thr3ads.net - Secure testing commits - [Secure-testing-commits] r12107

If this information is useful, please help other people find it:
Share via:
Joey Hess
2009-Jun-11 21:14 UTC
[Secure-testing-commits] r12107 - data/CVE

Author: joeyh
Date: 2009-06-11 21:14:21 +0000 (Thu, 11 Jun 2009)
New Revision: 12107

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-06-11 12:47:38 UTC (rev 12106)
+++ data/CVE/list	2009-06-11 21:14:21 UTC (rev 12107)
@@ -1,3 +1,35 @@
+CVE-2009-2027 (The Installer in Apple Safari before 4.0 on Windows allows local
users ...)
+	TODO: check
+CVE-2009-2026
+	RESERVED
+CVE-2009-2025 (admin/login.php in DM FileManager 3.9.2 allows remote attackers
to ...)
+	TODO: check
+CVE-2009-2024 (Vlad Titarenko ASP VT Auth 1.0 stores sensitive information
under the ...)
+	TODO: check
+CVE-2009-2023 (SQL injection vulnerability in index.php in Shop-Script Pro
2.12, when ...)
+	TODO: check
+CVE-2009-2022 (fipsCMS Light 2.1 stores sensitive information under the web
root with ...)
+	TODO: check
+CVE-2009-2021 (SQL injection vulnerability in search.php in Virtue Classifieds
allows ...)
+	TODO: check
+CVE-2009-2020 (Cross-site scripting (XSS) vulnerability in news_detail.php in
Virtue ...)
+	TODO: check
+CVE-2009-2019 (SQL injection vulnerability in news_detail.php in Virtue News
Manager ...)
+	TODO: check
+CVE-2009-2018 (SQL injection vulnerability in admin/index.php in Jared
Eckersley ...)
+	TODO: check
+CVE-2009-2017 (SQL injection vulnerability in products.php in Virtue Book Store
...)
+	TODO: check
+CVE-2009-2016 (SQL injection vulnerability in products.php in Virtue Shopping
Mall ...)
+	TODO: check
+CVE-2009-2015 (Directory traversal vulnerability in includes/file_includer.php
in the ...)
+	TODO: check
+CVE-2009-2014 (SQL injection vulnerability in the ComSchool (com_school)
component ...)
+	TODO: check
+CVE-2009-2013 (SQL injection vulnerability in bin/aps_browse_sources.php in
Frontis ...)
+	TODO: check
+CVE-2009-2012 (Unspecified vulnerability in idmap in Sun OpenSolaris snv_88
through ...)
+	TODO: check
 CVE-2009-2011
 	RESERVED
 CVE-2009-2010 (Multiple SQL injection vulnerabilities in Haudenschilt Family
...)
@@ -662,82 +694,82 @@
 	RESERVED
 CVE-2009-1719
 	RESERVED
-CVE-2009-1718
-	RESERVED
+CVE-2009-1718 (WebKit in Apple Safari before 4.0 allows user-assisted remote
...)
+	TODO: check
 CVE-2009-1717 (Integer overflow in Terminal in Apple Mac OS X 10.5 before
10.5.7 ...)
 	NOT-FOR-US: Mac OS X
-CVE-2009-1716
-	RESERVED
-CVE-2009-1715
-	RESERVED
-CVE-2009-1714
-	RESERVED
-CVE-2009-1713
-	RESERVED
-CVE-2009-1712
-	RESERVED
-CVE-2009-1711
-	RESERVED
-CVE-2009-1710
-	RESERVED
-CVE-2009-1709
-	RESERVED
-CVE-2009-1708
-	RESERVED
-CVE-2009-1707
-	RESERVED
-CVE-2009-1706
-	RESERVED
-CVE-2009-1705
-	RESERVED
-CVE-2009-1704
-	RESERVED
-CVE-2009-1703
-	RESERVED
-CVE-2009-1702
-	RESERVED
-CVE-2009-1701
-	RESERVED
-CVE-2009-1700
-	RESERVED
-CVE-2009-1699
-	RESERVED
-CVE-2009-1698
-	RESERVED
-CVE-2009-1697
-	RESERVED
-CVE-2009-1696
-	RESERVED
-CVE-2009-1695
-	RESERVED
-CVE-2009-1694
-	RESERVED
-CVE-2009-1693
-	RESERVED
+CVE-2009-1716 (CFNetwork in Apple Safari before 4.0 on Windows does not
properly ...)
