Author: joeyh
Date: 2009-04-20 21:14:20 +0000 (Mon, 20 Apr 2009)
New Revision: 11671
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-04-20 20:48:25 UTC (rev 11670)
+++ data/CVE/list 2009-04-20 21:14:20 UTC (rev 11671)
@@ -1,3 +1,25 @@
+CVE-2009-1341
+ RESERVED
+CVE-2009-1340
+ RESERVED
+CVE-2009-1339
+ RESERVED
+CVE-2009-1338
+ RESERVED
+CVE-2009-1337
+ RESERVED
+CVE-2009-1336
+ RESERVED
+CVE-2009-1335 (Microsoft Internet Explorer 7 and 8 on Windows XP and Vista
allows ...)
+ TODO: check
+CVE-2009-1334 (Cross-site scripting (XSS) vulnerability in
login/FilepathLogin.html ...)
+ TODO: check
+CVE-2009-1333 (Cross-site scripting (XSS) vulnerability in refresh_rate.htm in
the ...)
+ TODO: check
+CVE-2009-1332 (The Online Help feature in Sun Java System Directory Server 5.2
and ...)
+ TODO: check
+CVE-2009-1331 (Integer overflow in Microsoft Windows Media Player (WMP) ...)
+ TODO: check
CVE-2009-XXXX [linux-2.6: /dev/mem rootkit vulnerability]
- linux-2.6 2.6.29-1 (low; bug #524373)
NOTE: according to the kernel team (see bug report), they have no interest in
backporting a
@@ -102,8 +124,8 @@
NOT-FOR-US: AJ Square AJ Article
CVE-2009-XXXX [clamav: UPack crash]
- clamav 0.95.1+dfsg-1
- [etch] - clamav 0.90.1dfsg-4-etch19
- [lenny] - clamav 0.94.dfsg.2-1lenny2
+ [etch] - clamav 0.90.1dfsg-4-etch19
+ [lenny] - clamav 0.94.dfsg.2-1lenny2
NOTE: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1552
CVE-2009-XXXX [clamav: cli_url_canon]
- clamav 0.95.1+dfsg-1
@@ -235,6 +257,7 @@
- php5 5.2.6.dfsg.1-3
- php4 <not-affected> (this is caused by the fix for CVE-2008-5658,
which was not applied to php4)
CVE-2009-1271 (The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x
before ...)
+ {DSA-1775-1}
- php5 5.2.9.dfsg.1-1
- php4 <not-affected> (the JSON extension was introduced in php5.2)
- php-json-ext <unfixed>
@@ -406,9 +429,9 @@
NOT-FOR-US: Versalsoft HTTP Image Uploader ActiveX
CVE-2008-6637 (Multiple cross-site scripting (XSS) vulnerabilities in
forgotPW.php in ...)
NOT-FOR-US: Library Video Company SAFARI Montage
-CVE-2008-6636 (SQL injection vulnerability in skins/default.php in Geody Labs
Dagger ...)
+CVE-2008-6636 (PHP remote file inclusion vulnerability in skins/default.php in
Geody ...)
NOT-FOR-US: Geody Labs Dagger
-CVE-2008-6635 (SQL injection vulnerability in skins/default.php in Geody Labs
Dagger ...)
+CVE-2008-6635 (PHP remote file inclusion vulnerability in skins/default.php in
Geody ...)
NOT-FOR-US: Geody Labs Dagger
CVE-2008-6634 (SQL injection vulnerability in RoomPHPlanning 1.5 allows remote
...)
NOT-FOR-US: RoomPHPlanning
@@ -668,12 +691,10 @@
CVE-2009-1187 [pdf vulnerabilities]
RESERVED
- poppler <unfixed> (medium; bug #524806)
-CVE-2009-1186 [udev: buffer overflow in util_path_encode]
- RESERVED
+CVE-2009-1186 (Buffer overflow in the util_path_encode function in ...)
{DSA-1772-1}
- udev <unfixed> (medium)
-CVE-2009-1185 [udev: missing origin check for NETLINK messages]
- RESERVED
+CVE-2009-1185 (udev before 1.4.1 does not verify whether a NETLINK message
originates ...)
{DSA-1772-1}
- udev <unfixed> (medium)
CVE-2009-1184
@@ -5506,10 +5527,10 @@
{DSA-1750-1}
- pngcrush 1.6.15-1
- libpng 1.2.35-1 (bug #516256)
-CVE-2009-0039
- RESERVED
-CVE-2009-0038
- RESERVED
+CVE-2009-0039 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the web ...)
+ TODO: check
+CVE-2009-0038 (Multiple cross-site scripting (XSS) vulnerabilities in the web
...)
+ TODO: check
CVE-2009-0037 (The redirect implementation in curl and libcurl 5.11 through
7.19.3, ...)
{DSA-1738-1}
- curl 7.18.2-8.1 (bug #518423)
@@ -5746,8 +5767,8 @@
NOT-FOR-US: AhnLab V3
CVE-2008-5519 (The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache
Tomcat ...)
- tomcat5.5 <unfixed>
-CVE-2008-5518
- RESERVED
+CVE-2008-5518 (Multiple directory traversal vulnerabilities in the web
administration ...)
+ TODO: check
CVE-2008-5517 (The web interface in git (gitweb) 1.5.x before 1.5.6 allows
remote ...)
{DSA-1708-1}
- git-core 1:1.5.6.5-2 (low; bug #512330)