thr3ads.net - Secure testing commits - [Secure-testing-commits] r11082

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2009-Jan-28 21:14 UTC
[Secure-testing-commits] r11082 - data/CVE

Author: joeyh
Date: 2009-01-28 21:14:15 +0000 (Wed, 28 Jan 2009)
New Revision: 11082

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-01-28 20:30:17 UTC (rev 11081)
+++ data/CVE/list	2009-01-28 21:14:15 UTC (rev 11082)
@@ -1,3 +1,92 @@
+CVE-2009-0318 (Untrusted search path vulnerability in the GObject Python
interpreter ...)
+	TODO: check
+CVE-2009-0317 (Untrusted search path vulnerability in the Python language
bindings ...)
+	TODO: check
+CVE-2009-0316 (Untrusted search path vulnerability in the Python module in vim
allows ...)
+	TODO: check
+CVE-2009-0315 (Untrusted search path vulnerability in the Python module in
xchat ...)
+	TODO: check
+CVE-2009-0314 (Untrusted search path vulnerability in the Python module in
gedit ...)
+	TODO: check
+CVE-2009-0313 (winetricks before 20081223 allows local users to overwrite
arbitrary ...)
+	TODO: check
+CVE-2009-0311 (The Backbone service (ftbackbone.exe) in EMC AutoStart before
5.3 SP2 ...)
+	TODO: check
+CVE-2009-0310
+	RESERVED
+CVE-2009-0309
+	RESERVED
+CVE-2009-0308
+	RESERVED
+CVE-2009-0307
+	RESERVED
+CVE-2009-0306
+	RESERVED
+CVE-2009-0305
+	RESERVED
+CVE-2009-0304 (The kernel in Sun Solaris 10 and 11 snv_101b allows remote
attackers ...)
+	TODO: check
+CVE-2009-0303 (Cross-site scripting (XSS) vulnerability in Web Help Desk before
...)
+	TODO: check
+CVE-2009-0302 (SQL injection vulnerability in the Downloads 8.0 module for
PHP-Nuke, ...)
+	TODO: check
+CVE-2009-0301 (Multiple insecure method vulnerabilities in the FlexCell.Grid
ActiveX ...)
+	TODO: check
+CVE-2009-0300
+	REJECTED
+	TODO: check
+CVE-2009-0299 (SQL injection vulnerability in index.php in Groone GLinks 2.1
allows ...)
+	TODO: check
+CVE-2009-0298 (Heap-based buffer overflow in MW6 Technologies Barcode ActiveX
control ...)
+	TODO: check
+CVE-2009-0297 (SQL injection vulnerability in login_check.asp in ClickAuction
allows ...)
+	TODO: check
+CVE-2009-0296 (SQL injection vulnerability in shop_display_products.php in
Script ...)
+	TODO: check
+CVE-2009-0295 (SQL injection vulnerability in index.php in Information
Technology ...)
+	TODO: check
+CVE-2009-0294 (Multiple PHP remote file inclusion vulnerabilities in WB News
2.0.1, ...)
+	TODO: check
+CVE-2009-0293 (SQL injection vulnerability in profile_view.php in Wazzum Dating
...)
+	TODO: check
+CVE-2009-0292 (SQL injection vulnerability in show_cat2.php in SHOP-INET 4
allows ...)
+	TODO: check
+CVE-2009-0291 (Directory traversal vulnerability in fc.php in OpenX 2.6.3
allows ...)
+	TODO: check
+CVE-2009-0290 (Directory traversal vulnerability in common.php in SIR GNUBoard
...)
+	TODO: check
+CVE-2009-0289 (k23productions TFTPUtil GUI 1.2.0 and 1.3.0 allows remote
attackers to ...)
+	TODO: check
+CVE-2009-0288 (Directory traversal vulnerability in k23productions TFTPUtil GUI
1.2.0 ...)
