server component
in ...)
+	TODO: check
+CVE-2008-5439 (Unspecified vulnerability in the SQL*Plus Windows GUI component
in ...)
+	TODO: check
+CVE-2008-5438 (Unspecified vulnerability in the Oracle Portal component in
Oracle ...)
+	TODO: check
+CVE-2008-5437 (Unspecified vulnerability in the Job Queue component in Oracle
...)
+	TODO: check
+CVE-2008-5436 (Unspecified vulnerability in the Oracle OLAP component in Oracle
...)
+	TODO: check
 CVE-2008-5435 (Cross-site scripting (XSS) vulnerability in moderate.php in
PunBB ...)
 	NOT-FOR-US: PunBB
 CVE-2008-5434 (Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1
allow ...)
@@ -1739,8 +1745,8 @@
 	NOT-FOR-US: Tornado Knowledge Retrieval System
 CVE-2008-5263
 	RESERVED
-CVE-2008-5262
-	RESERVED
+CVE-2008-5262 (Multiple stack-based buffer overflows in the iGetHdrHeader
function in ...)
+	TODO: check
 CVE-2008-5261
 	RESERVED
 CVE-2008-5260
@@ -4008,8 +4014,7 @@
 	- net-snmp 5.4.1~dfsg-11 (bug #504150)
 CVE-2008-4308
 	RESERVED
-CVE-2008-4307 [kernel: BUG() in locks_remove_flock]
-	RESERVED
+CVE-2008-4307 (Race condition in the do_setlk function in fs/nfs/file.c in the
Linux ...)
 	- linux-2.6 2.6.26-1
 	- linux-2.6.24 <removed>
 CVE-2008-4306 (Buffer overflow in enscript before 1.6.4 has unknown impact and
attack ...)
@@ -4718,14 +4723,14 @@
 	NOTE: script is an example, which can be used by users
 CVE-2008-4018 (swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows
local ...)
 	NOT-FOR-US: IBM AIX
-CVE-2008-4017
-	RESERVED
-CVE-2008-4016
-	RESERVED
-CVE-2008-4015
-	RESERVED
-CVE-2008-4014
-	RESERVED
+CVE-2008-4017 (Unspecified vulnerability in the OC4J component in Oracle
Application ...)
+	TODO: check
+CVE-2008-4016 (Unspecified vulnerability in the Collaborative Workspaces
component in ...)
+	TODO: check
+CVE-2008-4015 (Unspecified vulnerability in the Oracle Streams component in
Oracle ...)
+	TODO: check
+CVE-2008-4014 (Unspecified vulnerability in the Oracle BPEL Process Manager
component ...)
+	TODO: check
 CVE-2008-4013 (Unspecified vulnerability in the WebLogic Server component in
BEA ...)
 	NOT-FOR-US: BEA WebLogic
 CVE-2008-4012 (Unspecified vulnerability in the WebLogic Workshop component in
BEA ...)
@@ -4738,10 +4743,10 @@
 	NOT-FOR-US: BEA WebLogic
 CVE-2008-4008 (Unspecified vulnerability in the WebLogic Server Plugins for
Apache ...)
 	NOT-FOR-US: BEA WebLogic
-CVE-2008-4007
-	RESERVED
-CVE-2008-4006
-	RESERVED
+CVE-2008-4007 (Unspecified vulnerability in the PeopleSoft Enterprise
Components ...)
+	TODO: check
+CVE-2008-4006 (Unspecified vulnerability in the Oracle Secure Backup component
in ...)
+	TODO: check
 CVE-2008-4005 (Unspecified vulnerability in the Oracle Application Express
component ...)
 	NOT-FOR-US: Oracle
 CVE-2008-4004 (Unspecified vulnerability in the JDE EnterpriseOne Business
Service ...)
@@ -4754,12 +4759,12 @@
 	NOT-FOR-US: Oracle
 CVE-2008-4000 (Unspecified vulnerability in the PeopleTools component in Oracle
...)
 	NOT-FOR-US: Oracle
-CVE-2008-3999
-	RESERVED
+CVE-2008-3999 (Unspecified vulnerability in the Oracle OLAP component in Oracle
...)
+	TODO: check
 CVE-2008-3998 (Unspecified vulnerability in the Oracle iStore component in
Oracle ...)
 	NOT-FOR-US: Oracle
-CVE-2008-3997
-	RESERVED
+CVE-2008-3997 (Unspecified vulnerability in the Oracle OLAP component in Oracle
...)
+	TODO: check
 CVE-2008-3996 (Unspecified vulnerability in the Change Data Capture component
in ...)
 	NOT-FOR-US: Oracle
 CVE-2008-3995 (Unspecified vulnerability in the Change Data Capture component
in ...)
@@ -4790,24 +4795,24 @@
 	NOT-FOR-US: Oracle
 CVE-2008-3982 (Unspecified vulnerability in the Workspace Manager component in
Oracle ...)
 	NOT-FOR-US: Oracle
-CVE-2008-3981
-	RESERVED
+CVE-2008-3981 (Unspecified vulnerability in the Oracle Secure Backup component
in ...)
+	TODO: check
 CVE-2008-3980 (Unspecified vulnerability in the Upgrade component in Oracle
Database ...)
 	NOT-FOR-US: Oracle
-CVE-2008-3979
-	RESERVED
-CVE-2008-3978
-	RESERVED
+CVE-2008-3979 (Unspecified vulnerability in the Oracle Spatial component in
Oracle ...)
+	TODO: check
+CVE-2008-3978 (Unspecified vulnerability in the Oracle Spatial component in
Oracle ...)
+	TODO: check
 CVE-2008-3977 (Unspecified vulnerability in the Oracle Portal component in
Oracle ...)
 	NOT-FOR-US: Oracle
 CVE-2008-3976 (Unspecified vulnerability in the Oracle Spatial component in
Oracle ...)
 	NOT-FOR-US: Oracle
 CVE-2008-3975 (Unspecified vulnerability in the Oracle Portal component in
Oracle ...)
 	NOT-FOR-US: Oracle
-CVE-2008-3974
-	RESERVED
-CVE-2008-3973
-	RESERVED
+CVE-2008-3974 (Unspecified vulnerability in the Oracle OLAP component in Oracle
...)
+	TODO: check
+CVE-2008-3973 (Unspecified vulnerability in the SQL*Plus Windows GUI component
in ...)
+	TODO: check
 CVE-2008-3972 (pkcs15-tool in OpenSC before 0.11.6 does not apply security
updates to ...)
 	{DSA-1627-2}
 	- opensc 0.11.4-5
@@ -8163,8 +8168,8 @@
 	NOT-FOR-US: Oracle
 CVE-2008-2624 (Unspecified vulnerability in the Oracle OLAP component in Oracle
...)
 	NOT-FOR-US: Oracle
-CVE-2008-2623
-	RESERVED
+CVE-2008-2623 (Unspecified vulnerability in the Oracle JDeveloper component in
Oracle ...)
+	TODO: check
 CVE-2008-2622 (Unspecified vulnerability in the PeopleSoft PeopleTools
component in ...)
 	NOT-FOR-US: Oracle PeopleSoft Enterprise
 CVE-2008-2621 (Unspecified vulnerability in the PeopleSoft PeopleTools
component in ...)
Secure testing commits - Jan 2009 - r10957 - data/CVE

[Secure-testing-commits] r10957 - data/CVE