+	TODO: check
+CVE-2009-1715 (Cross-site scripting (XSS) vulnerability in Web Inspector in
WebKit in ...)
+	TODO: check
+CVE-2009-1714 (Cross-site scripting (XSS) vulnerability in Web Inspector in
WebKit in ...)
+	TODO: check
+CVE-2009-1713 (The XSLT functionality in WebKit in Apple Safari before 4.0 does
not ...)
+	TODO: check
+CVE-2009-1712 (WebKit in Apple Safari before 4.0 does not prevent remote
loading of ...)
+	TODO: check
+CVE-2009-1711 (WebKit in Apple Safari before 4.0 does not properly initialize
memory ...)
+	TODO: check
+CVE-2009-1710 (WebKit in Apple Safari before 4.0 allows remote attackers to
spoof the ...)
+	TODO: check
+CVE-2009-1709 (Use-after-free vulnerability in the garbage-collection
implementation ...)
+	TODO: check
+CVE-2009-1708 (Apple Safari before 4.0 does not prevent calls to the
open-help-anchor ...)
+	TODO: check
+CVE-2009-1707 (Race condition in the Reset Safari implementation in Apple
Safari ...)
+	TODO: check
+CVE-2009-1706 (The Private Browsing feature in Apple Safari before 4.0 on
Windows ...)
+	TODO: check
+CVE-2009-1705 (CoreGraphics in Apple Safari before 4.0 on Windows does not
properly ...)
+	TODO: check
+CVE-2009-1704 (CFNetwork in Apple Safari before 4.0 misinterprets downloaded
image ...)
+	TODO: check
+CVE-2009-1703 (WebKit in Apple Safari before 4.0 does not prevent references to
file: ...)
+	TODO: check
+CVE-2009-1702 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
+	TODO: check
+CVE-2009-1701 (Use-after-free vulnerability in the JavaScript DOM
implementation in ...)
+	TODO: check
+CVE-2009-1700 (The XSLT implementation in WebKit in Apple Safari before 4.0
does not ...)
+	TODO: check
+CVE-2009-1699 (The XSL stylesheet implementation in WebKit in Apple Safari
before 4.0 ...)
+	TODO: check
+CVE-2009-1698 (WebKit in Apple Safari before 4.0 does not initialize a pointer
during ...)
+	TODO: check
+CVE-2009-1697 (CRLF injection vulnerability in WebKit in Apple Safari before
4.0 ...)
+	TODO: check
+CVE-2009-1696 (WebKit in Apple Safari before 4.0 uses predictable random
numbers in ...)
+	TODO: check
+CVE-2009-1695 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
+	TODO: check
+CVE-2009-1694 (WebKit in Apple Safari before 4.0 does not properly handle
redirects, ...)
+	TODO: check
+CVE-2009-1693 (WebKit in Apple Safari before 4.0 allows remote attackers to
read ...)
+	TODO: check
 CVE-2009-1692
 	RESERVED
-CVE-2009-1691
-	RESERVED
-CVE-2009-1690
-	RESERVED
-CVE-2009-1689
-	RESERVED
-CVE-2009-1688
-	RESERVED
-CVE-2009-1687
-	RESERVED
-CVE-2009-1686
-	RESERVED
-CVE-2009-1685
-	RESERVED
-CVE-2009-1684
-	RESERVED
+CVE-2009-1691 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
+	TODO: check
+CVE-2009-1690 (WebKit in Apple Safari before 4.0 does not properly manage
memory for ...)
+	TODO: check
+CVE-2009-1689 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
+	TODO: check
+CVE-2009-1688 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
+	TODO: check
+CVE-2009-1687 (The JavaScript garbage collector in WebKit in Apple Safari
before 4.0 ...)
+	TODO: check
+CVE-2009-1686 (WebKit in Apple Safari before 4.0 does not properly handle
constant ...)
