Secure testing commits - Apr 2009 - r11605 - data/CVE

Author: joeyh
Date: 2009-04-10 21:14:15 +0000 (Fri, 10 Apr 2009)
New Revision: 11605

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-04-10 14:45:24 UTC (rev 11604)
+++ data/CVE/list	2009-04-10 21:14:15 UTC (rev 11605)
@@ -1,3 +1,29 @@
+CVE-2009-1284 (Buffer overflow in BibTeX 0.99 allows context-dependent
attackers to ...)
+	TODO: check
+CVE-2009-1283 (glFusion before 1.1.3 performs authentication with a
user-provided ...)
+	TODO: check
+CVE-2009-1282 (SQL injection vulnerability in private/system/lib-session.php in
...)
+	TODO: check
+CVE-2009-1281 (Cross-site scripting (XSS) vulnerability in glFusion before
1.1.3 ...)
+	TODO: check
+CVE-2009-1280 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
+	TODO: check
+CVE-2009-1279 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla!
1.5 ...)
+	TODO: check
+CVE-2009-1278 (Static code injection vulnerability in forms/ajax/configure.php
in ...)
+	TODO: check
+CVE-2009-1277 (SQL injection vulnerability in index.php in Gravity Board X
(GBX) 2.0 ...)
+	TODO: check
+CVE-2009-1276 (XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109,
and ...)
+	TODO: check
+CVE-2009-1275 (Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and
other ...)
+	TODO: check
+CVE-2008-6682 (Multiple cross-site scripting (XSS) vulnerabilities in Apache
Struts ...)
+	TODO: check
+CVE-2008-6681 (Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo
...)
+	TODO: check
+CVE-2007-6726 (Multiple cross-site scripting (XSS) vulnerabilities in Dojo
0.4.1 and ...)
+	TODO: check
 CVE-2009-1273 (pam_ssh 1.92 and possibly other versions, as used when PAM is
compiled ...)
 	TODO: check
 CVE-2009-1272 (The php_zip_make_relative_path function in php_zip.c in PHP
5.2.x ...)
@@ -524,18 +550,18 @@
 	RESERVED
 CVE-2009-1161
 	RESERVED
-CVE-2009-1160
-	RESERVED
-CVE-2009-1159
-	RESERVED
-CVE-2009-1158
-	RESERVED
-CVE-2009-1157
-	RESERVED
-CVE-2009-1156
-	RESERVED
-CVE-2009-1155
-	RESERVED
+CVE-2009-1160 (Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX
Security ...)
+	TODO: check
+CVE-2009-1159 (Unspecified vulnerability on Cisco Adaptive Security Appliances
(ASA) ...)
+	TODO: check
+CVE-2009-1158 (Unspecified vulnerability on Cisco Adaptive Security Appliances
(ASA) ...)
+	TODO: check
+CVE-2009-1157 (Memory leak on Cisco Adaptive Security Appliances (ASA) 5500
Series ...)
+	TODO: check
+CVE-2009-1156 (Unspecified vulnerability on Cisco Adaptive Security Appliances
(ASA) ...)
+	TODO: check
+CVE-2009-1155 (Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX
Security ...)
+	TODO: check
 CVE-2009-1154
 	RESERVED
 CVE-2009-1153
@@ -563,8 +589,8 @@
 	NOT-FOR-US: VmWare
 CVE-2009-1145
 	RESERVED
-CVE-2009-1144
-	RESERVED
+CVE-2009-1144 (Untrusted search path vulnerability in the Gentoo package of
Xpdf ...)
+	TODO: check
 CVE-2009-1143
 	RESERVED
 CVE-2009-1142
@@ -1691,10 +1717,11 @@
 	- linux-2.6.24 <unfixed>
 CVE-2009-0794
 	RESERVED
-CVE-2009-0793
+CVE-2009-0793 (cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in
OpenJDK ...)
+	TODO: check
+CVE-2009-0792 [integer overflows in argyll]
 	RESERVED
-CVE-2009-0792 [integer overflows in argyll]
-        - argyll <unfixed> (low; bug #523427)
+	- argyll <unfixed> (low; bug #523427)
 CVE-2009-0791
 	RESERVED
 CVE-2009-0790 (The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before
...)
@@ -3547,7 +3574,7 @@
 CVE-2009-0366 (The uncompress_buffer function in src/server/simple_wml.cpp in
Wesnoth ...)
 	{DSA-1737-1}
 	- wesnoth 1:1.4.7-4
-CVE-2009-0365 (The dbus request handler in NetworkManager, possibly before
0.7.1, ...)
+CVE-2009-0365 (nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains
an ...)
 	- network-manager-applet 0.7.0.99-1 (medium)
 	- network-manager 0.7.0.99-1 (medium)
 CVE-2009-0364 (Format string vulnerability in the mini_calendar component in
...)
@@ -3718,7 +3745,7 @@
 	- ffmpeg-debian 0.svn20080206-16
 	- ffmpeg <removed> 
 	- mplayer 1.0~rc2-14
-        - xine-lib <unfixed> (medium; bug #523475)
+	- xine-lib <unfixed> (medium; bug #523475)
 	NOTE: MPlayer links against libavformat since 1.0~rc2-14, etch Mplayer still
needs a fix
 	NOTE:
http://git.ffmpeg.org/?p=ffmpeg;a=commitdiff;h=72e715fb798f2cb79fd24a6d2eaeafb7c6eeda17
 CVE-2009-0318 (Untrusted search path vulnerability in the GObject Python
interpreter ...)
@@ -4134,8 +4161,8 @@
 	RESERVED
 CVE-2009-0198
 	RESERVED
-CVE-2009-0197
-	RESERVED
+CVE-2009-0197 (Integer overflow in the FORMATS Plugin before 4.23 for IrfanView
...)
+	TODO: check
 CVE-2009-0196
 	RESERVED
 CVE-2009-0195
@@ -5438,8 +5465,8 @@
 	NOT-FOR-US: Avira AntiVir
 CVE-2008-5520 (AhnLab V3 2008.12.4.1 and possibly 2008.9.13.0, when Internet
Explorer ...)
 	NOT-FOR-US: AhnLab V3
-CVE-2008-5519
-	RESERVED
+CVE-2008-5519 (The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache
Tomcat ...)
+	TODO: check
 CVE-2008-5518
 	RESERVED
 CVE-2008-5517 (The web interface in git (gitweb) 1.5.x before 1.5.6 allows
remote ...)
@@ -13944,8 +13971,8 @@
 	NOT-FOR-US:  RSA Authentication Agent
 CVE-2008-2026 (Cross-site scripting (XSS) vulnerability in
WebID/IISWebAgentIF.dll in ...)
 	NOT-FOR-US:  RSA Authentication Agent
-CVE-2008-2025
-	RESERVED
+CVE-2008-2025 (Cross-site scripting (XSS) vulnerability in Apache Struts before
...)
+	TODO: check
 CVE-2008-2024 (Cross-site scripting (XSS) vulnerability in index.php in miniBB
2.2, ...)
 	NOT-FOR-US: miniBB
 CVE-2008-2023 (Multiple SQL injection vulnerabilities in PD9 Software MegaBBS
2.2 ...)