thr3ads.net - Secure testing commits - [Secure-testing-commits] r11542

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2009-Apr-02 21:14 UTC
[Secure-testing-commits] r11542 - data/CVE

Author: joeyh
Date: 2009-04-02 21:14:10 +0000 (Thu, 02 Apr 2009)
New Revision: 11542

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-04-02 14:15:20 UTC (rev 11541)
+++ data/CVE/list	2009-04-02 21:14:10 UTC (rev 11542)
@@ -1,3 +1,29 @@
+CVE-2009-1221
+	RESERVED
+CVE-2009-1220 (Cross-site scripting (XSS) vulnerability in +webvpn+/index.html
in ...)
+	TODO: check
+CVE-2009-1219 (Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0
and Sun ...)
+	TODO: check
+CVE-2009-1218 (Multiple cross-site scripting (XSS) vulnerabilities in Sun
Calendar ...)
+	TODO: check
+CVE-2009-1217 (Off-by-one error in the GpFont::SetData function in gdiplus.dll
in ...)
+	TODO: check
+CVE-2009-1216 (Multiple unspecified vulnerabilities in (1) unlzh.c and (2)
unpack.c ...)
+	TODO: check
+CVE-2008-6579 (Nortel Communication Server 1000 4.50.x allows remote attackers
to ...)
+	TODO: check
+CVE-2008-6578 (Multiple unspecified vulnerabilities in Nortel Communication
Server ...)
+	TODO: check
+CVE-2008-6577 (Nortel MG1000S, Signaling Server, and Call Server on the ...)
+	TODO: check
+CVE-2008-6576 (Unspecified vulnerability in the &quot;session limitation
technique&quot; in the ...)
+	TODO: check
+CVE-2008-6575 (Unspecified vulnerability in the SIP server in SIP Enablement
Services ...)
+	TODO: check
+CVE-2008-6574 (Unspecified vulnerability in SIP Enablement Services (SES) in
Avaya ...)
+	TODO: check
+CVE-2008-6573 (Multiple SQL injection vulnerabilities in Avaya SIP Enablement
...)
+	TODO: check
 CVE-2009-1215 (Race condition in GNU screen 4.0.3 allows local users to create
or ...)
 	- screen <unfixed> (bug #521123)
 	[etch] - screen <not-affected> (etch version predates #433338)
@@ -14,7 +40,7 @@
 	NOT-FOR-US: PrecisionID Datamatrix ActiveX control
 CVE-2009-1211 (Blue Coat ProxySG, when transparent interception mode is
enabled, uses ...)
 	NOT-FOR-US: Blue Coat ProxySG
-CVE-2009-1210 (Format string vulnerability in the PROFINET/DCP (PN-DCP)
dissector ...)
+CVE-2009-1210 (Format string vulnerability in the PROFINET/DCP (PN-DCP)
dissector in ...)
 	- wireshark <unfixed>
 	TODO: File bug
 CVE-2009-1209 (Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows
...)
@@ -26,7 +52,8 @@
 	NOT-FOR-US: Solaris
 CVE-2009-1206 (Unspecified vulnerability in futomi''s CGI Cafe Access
Analyzer CGI ...)
 	NOT-FOR-US: Cafe Access Analyzer CGI Professional
-CVE-2009-1205 (Stack-based buffer overflow in EAI WebViewer3D ActiveX control
...)
+CVE-2009-1205
+	REJECTED
 	NOT-FOR-US: EAI WebViewer3D ActiveX control
 CVE-2009-1204 (Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki) ...)
 	NOT-FOR-US: TikiWiki
@@ -6785,8 +6812,8 @@
 	NOT-FOR-US: ComponentOne SizerOne
 CVE-2008-4826
 	RESERVED
-CVE-2008-4825
-	RESERVED
+CVE-2008-4825 (Multiple buffer overflows in UltraISO 9.3.1.2633, and possibly
other ...)
+	TODO: check
 CVE-2008-4824 (Multiple unspecified vulnerabilities in Adobe Flash Player 10.x
before ...)
 	NOT-FOR-US: Adobe Flash Player
 CVE-2008-4823 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player
...)
@@ -9085,8 +9112,8 @@
 	- flashplugin-nonfree 1:1.4
 	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
 	NOTE: automatically downloads latest update from adobe which is 9.0.124.0
currently
-CVE-2008-3871
-	RESERVED
+CVE-2008-3871 (Multiple format string vulnerabilities in UltraISO 9.3.1.2633,
and ...)
+	TODO: check
 CVE-2008-3870
 	RESERVED
 CVE-2008-3869
@@ -15954,6 +15981,7 @@
 CVE-2008-1037 (Cross-site scripting (XSS) vulnerability in the file listing
function ...)
 	NOT-FOR-US: Packeteer PacketShaper