+	TODO: check
+CVE-2009-1685 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
+	TODO: check
+CVE-2009-1684 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
+	TODO: check
 CVE-2009-1683
 	RESERVED
-CVE-2009-1682
-	RESERVED
-CVE-2009-1681
-	RESERVED
+CVE-2009-1682 (Apple Safari before 4.0 does not properly check for revoked
Extended ...)
+	TODO: check
+CVE-2009-1681 (WebKit in Apple Safari before 4.0 does not prevent web sites
from ...)
+	TODO: check
 CVE-2009-1680
 	RESERVED
 CVE-2009-1679
@@ -760,7 +792,8 @@
 	NOT-FOR-US: Bitweaver
 CVE-2009-1677 (Multiple static code injection vulnerabilities in the saveFeed
...)
 	NOT-FOR-US: Bitweaver
-CVE-2009-1676 (The WebDAV implementation in Microsoft Internet Information
Services ...)
+CVE-2009-1676
+	REJECTED
 	NOT-FOR-US: IIS
 CVE-2009-1675 (Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24
allows ...)
 	NOT-FOR-US: ElectraSoft 32bit FTP
@@ -1142,22 +1175,22 @@
 	NOT-FOR-US: Microsoft DirectX
 CVE-2009-1536
 	RESERVED
-CVE-2009-1535
-	RESERVED
+CVE-2009-1535 (The WebDAV extension in Microsoft Internet Information Services
(IIS) ...)
+	TODO: check
 CVE-2009-1534
 	RESERVED
-CVE-2009-1533
-	RESERVED
-CVE-2009-1532
-	RESERVED
-CVE-2009-1531
-	RESERVED
-CVE-2009-1530
-	RESERVED
-CVE-2009-1529
-	RESERVED
-CVE-2009-1528
-	RESERVED
+CVE-2009-1533 (Buffer overflow in the Works for Windows document converters in
...)
+	TODO: check
+CVE-2009-1532 (Microsoft Internet Explorer 8 for Windows XP SP2 and SP3; 8 for
Server ...)
+	TODO: check
+CVE-2009-1531 (Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for
Server ...)
+	TODO: check
+CVE-2009-1530 (Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for
Server ...)
+	TODO: check
+CVE-2009-1529 (Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for
Server ...)
+	TODO: check
+CVE-2009-1528 (Microsoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3;
6 and ...)
+	TODO: check
 CVE-2009-1527 (Race condition in the ptrace_attach function in kernel/ptrace.c
in the ...)
 	- linux-2.6 2.6.29-5 (high)
 	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
@@ -1915,8 +1948,7 @@
 	RESERVED
 CVE-2009-1297
 	RESERVED
-CVE-2009-1296 [ecrpytfs-utils: unencrypted passphrase stored on disk]
-	RESERVED
+CVE-2009-1296 (The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on
...)
 	- ecryptfs-utils <unfixed> (unimportant; bug #532372)
 	NOTE: this is a non-issue as the debian installer doesn''t support per
user
 	NOTE: encrypted home directories with ecryptfs, so no passphrase is stored in
the
@@ -2496,8 +2528,8 @@
 	RESERVED
 CVE-2009-1197
 	RESERVED
-CVE-2009-1196
-	RESERVED
+CVE-2009-1196 (The directory-services functionality in the scheduler in CUPS
1.1.17 ...)
+	TODO: check
 CVE-2009-1195 (The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not
...)
 	- apache2 2.2.11-6 (low; bug #530834)
 CVE-2009-1194 (Integer overflow in the pango_glyph_string_set_size function in
...)
@@ -2699,22 +2731,22 @@
 	RESERVED
 CVE-2009-1142
 	RESERVED
-CVE-2009-1141
-	RESERVED
-CVE-2009-1140
-	RESERVED
-CVE-2009-1139
-	RESERVED
-CVE-2009-1138
-	RESERVED
+CVE-2009-1141 (Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and
Server ...)
+	TODO: check
+CVE-2009-1140 (Microsoft Internet Explorer 5.01 SP4; 6 SP1; 6 and 7 for Windows
XP ...)
