joeyh at alioth.debian.org
2009-Mar-20 21:14 UTC
[Secure-testing-commits] r11452 - data/CVE
Author: joeyh
Date: 2009-03-20 21:14:10 +0000 (Fri, 20 Mar 2009)
New Revision: 11452
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-03-20 21:04:28 UTC (rev 11451)
+++ data/CVE/list 2009-03-20 21:14:10 UTC (rev 11452)
@@ -1,3 +1,165 @@
+CVE-2009-1040 (Buffer overflow in WinAsm Studio 5.1.5.0 allows user-assisted
remote ...)
+ TODO: check
+CVE-2009-1039 (Buffer overflow in CDex 1.70b2 allows remote attackers to
execute ...)
+ TODO: check
+CVE-2009-1038 (Multiple SQL injection vulnerabilities in YAP Blog 1.1.1 allow
remote ...)
+ TODO: check
+CVE-2009-1037 (Unspecified vulnerability in the Send by e-mail module in the
...)
+ TODO: check
+CVE-2009-1036 (Cross-site request forgery (CSRF) vulnerability in the Plus 1
module ...)
+ TODO: check
+CVE-2009-1035 (Cross-site scripting (XSS) vulnerability in Tasklist module
5.x-1.x ...)
+ TODO: check
+CVE-2009-1034 (SQL injection vulnerability in the Tasklist module 5.x-1.x
before ...)
+ TODO: check
+CVE-2009-1033 (SQL injection vulnerability in misc.php in DeluxeBB 1.3 and
earlier ...)
+ TODO: check
+CVE-2009-1032 (SQL injection vulnerability in gallery_list.php in YABSoft
Advanced ...)
+ TODO: check
+CVE-2009-1031 (Directory traversal vulnerability in the FTP server in Rhino
Software ...)
+ TODO: check
+CVE-2009-1030 (Cross-site scripting (XSS) vulnerability in the
choose_primary_blog ...)
+ TODO: check
+CVE-2009-1029 (Stack-based buffer overflow in POP Peeper 3.4.0.0 and earlier
allows ...)
+ TODO: check
+CVE-2009-1028 (Stack-based buffer overflow in ediSys eZip Wizard 3.0 allows
remote ...)
+ TODO: check
+CVE-2009-1027 (SQL injection vulnerability in OpenCart 1.1.8 allows remote
attackers ...)
+ TODO: check
+CVE-2009-1026 (Multiple SQL injection vulnerabilities in login.php in Kim
Websites ...)
+ TODO: check
+CVE-2009-1025 (PHP remote file inclusion vulnerability in linkadmin.php in
Beerwin ...)
+ TODO: check
+CVE-2009-1024 (Multiple SQL injection vulnerabilities in Beerwin PHPLinkAdmin
1.0 ...)
+ TODO: check
+CVE-2009-1023 (SQL injection vulnerability in index.php in phpComasy 0.9.1
allows ...)
+ TODO: check
+CVE-2009-1022 (Heap-based buffer overflow in the Preview/ Set Segment function
in ...)
