thr3ads.net - Secure testing commits - [Secure-testing-commits] r12370

If this information is useful, please help other people find it:
Share via:
Joey Hess
2009-Jul-17 21:14 UTC
[Secure-testing-commits] r12370 - data/CVE

Author: joeyh
Date: 2009-07-17 21:14:34 +0000 (Fri, 17 Jul 2009)
New Revision: 12370

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-07-17 20:52:10 UTC (rev 12369)
+++ data/CVE/list	2009-07-17 21:14:34 UTC (rev 12370)
@@ -1,24 +1,62 @@
-CVE-2009-2491
+CVE-2009-2484 (Stack-based buffer overflow in the Win32AddConnection function
in ...)
+	TODO: check
+CVE-2009-2479 (Stack-based buffer overflow in Mozilla Firefox 3.5 allows remote
...)
+	TODO: check
+CVE-2009-2478 (Mozilla Firefox 3.5 allows remote attackers to cause a denial of
...)
+	TODO: check
+CVE-2009-2477 (js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript
compiler (aka ...)
+	TODO: check
+CVE-2009-2476
+	RESERVED
+CVE-2009-2475
+	RESERVED
+CVE-2009-2474
+	RESERVED
+CVE-2009-2473
+	RESERVED
+CVE-2009-2472
+	RESERVED
+CVE-2009-2471
+	RESERVED
+CVE-2009-2470
+	RESERVED
+CVE-2009-2469
+	RESERVED
+CVE-2009-2468
+	RESERVED
+CVE-2009-2467
+	RESERVED
+CVE-2009-2466
+	RESERVED
+CVE-2009-2465
+	RESERVED
+CVE-2009-2464
+	RESERVED
+CVE-2009-2463
+	RESERVED
+CVE-2009-2462
+	RESERVED
+CVE-2009-2491 (The utaudiod daemon in Sun Ray Server Software (SRSS) 4.0, when
...)
 	NOT-FOR-US: Sun Ray Server Software
-CVE-2009-2490
+CVE-2009-2490 (Unspecified vulnerability in the utaudiod daemon in Sun Ray
Server ...)
 	NOT-FOR-US: Sun Ray Server Software
-CVE-2009-2489
+CVE-2009-2489 (Unspecified vulnerability in the utdmsession program in Sun Ray
Server ...)
 	NOT-FOR-US: Sun Ray Server Software
-CVE-2009-2488
+CVE-2009-2488 (Unspecified vulnerability in the NFSv4 module in the kernel in
Sun ...)
 	NOT-FOR-US: Sun Solaris
-CVE-2009-2487
+CVE-2009-2487 (Use-after-free vulnerability in the frpr_icmp function in the
ipfilter ...)
 	NOT-FOR-US: Sun Solaris
-CVE-2009-2486
+CVE-2009-2486 (Unspecified vulnerability in the SCTP implementation in Sun
Solaris ...)
 	NOT-FOR-US: Sun Solaris
-CVE-2009-2485
+CVE-2009-2485 (Stack-based buffer overflow in HT-MP3Player 1.0 allows remote
...)
 	NOT-FOR-US: HT-MP3Player
-CVE-2009-2483
+CVE-2009-2483 (libprop/prop_object.c in proplib in NetBSD 4.0 and 4.0.1 allows
local ...)
 	NOT-FOR-US: NetBSD
-CVE-2009-2482
+CVE-2009-2482 (The pam_unix module in OpenPAM in NetBSD 4.0 before 4.0.2 and
5.0 ...)
 	NOT-FOR-US: NetBSD OpenPAM
-CVE-2009-2481
+CVE-2009-2481 (mt-wizard.cgi in Six Apart Movable Type before 4.261 when global
...)
 	NOT-FOR-US: Six Apart Movable Type
-CVE-2009-2480
+CVE-2009-2480 (Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six
Apart ...)
 	NOT-FOR-US: Six Apart Movable Type
 CVE-2009-2461 (mathtex.cgi in mathTeX, when downloaded before 20090713, does
not ...)
 	- mathtex <unfixed> (low; bug #537253)
@@ -652,7 +690,7 @@
 	NOT-FOR-US: Kasseler CMS
 CVE-2009-2228 (Cross-site scripting (XSS) vulnerability in engine.php in
Kasseler CMS ...)
 	NOT-FOR-US: Kasseler CMS
-CVE-2009-2227 (Stack-based buffer overflow in Bopup Communication Server
3.2.26.5460 ...)
+CVE-2009-2227 (Stack-based buffer overflow in B Labs Bopup Communication Server
...)
 	NOT-FOR-US: Bopup Communication Server
 CVE-2009-2226 (Cross-site scripting (XSS) vulnerability in Let''s PHP!
Tree BBS ...)
 	NOT-FOR-US: Let''s PHP! Tree BBS
@@ -1058,11 +1096,9 @@
 	RESERVED
 CVE-2009-2049
 	RESERVED
-CVE-2009-2048
-	RESERVED
+CVE-2009-2048 (Cross-site scripting (XSS) vulnerability in the Administration
...)
 	NOT-FOR-US: Cisco
-CVE-2009-2047
-	RESERVED
+CVE-2009-2047 (Directory traversal vulnerability in the Administration
interface in ...)
 	NOT-FOR-US: Cisco
 CVE-2009-2046 (The embedded web server on the Cisco Video Surveillance 2500
Series IP ...)
 	NOT-FOR-US: Cisco
@@ -1444,8 +1480,7 @@