+	TODO: check
+CVE-2009-0287 (SQL injection vulnerability in lib/patUser.php in KEEP Toolkit
before ...)
+	TODO: check
+CVE-2009-0286 (Directory traversal vulnerability in upgrade/index.php in
OpenGoo 1.1, ...)
+	TODO: check
+CVE-2009-0285 (Cross-site scripting (XSS) vulnerability in error.asp in BBSXP
5.13 ...)
+	TODO: check
+CVE-2009-0284 (SQL injection vulnerability in category.php in Flax Article
Manager ...)
+	TODO: check
+CVE-2009-0283 (Cross-site scripting (XSS) vulnerability in err.asp in Oblog
allows ...)
+	TODO: check
+CVE-2009-0281 (SQL injection vulnerability in login.aspx in WarHound Walking
Club ...)
+	TODO: check
+CVE-2009-0280 (Asp Project Management 1.0 allows remote attackers to bypass
...)
+	TODO: check
+CVE-2009-0279 (SQL injection vulnerability in comentar.php in Pardal CMS 0.2.0
and ...)
+	TODO: check
+CVE-2008-5987 (Untrusted search path vulnerability in the Python interface in
eog ...)
+	TODO: check
+CVE-2008-5986 (Untrusted search path vulnerability in the (1) &quot;VST
plugin with Python ...)
+	TODO: check
+CVE-2008-5985 (Untrusted search path vulnerability in the Python interface in
...)
+	TODO: check
+CVE-2008-5984 (Untrusted search path vulnerability in the Python plugin in Dia
...)
+	TODO: check
+CVE-2008-5983 (Untrusted search path vulnerability in the PySys_SetArgv API
function ...)
+	TODO: check
+CVE-2008-5982 (Format string vulnerability in BMC PATROL Agent before 3.7.30
allows ...)
+	TODO: check
 CVE-2009-0323 [multiple buffer overflows in amaya]
 	TODO: report bug
 	- amaya <unfixed> (medium)
@@ -2,8 +91,9 @@
 	NOTE: http://www.coresecurity.com/content/amaya-buffer-overflows
-CVE-2009-0282 [Integer overflow in Ralink SSID parsing]
+CVE-2009-0282 (Integer overflow in Ralink Technology USB wireless adapter
(RT73) 3.08 ...)
 	- rt2400 1.2.2+cvs20080623-3 (bug #512999)
 	- rt2500 1:1.1.0-b4+cvs20080623-3 (bug #513000)
 	- rt2570 1.1.0+cvs20080623-2 (bug #513001)
 	- rt73 1:1.0.3.6-cvs20080623-dfsg1-3 (bug #512995)
-CVE-2009-0312 [moin: XSS in antispam.py]
+CVE-2009-0312 (Cross-site scripting (XSS) vulnerability in the antispam feature
...)
+	{DTSA-187-1}
 	- moin 1.8.1-1.1 (low)
@@ -84,6 +174,7 @@
 CVE-2009-0261 (Stack-based buffer overflow in EffectMatrix Total Video Player
1.31 ...)
 	NOT-FOR-US: EffectMatrix Total Video Player
 CVE-2009-0260 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	{DTSA-187-1}
 	- moin 1.8.1-1.1 (bug #513158; low)
 CVE-2008-5964 (Session fixation vulnerability in Social ImpressCMS before 1.1.1
RC1 ...)
 	NOT-FOR-US: Social ImpressCMS
@@ -754,8 +845,8 @@
 	RESERVED
 CVE-2009-0043 (The smmsnmpd service in CA Service Metric Analysis r11.0 through
r11.1 ...)
 	NOT-FOR-US: CA Service Metric Analysis r11.0 through r11.1 SP1 and Service
-CVE-2009-0042
-	RESERVED
+CVE-2009-0042 (Multiple unspecified vulnerabilities in the Arclib library ...)
+	TODO: check
 CVE-2009-0041 (IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before
...)