+ TODO: check
+CVE-2009-1021
+ RESERVED
+CVE-2009-1020
+ RESERVED
+CVE-2009-1019
+ RESERVED
+CVE-2009-1018
+ RESERVED
+CVE-2009-1017
+ RESERVED
+CVE-2009-1016
+ RESERVED
+CVE-2009-1015
+ RESERVED
+CVE-2009-1014
+ RESERVED
+CVE-2009-1013
+ RESERVED
+CVE-2009-1012
+ RESERVED
+CVE-2009-1011
+ RESERVED
+CVE-2009-1010
+ RESERVED
+CVE-2009-1009
+ RESERVED
+CVE-2009-1008
+ RESERVED
+CVE-2009-1007
+ RESERVED
+CVE-2009-1006
+ RESERVED
+CVE-2009-1005
+ RESERVED
+CVE-2009-1004
+ RESERVED
+CVE-2009-1003
+ RESERVED
+CVE-2009-1002
+ RESERVED
+CVE-2009-1001
+ RESERVED
+CVE-2009-1000
+ RESERVED
+CVE-2009-0999
+ RESERVED
+CVE-2009-0998
+ RESERVED
+CVE-2009-0997
+ RESERVED
+CVE-2009-0996
+ RESERVED
+CVE-2009-0995
+ RESERVED
+CVE-2009-0994
+ RESERVED
+CVE-2009-0993
+ RESERVED
+CVE-2009-0992
+ RESERVED
+CVE-2009-0991
+ RESERVED
+CVE-2009-0990
+ RESERVED
+CVE-2009-0989
+ RESERVED
+CVE-2009-0988
+ RESERVED
+CVE-2009-0987
+ RESERVED
+CVE-2009-0986
+ RESERVED
+CVE-2009-0985
+ RESERVED
+CVE-2009-0984
+ RESERVED
+CVE-2009-0983
+ RESERVED
+CVE-2009-0982
+ RESERVED
+CVE-2009-0981
+ RESERVED
+CVE-2009-0980
+ RESERVED
+CVE-2009-0979
+ RESERVED
+CVE-2009-0978
+ RESERVED
+CVE-2009-0977
+ RESERVED
+CVE-2009-0976
+ RESERVED
+CVE-2009-0975
+ RESERVED
+CVE-2009-0974
+ RESERVED
+CVE-2009-0973
+ RESERVED
+CVE-2009-0972
+ RESERVED
+CVE-2008-6503 (Multiple cross-site scripting (XSS) vulnerabilities in
PrestaShop ...)
+ TODO: check
+CVE-2008-6502 (Directory traversal vulnerability in Pro Chat Rooms 3.0.2 allows
...)
+ TODO: check
+CVE-2008-6501 (Cross-site scripting (XSS) vulnerability in profiles/index.php
in Pro ...)
+ TODO: check
+CVE-2008-6500 (Cross-site scripting (XSS) vulnerability in CodeToad ASP
Shopping Cart ...)
+ TODO: check
+CVE-2008-6499 (security/xamppsecurity.php in XAMPP 1.6.8 performs an extract
...)
+ TODO: check
+CVE-2008-6498 (Cross-site request forgery (CSRF) vulnerability in ...)
+ TODO: check
+CVE-2008-6497 (The Neostrada Livebox ADSL Router allows remote attackers to
cause a ...)
+ TODO: check
+CVE-2008-6496 (Insecure method vulnerability in the VSPDFEditorX.VSPDFEdit
ActiveX ...)
+ TODO: check
+CVE-2008-6495 (Cross-site scripting (XSS) vulnerability in index.php in Fritz
Berger ...)
+ TODO: check
+CVE-2008-6494 (ASP User Engine.NET stores sensitive information under the web
root ...)
+ TODO: check
+CVE-2008-6493 (Easy Content Management Publishing stores sensitive information
under ...)
+ TODO: check
+CVE-2008-6492 (Unrestricted file upload vulnerability in process.php in Tizag
...)
+ TODO: check
CVE-2009-0971 (Cross-site scripting (XSS) vulnerability in futomi''s
CGI Cafe Access ...)
TODO: check
CVE-2009-0970 (PHP remote file inclusion vulnerability in
includes/class_image.php in ...)
@@ -90,7 +252,7 @@
- tor 0.2.0.34-1 (bug #514580)
CVE-2009-0936 (Unspecified vulnerability in Tor before 0.2.0.34 allows
attackers to ...)
TODO: check
-CVE-2009-0935 (The inotify_read function in the Linux kernel 2.6 before
2.6.29-rc3 ...)
+CVE-2009-0935 (The inotify_read function in the Linux kernel 2.6.27 to
2.6.27.13, ...)
TODO: check
CVE-2009-0934 (Cross-site scripting (XSS) vulnerability in ejabberd before
2.0.4 ...)
TODO: check
@@ -762,21 +924,25 @@
CVE-2008-6347 (PHP remote file inclusion vulnerability in lib/onguma.class.php
in the ...)
NOT-FOR-US: Onguma Time Sheet component for Joomla!
CVE-2009-0748 (The ext4_fill_super function in fs/ext4/super.c in the Linux
kernel ...)