 	NOTE: http://seclists.org/fulldisclosure/2009/Jul/0241.html
 CVE-2009-1896
 	RESERVED
-CVE-2009-1895 [linux-2.6: potential vulnerabilites in the personality
subsystem]
-	RESERVED
+CVE-2009-1895 (The personality subsystem in the Linux kernel before 2.6.31-rc3
has a ...)
 	- linux-2.6 2.6.30-3 (low)
 	- linux-2.6.24 <removed>
 CVE-2009-1894
@@ -1462,7 +1497,6 @@
 	{DSA-1834-1}
 	- apache2 2.2.11-7 (medium; bug #534712)
 CVE-2009-1890 (The stream_reqbody_cl function in mod_proxy_http.c in the
mod_proxy ...)
-	{DSA-1834-1}
 	- apache2 2.2.11-7 (medium; bug #536718)
 	[etch] - apache2 <not-affected> (bug introduced in 2.2.5)
 	[lenny] - apache2-mpm-itk 2.2.6-02-1+lenny2
@@ -2409,18 +2443,15 @@
 	RESERVED
 CVE-2009-1543
 	RESERVED
-CVE-2009-1542
-	RESERVED
+CVE-2009-1542 (The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004
SP1, ...)
 	NOT-FOR-US: Microsoft
 CVE-2009-1541
 	RESERVED
 CVE-2009-1540
 	RESERVED
-CVE-2009-1539
-	RESERVED
+CVE-2009-1539 (The QuickTime Movie Parser Filter in quartz.dll in DirectShow in
...)
 	NOT-FOR-US: Microsoft DirectX
-CVE-2009-1538
-	RESERVED
+CVE-2009-1538 (The QuickTime Movie Parser Filter in quartz.dll in DirectShow in
...)
 	NOT-FOR-US: Microsoft DirectX
 CVE-2009-1537 (Unspecified vulnerability in the QuickTime Movie Parser Filter
in ...)
 	NOT-FOR-US: Microsoft DirectX
@@ -4017,11 +4048,9 @@
 	NOT-FOR-US: Microsoft
 CVE-2009-1137 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3
allows ...)
 	NOT-FOR-US: Microsoft
-CVE-2009-1136
-	RESERVED
+CVE-2009-1136 (The Microsoft Office Web Components Spreadsheet ActiveX control
(aka ...)
 	NOT-FOR-US: ActiveX
-CVE-2009-1135
-	RESERVED
+CVE-2009-1135 (Microsoft Internet Security and Acceleration (ISA) Server 2006
Gold ...)
 	NOT-FOR-US: Microsoft Internet Security and Acceleration (ISA) Server
 CVE-2009-1134 (Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft
Office ...)
 	NOT-FOR-US: Microsoft
@@ -5654,7 +5683,7 @@
 	NOT-FOR-US: HP StorageWorks Storage Mirroring
 CVE-2009-0715 (Unspecified vulnerability in Secure NaviCLI in HP Storage
Essentials ...)
 	NOT-FOR-US: HP Storage Essentials
-CVE-2009-0714 (Unspecified vulnerability in HP Data Protector Express and
Express SSE ...)
+CVE-2009-0714 (Unspecified vulnerability in the dpwinsup module (dpwinsup.dll)
for ...)
 	NOT-FOR-US: HP Data Protector Express
 CVE-2009-0713 (Unspecified vulnerability in WMI Mapper for HP Systems Insight
Manager ...)
 	NOT-FOR-US: WMI Mapper
@@ -6330,8 +6359,7 @@
 	NOT-FOR-US: Microsoft
 CVE-2009-0567
 	RESERVED
-CVE-2009-0566
-	RESERVED
+CVE-2009-0566 (Microsoft Office Publisher 2007 SP1 does not properly calculate
object ...)
 	NOT-FOR-US: Microsoft Office Publisher
 CVE-2009-0565 (Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and
2007 ...)
 	NOT-FOR-US: Microsoft
@@ -7629,11 +7657,9 @@
 	NOT-FOR-US: Microsoft Windows
 CVE-2009-0233 (The DNS Resolver Cache Service (aka DNSCache) in Windows DNS
Server in ...)
 	NOT-FOR-US: Microsoft Windows
-CVE-2009-0232
-	RESERVED
+CVE-2009-0232 (Integer overflow in the Embedded OpenType (EOT) Font Engine in
...)
 	NOT-FOR-US: Microsoft Windows
-CVE-2009-0231
-	RESERVED
+CVE-2009-0231 (Heap-based buffer overflow in the Embedded OpenType (EOT) Font
Engine ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2009-0230 (The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2
and ...)
 	NOT-FOR-US: Microsoft
@@ -23174,7 +23200,7 @@
 	- iceweasel 3.0
 	- iceape 1.1.12-1
 	- icedove 2.0.0.17-1
-CVE-2008-0015 (Stack-based buffer overflow in MPEG2TuneRequest in the Microsoft
Video ...)
+CVE-2008-0015 (Stack-based buffer overflow in the MPEG2TuneRequest ActiveX
control in ...)
 	NOT-FOR-US: Microsoft
 CVE-2008-0014 (Heap-based buffer overflow in an unspecified procedure in Trend
Micro ...)
 	NOT-FOR-US: Trend Micro
Secure testing commits - Jul 2009 - r12370 - data/CVE

[Secure-testing-commits] r12370 - data/CVE
