Author: thijs
Date: 2009-05-22 09:00:24 +0000 (Fri, 22 May 2009)
New Revision: 11953
Modified:
data/CVE/list
data/DSA/list
Log:
CVE ids assigned
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-05-21 21:14:18 UTC (rev 11952)
+++ data/CVE/list 2009-05-22 09:00:24 UTC (rev 11953)
@@ -1,3 +1,13 @@
+CVE-2009-1756 [slim insecure auth secret passing]
+ - slim <unfixed> (low; bug #529306)
+CVE-2009-1755 [off-by-one in nsd]
+ - nsd3 <unfixed> (medium; bug #529418)
+ - nsd 2.3.7-3 (medium; bug #529420)
+ NOTE: VU#710316
+CVE-2009-1753 [unsafe temp file in coccinelle]
+ - coccinelle 0.1.7.deb-3 (low)
+ [lenny] - coccinelle <no-dsa> (Minor issue)
+ [etch] - coccinelle <no-dsa> (Minor issue)
CVE-2009-1678 (Directory traversal vulnerability in the saveFeed function in
...)
NOT-FOR-US: Bitweaver
CVE-2009-1677 (Multiple static code injection vulnerabilities in the saveFeed
...)
@@ -26,11 +36,6 @@
NOT-FOR-US: CastRipper
CVE-2009-1666 (Multiple unspecified vulnerabilities in CycloMedia
CycloScopeLite ...)
NOT-FOR-US: CycloMedia CycloScopeLite
-CVE-2009-XXXX [off-by-one in nsd]
- - nsd3 <unfixed> (medium; bug #529418)
- - nsd 2.3.7-3 (medium; bug #529420)
- NOTE: CVE id requested
- NOTE: VU#710316
CVE-2009-1665 (myaccount.php in Easy Scripts Answer and Question Script allows
remote ...)
NOT-FOR-US: Easy Scripts Answer and Question Script
CVE-2009-1664 (myaccount.php in Easy Scripts Answer and Question Script does
not ...)
@@ -98,9 +103,6 @@
CVE-2009-XXXX [libsndfile VOC and AIFF Processing Buffer Overflow
Vulnerabilities]
- libsndfile 1.0.20-1 (medium; bug #528650)
NOTE: http://trapkit.de/advisories/TKADV2009-006.txt
-CVE-2009-XXXX [slim insecure auth secret passing]
- - slim <unfixed> (low; bug #529306)
- NOTE: CVE id request on oss-sec
CVE-2009-XXXX [drupal: cross-site scripting vulnerability]
- drupal5 5.18 (low; bug #529191)
- drupal6 6.12 (low; bug #529190)
@@ -434,11 +436,6 @@
- gst-plugins-bad0.10 <not-affected> (Vulnerable code not present; bug
#527077)
[etch] - libmodplug <not-affected> (Vulnerable code not present)
NOTE: gst-plugins-bad0.10 in testing and unstable builds against an external
libmodplug.
-CVE-2009-XXXX [unsafe temp file in coccinelle]
- - coccinelle 0.1.7.deb-3 (low)
- [lenny] - coccinelle <no-dsa> (Minor issue)
- [etch] - coccinelle <no-dsa> (Minor issue)
- NOTE: CVE id requested
CVE-2009-1519 (Directory traversal vulnerability in index.php in Pecio CMS
1.1.5 ...)
NOT-FOR-US: Pecio CMS
CVE-2009-1518 (Cross-site request forgery (CSRF) vulnerability in Beltane
before ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2009-05-21 21:14:18 UTC (rev 11952)
+++ data/DSA/list 2009-05-22 09:00:24 UTC (rev 11953)
@@ -3,6 +3,7 @@
[etch] - squirrelmail 2:1.4.9a-5
[lenny] - squirrelmail 2:1.4.15-4+lenny2
[20 May 2009] DSA-1803-1 nsd nsd3 - denial of service
+ {CVE-2009-1755}
[etch] - nsd 2.3.6-1+etch1
[lenny] - nsd 2.3.7-1.1+lenny1
[lenny] - nsd3 3.0.7-3.lenny2