thr3ads.net - Secure testing commits - [Secure-testing-commits] r12740

If this information is useful, please help other people find it:
Share via:
Joey Hess
2009-Sep-02 21:14 UTC
[Secure-testing-commits] r12740 - data/CVE

Author: joeyh
Date: 2009-09-02 21:14:15 +0000 (Wed, 02 Sep 2009)
New Revision: 12740

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-09-02 19:03:51 UTC (rev 12739)
+++ data/CVE/list	2009-09-02 21:14:15 UTC (rev 12740)
@@ -1,48 +1,50 @@
-CVE-2009-3038
+CVE-2009-3039
+	RESERVED
+CVE-2009-3038 (A certain ActiveX control in lnresobject.dll 7.1.1.119 in the
Research ...)
 	NOT-FOR-US: ActiveX
-CVE-2009-3037
+CVE-2009-3037 (Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer
(aka ...)
 	NOT-FOR-US: Autonomy KeyView XLS viewer
-CVE-2008-7152
+CVE-2008-7152 (Multiple PHP remote file inclusion vulnerabilities in Specimen
Image ...)
 	NOT-FOR-US: Specimen Image Database
-CVE-2008-7151
+CVE-2008-7151 (Cross-site request forgery (CSRF) vulnerability in Live 5.x
before ...)
 	NOT-FOR-US: Live third-party Drupal module
-CVE-2008-7150
+CVE-2008-7150 (Cross-site scripting (XSS) vulnerability in Refine by Taxonomy
5.x ...)
 	NOT-FOR-US: Refine by Taxonomy
-CVE-2008-7149
+CVE-2008-7149 (Unspecified vulnerability in AgileWiki before 0.10.1 has unknown
...)
 	NOT-FOR-US: AgileWiki
-CVE-2008-7148
+CVE-2008-7148 (Unspecified vulnerability in Synfig Animation Studio before
0.61.08 ...)
 	NOT-FOR-US: Synfig Animation Studio
-CVE-2008-7147
+CVE-2008-7147 (Multiple cross-site scripting (XSS) vulnerabilities in
IntraLearn ...)
 	NOT-FOR-US: IntraLearn Software IntraLearn
-CVE-2008-7146
+CVE-2008-7146 (IntraLearn Software IntraLearn 2.1, and possibly other versions
before ...)
 	NOT-FOR-US: IntraLearn Software IntraLearn
-CVE-2008-7145
+CVE-2008-7145 (Multiple SQL injection vulnerabilities in index.php in
CoronaMatrix ...)
 	NOT-FOR-US: CoronaMatrix phpAddressBook
-CVE-2008-7144
+CVE-2008-7144 (Multiple unspecified vulnerabilities in RARLAB WinRAR before
3.71 have ...)
 	NOT-FOR-US: RARLAB WinRAR
-CVE-2008-7143
+CVE-2008-7143 (phpBB 2.0.23 includes the session ID in a request to modcp.php
when ...)
 	- phpbb2 <removed>
-CVE-2008-7142
+CVE-2008-7142 (Absolute path traversal vulnerability in the Disk Usage module
...)
 	NOT-FOR-US: cPanel
-CVE-2008-7141
+CVE-2008-7141 (Cross-site scripting (XSS) vulnerability in setup.php in @lex
Poll 2.1 ...)
 	NOT-FOR-US: @lex Poll
-CVE-2008-7140
+CVE-2008-7140 (Multiple cross-site scripting (XSS) vulnerabilities in @lex
Guestbook ...)
 	NOT-FOR-US: @lex Guestbook
-CVE-2008-7139
+CVE-2008-7139 (Multiple cross-site request forgery (CSRF) vulnerabilities in
WS-Proxy ...)
 	NOT-FOR-US: Eye-Fi
-CVE-2008-7138
+CVE-2008-7138 (The Manager in Eye-Fi 1.1.2 generates predictable snonce values
based ...)
 	NOT-FOR-US: Eye-Fi
-CVE-2008-7137
+CVE-2008-7137 (WS-Proxy in Eye-Fi 1.1.2 allows remote attackers to cause a
denial of ...)
 	NOT-FOR-US: Eye-Fi
-CVE-2008-7136