+	TODO: check
+CVE-2009-1139 (Memory leak in the LDAP service in Active Directory on Microsoft
...)
+	TODO: check
+CVE-2009-1138 (The LDAP service in Active Directory on Microsoft Windows 2000
SP4 ...)
+	TODO: check
 CVE-2009-1137 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3
allows ...)
 	NOT-FOR-US: Microsoft
 CVE-2009-1136
 	RESERVED
 CVE-2009-1135
 	RESERVED
-CVE-2009-1134
-	RESERVED
+CVE-2009-1134 (Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft
Office ...)
+	TODO: check
 CVE-2009-1133
 	RESERVED
 CVE-2009-1132
@@ -2729,16 +2761,16 @@
 	NOT-FOR-US: Microsoft
 CVE-2009-1127
 	RESERVED
-CVE-2009-1126
-	RESERVED
-CVE-2009-1125
-	RESERVED
-CVE-2009-1124
-	RESERVED
-CVE-2009-1123
-	RESERVED
-CVE-2009-1122
-	RESERVED
+CVE-2009-1126 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and
Server ...)
+	TODO: check
+CVE-2009-1125 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server
2003 ...)
+	TODO: check
+CVE-2009-1124 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server
2003 ...)
+	TODO: check
+CVE-2009-1123 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server
2003 ...)
+	TODO: check
+CVE-2009-1122 (The WebDAV extension in Microsoft Internet Information Services
(IIS) ...)
+	TODO: check
 CVE-2009-1121
 	RESERVED
 CVE-2009-1120
@@ -3307,9 +3339,9 @@
 	NOT-FOR-US: Apple QuickTime
 CVE-2009-0950 (Stack-based buffer overflow in Apple iTunes before 8.2 allows
remote ...)
 	NOT-FOR-US: Apple iTunes
-CVE-2009-0949
-	RESERVED
+CVE-2009-0949 (The ippReadIO function in cups/ipp.c in cupsd in CUPS before
1.3.10 ...)
 	{DSA-1811-1}
+	TODO: check
 CVE-2009-0948
 	RESERVED
 CVE-2009-0947
@@ -3878,8 +3910,8 @@
 	{DTSA-198-1}
 	- argyll 1.0.3-3 (medium; bug #523472; bug #524802)
 	- ghostscript 8.64~dfsg-1.1 (medium; bug #524915)
-CVE-2009-0791
-	RESERVED
+CVE-2009-0791 (Multiple integer overflows in the pdftops filter in CUPS 1.1.17,
...)
+	TODO: check
 CVE-2009-0790 (The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before
...)
 	{DSA-1760-1 DSA-1759-1}
 	- openswan 1:2.6.21+dfsg-1 (medium; bug #521949)
@@ -4991,30 +5023,30 @@
 	NOT-FOR-US: Ninja Designs Mailist
 CVE-2009-0569 (Buffer overflow in Becky! Internet Mail 2.48.02 and earlier
allows ...)
 	NOT-FOR-US: Becky! Internet Mail
-CVE-2009-0568
-	RESERVED
+CVE-2009-0568 (The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000
SP4, XP ...)
+	TODO: check
 CVE-2009-0567
 	RESERVED
 CVE-2009-0566
 	RESERVED
-CVE-2009-0565
-	RESERVED
+CVE-2009-0565 (Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and
2007 ...)
+	TODO: check
 CVE-2009-0564
 	RESERVED
-CVE-2009-0563
-	RESERVED
+CVE-2009-0563 (Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and
2007 ...)
+	TODO: check
 CVE-2009-0562
 	RESERVED
-CVE-2009-0561
-	RESERVED
-CVE-2009-0560
-	RESERVED
-CVE-2009-0559
-	RESERVED
-CVE-2009-0558
-	RESERVED
-CVE-2009-0557
-	RESERVED
+CVE-2009-0561 (Integer overflow in Excel in Microsoft Office 2000 SP3, Office
XP SP3, ...)
+	TODO: check
+CVE-2009-0560 (Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003
SP3, ...)
+	TODO: check
+CVE-2009-0559 (Stack-based buffer overflow in Excel in Microsoft Office 2000
SP3 and ...)