 	TODO: check
 CVE-2008-5867 (Directory traversal vulnerability in Yerba SACphp 6.3 allows
remote ...)
@@ -1370,8 +1461,8 @@
 	RESERVED
 CVE-2009-0033
 	RESERVED
-CVE-2009-0032
-	RESERVED
+CVE-2009-0032 (CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server
(CS) ...)
+	TODO: check
 CVE-2009-0031 (Memory leak in the keyctl_join_session_keyring function ...)
 	- linux-2.6 <unfixed>
 	- linux-2.6.24 <removed>
@@ -1503,6 +1594,7 @@
 CVE-2008-5558 (Asterisk Open Source 1.2.26 through 1.2.30.3 and Business
Edition ...)
 	- asterisk 1:1.4.0~dfsg-1 (bug #509686)
 CVE-2008-5557 (Heap-based buffer overflow in ...)
+	{DTSA-188-1}
 	- php5 5.2.6.dfsg.1-1 (bug #511493)
 CVE-2008-XXXX [phpBB3 Account Re-activation Security Bypass]
 	- phpbb3 <unfixed> (low; bug #508872)
@@ -1993,6 +2085,7 @@
 CVE-2008-5617 (The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1
does ...)
 	- rsyslog 3.18.6-1 (bug #508027)
 CVE-2008-5624 (PHP 5 before 5.2.7 does not properly initialize the page_uid and
...)
+	{DTSA-188-1}
 	- php5 5.2.6.dfsg.1-1 (bug #508021)
 	TODO: check php4
 CVE-2008-5660 (Format string vulnerability in the vinagre_utils_show_error
function ...)
@@ -2181,6 +2274,7 @@
 CVE-2007-6719 (SQL injection vulnerability in Wiz-Ad 1.3 allows remote
attackers to ...)
 	NOT-FOR-US: Wiz-Ad
 CVE-2008-5658 (Directory traversal vulnerability in the ZipArchive::extractTo
...)
+	{DTSA-188-1}
 	- php5 5.2.6.dfsg.1-3 (bug #507857)
 	- php4 <unfixed>
 CVE-2008-5323 (Cross-site scripting (XSS) vulnerability in index.php in Wysi
Wiki Wyg ...)
@@ -7570,7 +7664,7 @@
 	- sun-java5 1.5.0-16-1 (bug #490260)
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
 	- sun-java6 <not-affected> (Only for sun-java5)
-CVE-2008-3112 (Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6
...)
+CVE-2008-3112 (Directory traversal vulnerability in Sun Java Web Start in JDK
and JRE ...)
 	- sun-java5 1.5.0-16-1 (bug #490260)
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
 	- sun-java6 6-07-1 (bug #490260)
@@ -12098,7 +12192,7 @@
 	- sun-java6 6-05-1 (medium)
 	- sun-java5 1.5.0-15-1 (medium)
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
-CVE-2008-1188 (Multiple buffer overflows in Java Web Start in Sun JDK and JRE 6
...)
+CVE-2008-1188 (Multiple buffer overflows in the useEncodingDecl function in
Java Web ...)
 	- sun-java6 6-05-1 (medium)
 	- sun-java5 1.5.0-15-1 (medium)
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
@@ -25338,8 +25432,8 @@
 	- xterm <not-affected> (Debian uses safe compile-time settings)
 CVE-2007-2796 (Arris Cadant C3 CMTS allows remote attackers to cause a denial
of ...)
 	NOT-FOR-US: Arris Cadant
-CVE-2007-2795
-	RESERVED
+CVE-2007-2795 (Multiple buffer overflows in Ipswitch IMail before 2006.21 allow
...)
+	TODO: check
 CVE-2007-2794
 	RESERVED
 CVE-2007-2793 (PHP remote file inclusion vulnerability in ImageImageMagick.php
in ...)
Secure testing commits - Jan 2009 - r11082 - data/CVE

[Secure-testing-commits] r11082 - data/CVE
