thr3ads.net - Secure testing commits - [Secure-testing-commits] r11056

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2009-Jan-26 21:14 UTC
[Secure-testing-commits] r11056 - data/CVE

Author: joeyh
Date: 2009-01-26 21:14:14 +0000 (Mon, 26 Jan 2009)
New Revision: 11056

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-01-26 21:11:34 UTC (rev 11055)
+++ data/CVE/list	2009-01-26 21:14:14 UTC (rev 11056)
@@ -1,3 +1,45 @@
+CVE-2009-0263 (Multiple buffer overflows in Winamp 5.541 and earlier allow
remote ...)
+	TODO: check
+CVE-2009-0262 (Stack-based buffer overflow in Triologic Media Player 7 and
8.0.0.0 ...)
+	TODO: check
+CVE-2009-0261 (Stack-based buffer overflow in EffectMatrix Total Video Player
1.31 ...)
+	TODO: check
+CVE-2009-0260 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2008-5964 (Session fixation vulnerability in Social ImpressCMS before 1.1.1
RC1 ...)
+	TODO: check
+CVE-2008-5963 (Eval injection vulnerability in library/setup/rpc.php in Gravity
...)
+	TODO: check
+CVE-2008-5962 (Directory traversal vulnerability in library/setup/rpc.php in
Gravity ...)
+	TODO: check
+CVE-2008-5961 (Cross-site scripting (XSS) vulnerability in index.php in Tribiq
CMS ...)
+	TODO: check
+CVE-2008-5960 (SQL injection vulnerability in index.php in Tribiq CMS Community
...)
+	TODO: check
+CVE-2008-5959 (Multiple SQL injection vulnerabilities in start.asp in Active
Test 2.1 ...)
+	TODO: check
+CVE-2008-5958 (Multiple SQL injection vulnerabilities in Active Test 2.1 allow
remote ...)
+	TODO: check
+CVE-2008-5957 (SQL injection vulnerability in the Mydyngallery
(com_mydyngallery) ...)
+	TODO: check
+CVE-2008-5956 (Wbstreet (aka PHPSTREET Webboard) 1.0 stores sensitive
information ...)
+	TODO: check
+CVE-2008-5955 (SQL injection vulnerability in show.php in Wbstreet (aka
PHPSTREET ...)
+	TODO: check
+CVE-2008-5954 (SQL injection vulnerability in KTP Computer Customer Database
(KTPCCD) ...)
+	TODO: check
+CVE-2008-5953 (Directory traversal vulnerability in KTP Computer Customer
Database ...)
+	TODO: check
+CVE-2008-5952 (SQL injection vulnerability in KTP Computer Customer Database
(KTPCCD) ...)
+	TODO: check
+CVE-2008-5951 (ASP Template Creature stores sensitive information under the web
root ...)
+	TODO: check
+CVE-2008-5950 (SQL injection vulnerability in media/media_level.asp in ASP
Template ...)
+	TODO: check
+CVE-2008-5949 (Multiple PHP remote file inclusion vulnerabilities in ccTiddly
1.7.4 ...)
+	TODO: check
+CVE-2008-5948 (Directory traversal vulnerability in index.php in BNCwi 1.04 and
...)
+	TODO: check
 CVE-2009-XXXX [QuickTime Processing Vulnerabilities in GStreamer Good Plug-ins]
 	- gst-plugins-good0.10 0.10.13-1 (bug #512818)
 CVE-2009-0259 (The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows
...)
@@ -87,12 +129,16 @@
 CVE-2008-5921 (SQL injection vulnerability in albums.php in Umer Inc Songs
Portal ...)
 	NOT-FOR-US: Umer Inc Songs Portal
 CVE-2009-0255 (The System extension Install tool in TYPO3 4.0.0 through 4.0.9,
4.1.0 ...)
+	{DSA-1711-1}
 	- typo3-src 4.2.4-1
 CVE-2009-0256 (Session fixation vulnerability in the authentication library in
TYPO3 ...)
+	{DSA-1711-1}
 	- typo3-src 4.2.4-1
 CVE-2009-0257 (Multiple cross-site scripting (XSS) vulnerabilities in TYPO3
4.0.0 ...)
+	{DSA-1711-1}
 	- typo3-src 4.2.4-1
 CVE-2009-0258 (Unspecified vulnerability in the Indexed Search Engine ...)
+	{DSA-1711-1}
 	- typo3-src 4.2.4-1
 CVE-2009-0242 (Ganglia 3.1.1 allows remote attackers to cause a denial of
service via ...)
 	- ganglia-monitor-core <not-affected> (Only affects 3.1.1 branch,
currently in experimental under different name)
@@ -240,6 +286,7 @@
 CVE-2008-5917 (Cross-site scripting (XSS) vulnerability in the XSS filter ...)
 	- horde3 <unfixed> (bug #512592)
 CVE-2008-5916 (gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6,
1.5.6.x ...)
+	{DSA-1708-1}
 	- git-core 1:1.5.6.5-2 (low)
 CVE-2008-5915 (An unspecified function in the JavaScript implementation in
Google ...)
 	NOT-FOR-US: Google
@@ -356,6 +403,7 @@
 CVE-2009-0129 (libcrypt-openssl-dsa-perl does not properly check the return
value ...)
 	- libcrypt-openssl-dsa-perl <unfixed> (bug #511519)
 CVE-2009-0128 (plugins/crypto/openssl/crypto_openssl.c in Simple Linux Utility
for ...)
+	{DTSA-185-1}
 	- slurm-llnl 1.3.13-1 (bug #511511)
 CVE-2009-0127 (** DISPUTED ** M2Crypto does not properly check the return value
from ...)
 	- m2crypto <unfixed> (bug #511515)
@@ -1257,7 +1305,7 @@
 	RESERVED
 CVE-2009-0026 (Multiple cross-site scripting (XSS) vulnerabilities in Apache
...)
 	TODO: check
-CVE-2009-0025 (BIND 9.4.3 and earlier does not properly check the return value
from ...)
+CVE-2009-0025 (BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly
check ...)
 	{DSA-1703-1}
 	- bind9 <unfixed> (low; bug #511936)
 	NOTE: unlike the advisory states it is DSA_do_verify not DSA_verify
@@ -2659,7 +2707,7 @@
 	{DSA-1670-1}
 	- enscript 1.6.4-13 (bug #506261)
 CVE-2008-5077 (OpenSSL 0.9.8i and earlier does not properly check the return
value ...)
-	{DSA-1701-1 DTSA-185-1}
+	{DSA-1701-1}
 	- openssl 0.9.8g-15
 CVE-2008-5075 (Multiple SQL injection vulnerabilities in E-Uploader Pro 1.0
(aka ...)
 	NOT-FOR-US: E-Uploader Pro
Secure testing commits - Jan 2009 - r11056 - data/CVE

[Secure-testing-commits] r11056 - data/CVE
