joeyh at alioth.debian.org
2009-Apr-03 21:14 UTC
[Secure-testing-commits] r11555 - data/CVE
Author: joeyh
Date: 2009-04-03 21:14:12 +0000 (Fri, 03 Apr 2009)
New Revision: 11555
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-04-03 20:26:01 UTC (rev 11554)
+++ data/CVE/list 2009-04-03 21:14:12 UTC (rev 11555)
@@ -1,3 +1,45 @@
+CVE-2009-1238 (Race condition in the HFS vfs sysctl interface in XNU 1228.8.20
and ...)
+ TODO: check
+CVE-2009-1237 (Multiple memory leaks in XNU 1228.3.13 and earlier on Apple Mac
OS X ...)
+ TODO: check
+CVE-2009-1236 (Heap-based buffer overflow in the AppleTalk networking stack in
XNU ...)
+ TODO: check
+CVE-2009-1235 (XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier
does ...)
+ TODO: check
+CVE-2009-1234 (Opera 9.64 allows remote attackers to cause a denial of service
...)
+ TODO: check
+CVE-2009-1233 (Apple Safari 3.2.2 and 4 Beta on Windows allows remote attackers
to ...)
+ TODO: check
+CVE-2009-1232 (The XUL parser in Mozilla Firefox 3.0.8 and earlier 3.0.x
versions ...)
+ TODO: check
+CVE-2009-1231 (Unspecified vulnerability in the eClient in IBM DB2 Content
Manager ...)
+ TODO: check
+CVE-2009-1230 (Static code injection vulnerability in index.php in Podcast
Generator ...)
+ TODO: check
+CVE-2009-1229 (SQL injection vulnerability in Arcadwy Arcade Script allows
remote ...)
+ TODO: check
+CVE-2009-1228 (Cross-site scripting (XSS) vulnerability in register.php in
Arcadwy ...)
+ TODO: check
+CVE-2009-1227 (Buffer overflow in the PKI Web Service in Check Point Firewall-1
PKI ...)
+ TODO: check
+CVE-2009-1226 (core/admin/delete.php in Podcast Generator 1.1 and earlier does
not ...)
+ TODO: check
+CVE-2009-1225 (Cross-site scripting (XSS) vulnerability in index.php in Turnkey
Ebook ...)
+ TODO: check
+CVE-2009-1224 (SQL injection vulnerability in ...)
+ TODO: check
+CVE-2009-1223 (aspWebCalendar Free Edition stores sensitive information under
the web ...)
+ TODO: check
+CVE-2009-1222 (Directory traversal vulnerability in index.php in webEdition
6.0.0.4 ...)
+ TODO: check
+CVE-2008-6582 (SQL injection vulnerability in index.php in Miniweb 2.0 allows
remote ...)
+ TODO: check
+CVE-2008-6581 (login.php in PhpAddEdit 1.3 allows remote attackers to bypass
...)
+ TODO: check
+CVE-2008-6580 (The Red_Reservations script for ColdFusion stores sensitive ...)
+ TODO: check
+CVE-2003-1571 (Web Wiz Guestbook 6.0 stores sensitive information under the web
root ...)
+ TODO: check
CVE-2009-XXXX [unspecified DoS]
- libapache-mod-security 2.5.9-1
TODO: Investigate, check stable/oldstable, if necessary open RT ticket
@@ -13,7 +55,7 @@
NOT-FOR-US: Windows GDI+
CVE-2009-1216 (Multiple unspecified vulnerabilities in (1) unlzh.c and (2)
unpack.c ...)
NOTE: Duplicate of CVE-2006-4335, confirmed by Microsoft. They''re
working on
- NOTE: getting it rejected
+ NOTE: getting it rejected
CVE-2008-6579 (Nortel Communication Server 1000 4.50.x allows remote attackers
to ...)
NOT-FOR-US: Nortel Communication Server
CVE-2008-6578 (Multiple unspecified vulnerabilities in Nortel Communication
Server ...)
@@ -167,6 +209,7 @@
CVE-2009-1172 (The JAX-RPC WS-Security runtime in the Web Services Security
component ...)
NOT-FOR-US: WebSphere
CVE-2009-1171 (The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+,
1.8 ...)
+ {DSA-1761-1}
- moodle 1.8.2.dfsg-5 (medium; bug #522116)
NOTE: this applies only to people who have a complete tex environment and
NOTE: aren''t just using mimetex to render the tex