 CVE-2008-1036 (The International Components for Unicode (ICU) library in Apple
Mac OS ...)
+	{DSA-1762-1}
 	- icu 4.0.1-1
 CVE-2008-1035 (Use-after-free vulnerability in Apple iCal 3.0.1 on Mac OS X
allows ...)
 	NOT-FOR-US: Apple iCal
@@ -21802,7 +21830,7 @@
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-2002-2280 (syslogd on OpenBSD 2.9 through 3.2 does not change the source IP
...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
-CVE-2002-2279 (Unspecified vulnerability in the bind function in config.inc of
aldap 0.09 ...)
+CVE-2002-2279 (Unspecified vulnerability in the bind function in config.inc of
aldap ...)
 	NOT-FOR-US: aldap
 CVE-2002-2278 (Cross-site scripting (XSS) vulnerability in mod_search/index.php
in ...)
 	NOT-FOR-US: PortailPHP
@@ -24706,8 +24734,8 @@
 	{DSA-1566-1 DSA-1438-1}
 	- tar 1.18-1 (low; bug #441444)
 	- cpio 2.9-5 (low; bug #449222)
-CVE-2007-4475
-	RESERVED
+CVE-2007-4475 (Stack-based buffer overflow in EAI WebViewer3D ActiveX control
...)
+	TODO: check
 CVE-2007-4474 (Multiple stack-based buffer overflows in the IBM Lotus Domino
Web ...)
 	NOT-FOR-US: IBM Lotus Domino Web Access
 CVE-2007-4473 (Gesytec Easylon OPC Server before 2.3.44 does not properly
validate ...)
@@ -59634,7 +59662,7 @@
 	NOT-FOR-US: AIX
 CVE-2001-1528 (AmTote International homebet program returns different error
messages ...)
 	NOT-FOR-US: AmTote International homebet
-CVE-2001-1527 (easyNews 1.5 and earlier stores adminstration passwords in
cleartext ...)
+CVE-2001-1527 (easyNews 1.5 and earlier stores administration passwords in
cleartext ...)
 	NOT-FOR-US: easynews
 CVE-2001-1526 (Cross-site scripting (XSS) vulnerability in the comments action
in ...)
 	NOT-FOR-US: easynews
@@ -60393,7 +60421,7 @@
 	NOT-FOR-US: Solaris
 CVE-2002-1979 (WatchGuard SOHO products running firmware 5.1.6 and earlier, and
...)
 	NOT-FOR-US: Watchguard SOHO
-CVE-2002-1978 (IPFilter 3.1.1 through 3.4.28 allows remote attckers to bypass
...)
+CVE-2002-1978 (IPFilter 3.1.1 through 3.4.28 allows remote attackers to bypass
...)
 	NOT-FOR-US: IPFilter
 CVE-2002-1977 (Network Associates PGP 7.0.4 and 7.1 does not time out according
to ...)
 	NOT-FOR-US: Proprietary PGP
@@ -63995,7 +64023,7 @@
 	NOT-FOR-US: SurfControl SuperScout
 CVE-2001-1464 (Crystal Reports, when displaying data for a password protected
...)
 	NOT-FOR-US: Crystal Reports
-CVE-2001-1463 (The remote admimnistration client for RhinoSoft Serv-U 3.0 sends
the ...)
+CVE-2001-1463 (The remote administration client for RhinoSoft Serv-U 3.0 sends
the ...)
 	NOT-FOR-US: RhinoSoft Serv-U
 CVE-2001-1462 (WebID in RSA Security SecurID 5.0 as used by ACE/Agent for
Windows, ...)
 	NOT-FOR-US: RSA Security SecurID
@@ -65297,7 +65325,7 @@
 	- kernel-source-2.4.27 <not-affected> (There is no epoll in kernel 2.4)
 	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.1)
 	[sarge] - kernel-source-2.6.8 2.6.8-14
-CVE-2005-0735 (newsscript.pl for NewsScript allows remote attachers to gain
...)
+CVE-2005-0735 (newsscript.pl for NewsScript allows remote attackers to gain
...)
 	NOT-FOR-US: newsscript
 CVE-2005-0734 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows
remote ...)
 	NOT-FOR-US: PY Software Active Webcam WebServer
@@ -68431,7 +68459,7 @@
 	NOT-FOR-US: Star Wars Battlefront
 CVE-2004-1194 (Buffer overflow in Star Wars Battlefront 1.11 and earlier allows
...)
 	NOT-FOR-US: Star Wars Battlefront
-CVE-2004-1193 (Prevx Home 1.0 allows local users with adminstrator privileges
to ...)
+CVE-2004-1193 (Prevx Home 1.0 allows local users with administrator privileges
to ...)
 	NOT-FOR-US: Prevex Home
 CVE-2004-1192 (Format string vulnerability in the lprintf function in
Citadel/UX 6.27 ...)
 	NOT-FOR-US: Citadel/UX
Secure testing commits - Apr 2009 - r11542 - data/CVE

[Secure-testing-commits] r11542 - data/CVE