+CVE-2008-7136 (toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote
attackers ...)
 	NOT-FOR-US: ICQ Toolbar
-CVE-2008-7135
+CVE-2008-7135 (toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote
attackers ...)
 	NOT-FOR-US: ICQ Toolbar
-CVE-2008-7134
+CVE-2008-7134 (Multiple cross-site scripting (XSS) vulnerabilities in the
default URI ...)
 	NOT-FOR-US: Chris LaPointe RedGalaxy Download Center
-CVE-2008-7133
+CVE-2008-7133 (Multiple cross-site scripting (XSS) vulnerabilities in
onlinetools.org ...)
 	NOT-FOR-US: onlinetools.org EasyImageCatalogue
-CVE-2008-7132
+CVE-2008-7132 (Cross-site scripting (XSS) vulnerability in index.php in
Nuked-Klan ...)
 	NOT-FOR-US: Nuked-Klan
 CVE-2009-3036
 	RESERVED
@@ -68,7 +70,7 @@
 	TODO: check
 CVE-2009-3024 (The verify_hostname_of_cert function in the certificate checking
...)
 	TODO: check
-CVE-2009-3023 (Buffer overflow in the FTP server in Microsoft IIS 5.0 and 6.0
allows ...)
+CVE-2009-3023 (Buffer overflow in the FTP server in Microsoft Internet
Information ...)
 	NOT-FOR-US: Microsoft IIS
 CVE-2009-3022 (Cross-site request forgery (CSRF) vulnerability in bingo!CMS 1.2
and ...)
 	NOT-FOR-US: bingo!CMS
@@ -403,6 +405,7 @@
 	RESERVED
 CVE-2009-2946
 	RESERVED
+	{DSA-1878-1}
 	- devscripts 2.10.54
 CVE-2009-2945
 	RESERVED
@@ -973,10 +976,10 @@
 	NOT-FOR-US: DD-WRT
 CVE-2008-6974 (Multiple cross-site request forgery (CSRF) vulnerabilities in
...)
 	NOT-FOR-US: DD-WRT
-CVE-2009-3040 [Sql injection in OCS Inventory NG Server]
+CVE-2009-3040 (Multiple SQL injection vulnerabilities in Open Computer and
Software ...)
 	- ocsinventory-server 1.02.1-2 (low; bug #541995)
 	NOTE: Authentication is needed
-CVE-2009-3042 [Sql injection in OCS Inventory NG Server]
+CVE-2009-3042 (SQL injection vulnerability in machine.php in Open Computer and
...)
 	- ocsinventory-server 1.02.1-2 (low; bug #541995)
 	NOTE: Authentication is needed
 CVE-2009-2763
@@ -1263,7 +1266,7 @@
 	- mantis 1.1.8+dfsg-2 (medium; bug #425010)
 	[lenny] - mantis 1.1.6+dfsg-2lenny1
 	NOTE: cve id requested on oss-sec
-CVE-2009-3041 [missing authorization check in spip installer]
+CVE-2009-3041 (SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use
proper ...)
 	- spip 2.0.9-1 (medium)
 CVE-2009-XXXX [rubygems: integrity violation]
 	- libgems-ruby <not-affected> (Debian''s version installs gems
packages to /var/lib/gems, bug #540610)
@@ -2194,6 +2197,7 @@
 	NOTE: vulnerable code not present, introduced in 2.3.x
 	NOTE: to be fixed in upstream version 2.3.3
 CVE-2009-2446 (Multiple format string vulnerabilities in the dispatch_command
...)
+	{DSA-1877-1}
 	- mysql-dfsg-5.0 <unfixed> (low; bug #536726) 
 	TODO: check lenny/sid; they are likely fixed according to the report, but i
did not check
 CVE-2009-XXXX [libio-socket-ssl-perl: partial hostname matching vulnerability]
Secure testing commits - Sep 2009 - r12740 - data/CVE

[Secure-testing-commits] r12740 - data/CVE
