Secure testing commits - Jun 2009 - r12133 - data/CVE

Author: joeyh
Date: 2009-06-15 21:14:13 +0000 (Mon, 15 Jun 2009)
New Revision: 12133

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-06-15 13:10:14 UTC (rev 12132)
+++ data/CVE/list	2009-06-15 21:14:13 UTC (rev 12133)
@@ -1,3 +1,53 @@
+CVE-2009-2056
+	RESERVED
+CVE-2009-2055
+	RESERVED
+CVE-2009-2054
+	RESERVED
+CVE-2009-2053
+	RESERVED
+CVE-2009-2052
+	RESERVED
+CVE-2009-2051
+	RESERVED
+CVE-2009-2050
+	RESERVED
+CVE-2009-2049
+	RESERVED
+CVE-2009-2048
+	RESERVED
+CVE-2009-2047
+	RESERVED
+CVE-2009-2046
+	RESERVED
+CVE-2009-2045
+	RESERVED
+CVE-2009-2044 (Mozilla Firefox 3.0.10 and earlier on Linux allows remote
attackers to ...)
+	TODO: check
+CVE-2009-2043 (nsViewManager.cpp in Mozilla Firefox 3.0.2 through 3.0.10 allows
...)
+	TODO: check
+CVE-2009-2042 (libpng before 1.2.37 does not properly parse 1-bit interlaced
images ...)
+	TODO: check
+CVE-2009-2041 (Cross-site scripting (XSS) vulnerability in A51 D.O.O.
activeCollab ...)
+	TODO: check
+CVE-2009-2040 (admin/options.php in Grestul 1.2 does not properly restrict
access, ...)
+	TODO: check
+CVE-2009-2039 (Unspecified vulnerability in the Luottokunta module before 1.3
for ...)
+	TODO: check
+CVE-2009-2038 (Unspecified vulnerability in the Finnish Bank Payment module 2.2
for ...)
+	TODO: check
+CVE-2009-2037 (Multiple directory traversal vulnerabilities in Online Grades
& ...)
+	TODO: check
+CVE-2009-2036 (SQL injection vulnerability in index.php in Open Biller 0.1
allows ...)
+	TODO: check
+CVE-2009-2035 (Unspecified vulnerability in Services 6.x before 6.x-0.14, a
module ...)
+	TODO: check
+CVE-2009-2034 (SQL injection vulnerability in writemessage.php in Yogurt 0.3,
when ...)
+	TODO: check
+CVE-2009-2033 (Cross-site scripting (XSS) vulnerability in index.php in Yogurt
0.3 ...)
+	TODO: check
+CVE-2009-2032 (Cross-site scripting (XSS) vulnerability in search.asp in
PDshopPro, ...)
+	TODO: check
 CVE-2009-XXXX [git-daemon Parameter Parsing Infinite Loop Denial of Service]
 	- git-core <unfixed> (medium; bug #532935)
 	[etch] - git-core <not-affected> (Vulnerable code not present)
@@ -468,51 +518,41 @@
 CVE-2009-1958 (charon/sa/tasks/child_create.c in the charon daemon in
strongSWAN ...)
 	- strongswan 4.2.14-1.1 (medium; bug #531612)
 	[etch] - strongswan <not-affected> (Vulnerable code not present, IKEv2
was introduced in 4.3)
-CVE-2009-1841 [JavaScript chrome privilege escalation]
-	RESERVED
+CVE-2009-1841 (js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox
before ...)
 	- xulrunner 1.9.0.11-1
 	- icedove <unfixed>
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-CVE-2009-1840 [XUL scripts bypass content-policy checks]
-	RESERVED
+CVE-2009-1840 (Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not
check ...)
 	- xulrunner 1.9.0.11-1
 	- icedove <unfixed>
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-CVE-2009-1839 [ Incorrect principal set for file: resources loaded via location
bar]
-	RESERVED
+CVE-2009-1839 (Mozilla Firefox 3 before 3.0.11 associates an incorrect
principal with ...)
 	- xulrunner 1.9.0.11-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-CVE-2009-1838 [Arbitrary code execution using event listeners attached to an
element whose owner document is null]
-	RESERVED
+CVE-2009-1838 (The garbage-collection implementation in Mozilla Firefox before
...)
 	- xulrunner 1.9.0.11-1
 	- icedove <unfixed>
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-CVE-2009-1837 [ Race condition while accessing the private data of a NPObject
JS wrapper class object]
-	RESERVED
+CVE-2009-1837 (Race condition in the NPObjWrapper_NewResolve function in ...)
 	- xulrunner 1.9.0.11-1
 	[etch] - xulrunner <not-affected> (Doesn''t affect Gecko 1.8)
-CVE-2009-1836 [ SSL tampering via non-200 responses to proxy CONNECT requests]
-	RESERVED
+CVE-2009-1836 (Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and
...)
 	- xulrunner 1.9.0.11-1
 	- icedove <unfixed>
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-CVE-2009-1835 [Arbitrary domain cookie access by local file: resources]
-	RESERVED
+CVE-2009-1835 (Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17
associate ...)
 	- xulrunner 1.9.0.11-1
 	- icedove <unfixed>
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-CVE-2009-1834 [URL spoofing with invalid unicode characters]
-	RESERVED
+CVE-2009-1834 (Visual truncation vulnerability in
netwerk/dns/src/nsIDNService.cpp in ...)
 	- xulrunner 1.9.0.11-1
 	- icedove <unfixed>
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-CVE-2009-1833 [Crashes with evidence of memory corruption]
-	RESERVED
+CVE-2009-1833 (The JavaScript engine in Mozilla Firefox before 3.0.11,
Thunderbird ...)
 	- xulrunner 1.9.0.11-1
 	- icedove <unfixed>
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-CVE-2009-1832 [Crashes with evidence of memory corruption]
-	RESERVED
+CVE-2009-1832 (Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and
...)
 	- xulrunner 1.9.0.11-1
 	- icedove <unfixed>
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
@@ -669,6 +709,7 @@
 CVE-2009-1761
 	RESERVED
 CVE-2009-1760 (Directory traversal vulnerability in src/torrent_info.cpp in
Rasterbar ...)
+	{DSA-1815-1}
 	- libtorrent-rasterbar 0.14.4-1 (medium)
 CVE-2009-1759 (Stack-based buffer overflow in the btFiles::BuildFromMI function
...)
 	- ctorrent <unfixed> (bug #530255)
@@ -1650,8 +1691,7 @@
 	RESERVED
 CVE-2009-1393
 	RESERVED
-CVE-2009-1392 [Crashes with evidence of memory corruption]
-	RESERVED
+CVE-2009-1392 (The browser engine in Mozilla Firefox 3 before 3.0.11,
Thunderbird ...)
 	- xulrunner 1.9.0.11-1
 	- icedove <unfixed>
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
@@ -4470,7 +4510,7 @@
 CVE-2009-0689
 	RESERVED
 CVE-2009-0688 (Multiple buffer overflows in the CMU Cyrus SASL library before
2.1.23 ...)
-	{DSA-1807-1}
+	{DSA-1807-1 DTSA-200-1 DTSA-201-1}
 	- cyrus-sasl2 2.1.23.dfsg1-1 (bug #528749)
 	NOTE: VU#238019
 CVE-2009-0687