+	TODO: check
+CVE-2009-0558 (Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for
Mac, ...)
+	TODO: check
+CVE-2009-0557 (Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003
SP3, ...)
+	TODO: check
 CVE-2009-0556 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3,
and ...)
 	NOT-FOR-US: Microsoft Office
 CVE-2009-0555
@@ -5029,8 +5061,8 @@
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2009-0550 (Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000
SP4, XP ...)
 	NOT-FOR-US: Microsoft Windows
-CVE-2009-0549
-	RESERVED
+CVE-2009-0549 (Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003
SP3, ...)
+	TODO: check
 CVE-2009-0548 (Cross-site scripting (XSS) vulnerability in the Additional
Report ...)
 	NOT-FOR-US: Additional Report Settings interface in ESET Remote Administrator
 CVE-2009-0547 (Evolution 2.22.3.1 checks S/MIME signatures against a copy of
the ...)
@@ -6282,8 +6314,8 @@
 	{DSA-1725-1}
 	- websvn 2.0-4+lenny1 (bug #512191)
 	[etch] - websvn <not-affected> (authenthication doesn''t exist
in that version)
-CVE-2009-0239
-	RESERVED
+CVE-2009-0239 (Cross-site scripting (XSS) vulnerability in Windows Search 4.0
for ...)
+	TODO: check
 CVE-2009-0238 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007
SP1; ...)
 	NOT-FOR-US: Microsoft
 CVE-2009-0237 (Cross-site scripting (XSS) vulnerability in cookieauth.dll in
the HTML ...)
@@ -6300,12 +6332,12 @@
 	RESERVED
 CVE-2009-0231
 	RESERVED
-CVE-2009-0230
-	RESERVED
-CVE-2009-0229
-	RESERVED
-CVE-2009-0228
-	RESERVED
+CVE-2009-0230 (The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2
and ...)
+	TODO: check
+CVE-2009-0229 (The Windows Printing Service in Microsoft Windows 2000 SP4, XP
SP2 and ...)
+	TODO: check
+CVE-2009-0228 (Buffer overflow in the Windows Print Spooler in Microsoft
Windows 2000 ...)
+	TODO: check
 CVE-2009-0227 (Stack-based buffer overflow in the PowerPoint 4.2 conversion
filter ...)
 	NOT-FOR-US: Microsoft
 CVE-2009-0226 (Stack-based buffer overflow in the PowerPoint 4.2 conversion
filter in ...)
@@ -15219,8 +15251,8 @@
 CVE-2008-2476 (The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1)
...)
 	- kfreebsd-7 7.0-6
 	NOTE: IPv6 NDP flaw not affecting Linux
-CVE-2008-2475
-	RESERVED
+CVE-2008-2475 (eBay Enhanced Picture Uploader ActiveX control
(EPUWALcontrol.dll) ...)
+	TODO: check
 CVE-2008-2474 (Buffer overflow in x87 before 3.5.5 in ABB Process Communication
Unit ...)
 	NOT-FOR-US: ABB Process Communication Unit
 CVE-2008-2473
@@ -30801,7 +30833,7 @@
 	NOT-FOR-US: Solaris Management Console
 CVE-2007-3092 (Microsoft Internet Explorer 6 allows remote attackers to spoof
the URL ...)
 	NOT-FOR-US: MSIE6
-CVE-2007-3091 (Race condition in Microsoft Internet Explorer 6 and 7 allows
remote ...)
+CVE-2007-3091 (Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for
...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2007-3090
 	REJECTED
@@ -48075,7 +48107,7 @@
 	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
 	- mozilla <unfixed> (medium)
 	- xulrunner 1.8.0.4-1 (medium)
-CVE-2006-2783 (Mozilla Firefox and Thunderbird before 1.5.0.4 strips the
Unicode ...)
+CVE-2006-2783 (Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode
...)
 	{DSA-1134-1 DSA-1120 DSA-1118}
 	NOTE: MFSA-2006-42
 	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
Secure testing commits - Jun 2009 - r12107 - data/CVE

[Secure-testing-commits] r12107 - data/CVE
