thr3ads.net - Secure testing commits - [Secure-testing-commits] r11012

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2009-Jan-21 21:14 UTC
[Secure-testing-commits] r11012 - data/CVE

Author: joeyh
Date: 2009-01-21 21:14:15 +0000 (Wed, 21 Jan 2009)
New Revision: 11012

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-01-21 18:20:56 UTC (rev 11011)
+++ data/CVE/list	2009-01-21 21:14:15 UTC (rev 11012)
@@ -1,3 +1,163 @@
+CVE-2009-0242 (Ganglia 3.1.1 allows remote attackers to cause a denial of
service via ...)
+	TODO: check
+CVE-2009-0241 (Stack-based buffer overflow in the process_path function in ...)
+	TODO: check
+CVE-2009-0240 (listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an
SVN ...)
+	TODO: check
+CVE-2009-0239
+	RESERVED
+CVE-2009-0238
+	RESERVED
+CVE-2009-0237
+	RESERVED
+CVE-2009-0236
+	RESERVED
+CVE-2009-0235
+	RESERVED
+CVE-2009-0234
+	RESERVED
+CVE-2009-0233
+	RESERVED
+CVE-2009-0232
+	RESERVED
+CVE-2009-0231
+	RESERVED
+CVE-2009-0230
+	RESERVED
+CVE-2009-0229
+	RESERVED
+CVE-2009-0228
+	RESERVED
+CVE-2009-0227
+	RESERVED
+CVE-2009-0226
+	RESERVED
+CVE-2009-0225
+	RESERVED
+CVE-2009-0224
+	RESERVED
+CVE-2009-0223
+	RESERVED
+CVE-2009-0222
+	RESERVED
+CVE-2009-0221
+	RESERVED
+CVE-2009-0220
+	RESERVED
+CVE-2009-0219 (The PDF distiller in the Attachment Service in Research in
Motion ...)
+	TODO: check
+CVE-2009-0218
+	RESERVED
+CVE-2009-0217
+	RESERVED
+CVE-2009-0216
+	RESERVED
+CVE-2009-0215
+	RESERVED
+CVE-2009-0214
+	RESERVED
+CVE-2009-0213
+	RESERVED
+CVE-2009-0212
+	RESERVED
+CVE-2009-0211
+	RESERVED
+CVE-2009-0210
+	RESERVED
+CVE-2009-0209
+	RESERVED
+CVE-2009-0208
+	RESERVED
+CVE-2009-0207
+	RESERVED
+CVE-2009-0206
+	RESERVED
+CVE-2009-0205
+	RESERVED
+CVE-2009-0204
+	RESERVED
+CVE-2009-0203
+	RESERVED
+CVE-2009-0202
+	RESERVED
+CVE-2009-0201
+	RESERVED
+CVE-2009-0200
+	RESERVED
+CVE-2009-0199
+	RESERVED
+CVE-2009-0198
+	RESERVED
+CVE-2009-0197
+	RESERVED
+CVE-2009-0196
+	RESERVED
+CVE-2009-0195
+	RESERVED
+CVE-2009-0194
+	RESERVED
+CVE-2009-0193
+	RESERVED
+CVE-2009-0192
+	RESERVED
+CVE-2009-0191
+	RESERVED
+CVE-2009-0190
+	RESERVED
+CVE-2009-0189
+	RESERVED
+CVE-2009-0188
+	RESERVED
+CVE-2009-0187
+	RESERVED
+CVE-2009-0186
+	RESERVED
+CVE-2009-0185
+	RESERVED
+CVE-2009-0184
+	RESERVED
+CVE-2009-0183
+	RESERVED
+CVE-2009-0182 (Buffer overflow in VUPlayer 2.49 and earlier allows
user-assisted ...)
+	TODO: check
+CVE-2009-0181 (Buffer overflow in VUPlayer allows user-assisted attackers to
have an ...)
+	TODO: check
+CVE-2009-0180 (Certain Fedora build scripts for nfs-utils before 1.1.2-9.fc9 on
...)
+	TODO: check
+CVE-2009-0179 (libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly
other ...)
+	TODO: check
+CVE-2009-0178 (Unspecified vulnerability in IBM Hardware Management Console
(HMC) 7 ...)
+	TODO: check
+CVE-2009-0177 (vmwarebase.dll, as used in the vmware-authd service (aka ...)