+ {DSA-1749-1}
- linux-2.6 <unfixed> (low)
[etch] - linux-2.6 <not-affected> (ext4 not yet present)
- linux-2.6.24 <unfixed> (low)
NOTE: Since the feature is experimental until 2.6.27, I don''t think
we need to fix this
CVE-2009-0747 (The ext4_isize function in fs/ext4/ext4.h in the Linux kernel
2.6.27 ...)
+ {DSA-1749-1}
- linux-2.6 <unfixed> (low)
[etch] - linux-2.6 <not-affected> (ext4 not yet present)
- linux-2.6.24 <unfixed> (low)
NOTE: Since the feature is experimental until 2.6.27, I don''t think
we need to fix this
CVE-2009-0746 (The make_indexed_dir function in fs/ext4/namei.c in the Linux
kernel ...)
+ {DSA-1749-1}
- linux-2.6 <unfixed> (low)
[etch] - linux-2.6 <not-affected> (ext4 not yet present)
- linux-2.6.24 <unfixed> (low)
NOTE: Since the feature is experimental until 2.6.27, I don''t think
we need to fix this
CVE-2009-0745 (The ext4_group_add function in fs/ext4/resize.c in the Linux
kernel ...)
+ {DSA-1749-1}
- linux-2.6 <unfixed> (low)
[etch] - linux-2.6 <not-affected> (ext4 not yet present)
- linux-2.6.24 <unfixed> (low)
@@ -929,6 +1095,7 @@
NOT-FOR-US: MultimediaPlayer.exe
CVE-2009-0733
RESERVED
+ {DSA-1745-1}
CVE-2009-0732 (Downloadcenter 2.1 stores common.h under the web root with ...)
NOT-FOR-US: Downloadcenter
CVE-2009-0731 (Directory traversal vulnerability in pages/play.php in Free
Arcade ...)
@@ -949,6 +1116,7 @@
RESERVED
CVE-2009-0723
RESERVED
+ {DSA-1745-1}
CVE-2009-0722 (Directory traversal vulnerability in admin.php in Potato News
1.0.0 ...)
NOT-FOR-US: Potato News
CVE-2009-0721
@@ -1042,6 +1210,7 @@
CVE-2009-0677 (avatarlist.php in the Your Account module, reached through ...)
NOT-FOR-US: RavenNuke
CVE-2009-0676 (The sock_getsockopt function in net/core/sock.c in the Linux
kernel ...)
+ {DSA-1749-1}
- linux-2.6 <unfixed> (low)
- linux-2.6.24 <unfixed> (low)
NOTE: Original fix was incomplete/risky, see:
@@ -1049,6 +1218,7 @@
NOTE: Reproducer in <https://bugzilla.redhat.com/show_bug.cgi?id=486305>
NOTE: lacks initialzer for len. Leak confirmed with fixed reproducer.
CVE-2009-0675 (The skfp_ioctl function in drivers/net/skfp/skfddi.c in the
Linux ...)
+ {DSA-1749-1}
- linux-2.6 <unfixed> (low)
- linux-2.6.24 <unfixed> (low)
NOTE: Didn''t check 2.6.24 so far, only temporary for now
@@ -1563,15 +1733,19 @@
[lenny] - gst-plugins-base0.10 <not-affected> (Vulnerable lib calls not
present)
[etch] - gst-plugins-base0.10 <not-affected> (Vulnerable lib calls not
present)
CVE-2009-0585 (Integer overflow in the soup_base64_encode function in
soup-misc.c in ...)
+ {DSA-1748-1}
- libsoup 2.2.105-4 (medium; bug #520039)
CVE-2009-0584
RESERVED
+ {DSA-1746-1}
CVE-2009-0583
RESERVED
+ {DSA-1746-1}
CVE-2009-0582 (The ntlm_challenge function in the NTLM SASL authentication
mechanism ...)
TODO: check
CVE-2009-0581
RESERVED
+ {DSA-1745-1}
CVE-2009-0580
RESERVED
CVE-2009-0579
@@ -2128,7 +2302,8 @@
NOT-FOR-US: MetaCart Free
CVE-2008-6050 (SQL injection vulnerability in the Tech Articles
(com_tech_article) ...)
NOT-FOR-US: Tech Articles
-CVE-2008-6049 (SQL injection vulnerability in index.php in TinyMCE 2.0.1 allows
...)