+	TODO: check
+CVE-2009-0176 (Multiple heap-based buffer overflows in the PDF distiller in the
...)
+	TODO: check
+CVE-2009-0175 (Heap-based buffer overflow in Heathco Software MP3 TrackMaker
1.5 ...)
+	TODO: check
+CVE-2009-0174 (Stack-based buffer overflow in VUPlayer 2.49 allows remote
attackers ...)
+	TODO: check
+CVE-2008-5920 (The create_anchors function in utils.inc in WebSVN 1.x allows
remote ...)
+	TODO: check
+CVE-2008-5919 (Directory traversal vulnerability in rss.php in WebSVN 2.0 and
...)
+	TODO: check
+CVE-2008-5918 (Cross-site scripting (XSS) vulnerability in the ...)
+	TODO: check
+CVE-2008-5917 (Cross-site scripting (XSS) vulnerability in the XSS filter ...)
+	TODO: check
+CVE-2008-5916 (gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6,
1.5.6.x ...)
+	TODO: check
+CVE-2008-5915 (An unspecified function in the JavaScript implementation in
Google ...)
+	TODO: check
+CVE-2008-5914 (An unspecified function in the JavaScript implementation in
Apple ...)
+	TODO: check
+CVE-2008-5913 (An unspecified function in the JavaScript implementation in
Mozilla ...)
+	TODO: check
+CVE-2008-5912 (An unspecified function in the JavaScript implementation in
Microsoft ...)
+	TODO: check
+CVE-2008-5911 (Multiple buffer overflows in RealNetworks Helix Server and Helix
...)
+	TODO: check
+CVE-2007-6720 (libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and
...)
+	TODO: check
 CVE-2009-0173 (Unspecified vulnerability in the server in IBM DB2 9.1 before
FP6a and ...)
 	NOT-FOR-US: IBM DB2
 CVE-2009-0172 (Unspecified vulnerability in IBM DB2 9.1 before FP6a and 9.5
before ...)
@@ -105,7 +265,7 @@
 	- m2crypto <unfixed> (bug #511515)
 CVE-2009-0126 (The decrypt_public function in lib/crypt.cpp in the client in
Berkeley ...)
 	- boinc 6.2.14-3 (bug #511521)
-CVE-2009-0125 (nasl/nasl_crypto2.c in the Nessus Attack Scripting Language
library ...)
+CVE-2009-0125 (** DISPUTED ** ...)
 	- libnasl <unfixed> (bug #511517)
 CVE-2009-0124 (The tqsl_verifyDataBlock function in openssl_cert.cpp in
American ...)
 	- tqsllib 2.0-8 (bug #511509)
@@ -286,7 +446,7 @@
 	NOT-FOR-US: Internet Explorer
 CVE-2009-0071 (Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when
designMode is ...)
 	- iceweasel <unfixed> (unimportant)
-        NOTE: Browser crashes not treated as security issues
+	NOTE: Browser crashes not treated as security issues
 CVE-2009-0070 (Integer signedness error in Apple Safari allows remote attackers
to ...)
 	NOT-FOR-US: Apple Safari
 CVE-2008-5880 (admin/auth.php in Gobbl CMS 1.0 allows remote attackers to
bypass ...)
@@ -691,7 +851,7 @@
 	NOT-FOR-US: Mayaa
 CVE-2008-5719 (Cross-site scripting (XSS) vulnerability in Hitachi Groupmax Web
...)
 	NOT-FOR-US: Hitachi
-CVE-2008-5718 (The papd daemon in Netatalk before 2.0.4-beta2 allows remote
attackers ...)
+CVE-2008-5718 (The papd daemon in Netatalk before 2.0.4-beta2, when using
certain ...)
 	{DSA-1705-1 DTSA-183-1}
 	- netatalk 2.0.4~beta2-1 (medium; bug #510585)
 CVE-2008-5717 (Cross-site scripting (XSS) vulnerability in Hitachi
JP1/Integrated ...)
@@ -986,8 +1146,8 @@
 	RESERVED
 CVE-2009-0032
 	RESERVED
-CVE-2009-0031
-	RESERVED
+CVE-2009-0031 (Memory leak in the keyctl_join_session_keyring function ...)
+	TODO: check
 CVE-2009-0030
 	RESERVED
 CVE-2009-0029 (The ABI in the Linux kernel 2.6.28 and earlier on s390, powerpc,
...)
@@ -1197,11 +1357,10 @@
 	RESERVED
 CVE-2008-5518
 	RESERVED
-CVE-2008-5517 (The web interface in git in SUSE openSUSE 10.3 allows remote
attackers ...)
+CVE-2008-5517 (The web interface in git (gitweb) 1.5.5 and other versions
allows ...)
 	{DSA-1708-1}
 	- git-core 1:1.5.6.5-2 (low; bug #512330)
-CVE-2008-5516 [gitweb shell command injection through snapshots and pickaxe
search]
-	RESERVED
+CVE-2008-5516 (The web interface in git (gitweb) 1.5.6, and possibly other
versions, ...)
 	{DSA-1708-1}
 	- git-core 1:1.5.6-1
 CVE-2008-5515
@@ -2109,6 +2268,7 @@
 	[lenny] - wireshark 1.0.2-3+lenny3
 	- wireshark 1.0.5-1 (low; bug #506741)
 CVE-2008-5394 (/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably
other ...)
+	{DSA-1709-1}
 	- shadow 1:4.1.1-6 (bug #505271)
 CVE-2008-5706 (The cTrigger::DoIt function in src/ctrigger.cpp in the trigger
...)
 	- verlihub <unfixed> (low; bug #506530)
@@ -2446,10 +2606,11 @@
 CVE-2008-5053 (PHP remote file inclusion vulnerability in admin.rssreader.php
in the ...)
 	NOT-FOR-US: com_rssreader component for Joomla!
 CVE-2008-5052 (The AppendAttributeValue function in the JavaScript engine in
Mozilla ...)
+	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
 	- iceweasel 3.0.4-1
-        - xulrunner 1.9.0.4-1
-        - icedove 2.0.0.19-1
-        - iceape 1.1.13-1
+	- xulrunner 1.9.0.4-1
+	- icedove 2.0.0.19-1
+	- iceape 1.1.13-1
 CVE-2008-5051 (SQL injection vulnerability in the JooBlog (com_jb2) component
0.1.1 ...)
 	NOT-FOR-US: joomla
 CVE-2008-5049 (Buffer overflow in AKEProtect.sys 3.3.3.0 in ISecSoft
Anti-Keylogger ...)
@@ -3988,8 +4149,8 @@
 	NOT-FOR-US: Cisco Linksys WVC54GC
 CVE-2008-4389
 	RESERVED
-CVE-2008-4388
-	RESERVED
+CVE-2008-4388 (The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll
in ...)
+	TODO: check
 CVE-2008-4387 (Unspecified vulnerability in the Simba MDrmSap ActiveX control
in ...)
 	NOT-FOR-US: ActiveX
 CVE-2008-4386
@@ -8851,8 +9012,8 @@
 CVE-2008-2385
 	RESERVED
 CVE-2008-2384 [mod-auth-mysq: SQL injection vulnerability]
+	RESERVED
 	- mod-auth-mysql 4.3.9-11 (medium)
-	RESERVED
 CVE-2008-2383 (CRLF injection vulnerability in xterm allows user-assisted
attackers ...)
 	{DSA-1694-1 DTSA-182-1}
 	- xterm 238-2 (medium; bug #510030)
@@ -8902,10 +9063,10 @@
 	- tomcat5.5 5.5.26-4 (bug #494504)
 CVE-2008-2369 (manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has
a ...)
 	NOT-FOR-US: Red Hat Network Satellite Server
-CVE-2008-2368
-	RESERVED
-CVE-2008-2367
-	RESERVED
+CVE-2008-2368 (Red Hat Certificate System 7.2 stores passwords in cleartext in
the ...)
+	TODO: check
+CVE-2008-2367 (Red Hat Certificate System 7.2 uses world-readable permissions
for ...)
+	TODO: check
 CVE-2008-2366 (Untrusted search path vulnerability in a certain Red Hat build
script ...)
 	- openoffice.org <not-affected> (RedHat-specific packaging flaw)
 CVE-2008-2365 (Race condition in the ptrace and utrace support in the Linux
kernel ...)
Secure testing commits - Jan 2009 - r11012 - data/CVE

[Secure-testing-commits] r11012 - data/CVE