+CVE-2008-6049
+ REJECTED
- tinymce <not-affected> (Vulnerable code not present)
NOTE: no idea what this is about tinymce doesn''t ship any php code
CVE-2008-6048 (Multiple cross-site request forgery (CSRF) vulnerabilities in
TangoCMS ...)
@@ -2475,6 +2650,7 @@
CVE-2009-0324 (Multiple SQL injection vulnerabilities in BibCiter 1.4 allow
remote ...)
NOT-FOR-US: BibCiter
CVE-2009-0322 (drivers/firmware/dell_rbu.c in the Linux kernel before
2.6.27.13, and ...)
+ {DSA-1749-1}
- linux-2.6 <unfixed> (low)
- linux-2.6.24 <removed>
CVE-2009-0321 (Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows
remote ...)
@@ -2652,6 +2828,7 @@
CVE-2009-0272 (Cross-site request forgery (CSRF) vulnerability in Novell
GroupWise ...)
NOT-FOR-US: Novell GroupWise
CVE-2009-0269 (fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux
kernel ...)
+ {DSA-1749-1}
- linux-2.6 <unfixed>
[etch] - linux-2.6 <not-affected> (ecryptfs was merged in 2.6.19)
- linux-2.6.24 <removed>
@@ -3347,6 +3524,7 @@
CVE-2009-0066 (Multiple unspecified vulnerabilities in Intel system software
for ...)
TODO: will be presented at Black Hat
CVE-2009-0065 (Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control
...)
+ {DSA-1749-1}
- linux-2.6 2.6.26-14
- linux-2.6.24 <removed>
CVE-2009-0064
@@ -4021,11 +4199,13 @@
CVE-2009-0032 (CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server
(CS) ...)
NOT-FOR-US: issue affects pdfdistiller
CVE-2009-0031 (Memory leak in the keyctl_join_session_keyring function ...)
+ {DSA-1749-1}
- linux-2.6 <unfixed> (low)
- linux-2.6.24 <removed>
CVE-2009-0030 (A certain Red Hat patch for SquirrelMail 1.4.8 sets the same
SQMSESSID ...)
- squirrelmail <not-affected> (RedHat-specific regression)
CVE-2009-0029 (The ABI in the Linux kernel 2.6.28 and earlier on s390, powerpc,
...)
+ {DSA-1749-1}
- linux-2.6 <unfixed> (medium)
- linux-2.6.24 <removed>
CVE-2009-0028 (The clone system call in the Linux kernel 2.6.28 and earlier
allows ...)
@@ -4093,7 +4273,8 @@
NOT-FOR-US: Apple QuickTime
CVE-2009-0001 (Heap-based buffer overflow in Apple QuickTime before 7.6 allows
remote ...)
NOT-FOR-US: Apple QuickTime
-CVE-2008-5622 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
+CVE-2008-5622
+ REJECTED
{DSA-1723-1}
- phpmyadmin 4:2.11.8.1-5
NOTE: is a duplicate of CVE-2008-5621, contacted mitre
@@ -6445,7 +6626,7 @@
CVE-2008-4640 (The DoCommand function in jhead.c in Matthias Wandel jhead 2.84
and ...)
- jhead 2.85-1 (unimportant; bug #504194)
NOTE: no issue, jhead is just unlinking the output file if it already exists,
this is not following symlinks
-CVE-2008-4639 (jhead.c in Matthias Wandel jhead before 2.84 allows local users
to ...)
+CVE-2008-4639 (jhead.c in Matthias Wandel jhead 2.84 and earlier allows local
users ...)
- jhead 2.84-1 (low)
CVE-2008-4638 (qioadmin in the Quick I/O for Database feature in Symantec
Veritas ...)
NOT-FOR-US: Symantec VxFS
@@ -7228,6 +7409,7 @@
CVE-2008-4317
RESERVED
CVE-2008-4316 (Multiple integer overflows in glib/gbase64.c in GLib before 2.20
allow ...)
+ {DSA-1747-1}
- glib2.0 2.20.0-1 (medium; bug #520046)
CVE-2008-4315 (tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise
Linux ...)
NOT-FOR-US: OpenPegasus