thr3ads.net - Secure testing commits - [Secure-testing-commits] r12792

If this information is useful, please help other people find it:
Share via:
Joey Hess
2009-Sep-11 21:14 UTC
[Secure-testing-commits] r12792 - data/CVE

Author: joeyh
Date: 2009-09-11 21:14:11 +0000 (Fri, 11 Sep 2009)
New Revision: 12792

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-09-11 18:40:00 UTC (rev 12791)
+++ data/CVE/list	2009-09-11 21:14:11 UTC (rev 12792)
@@ -1,36 +1,80 @@
-CVE-2009-3162
+CVE-2009-3164 (Unspecified vulnerability in the IPv6 networking stack in Sun
Solaris ...)
+	TODO: check
+CVE-2009-3163 (Multiple format string vulnerabilities in
lib/silcclient/command.c in ...)
+	TODO: check
+CVE-2009-3145
+	RESERVED
+CVE-2009-3144
+	RESERVED
+CVE-2009-3143
+	RESERVED
+CVE-2009-3142
+	RESERVED
+CVE-2009-3141
+	RESERVED
+CVE-2009-3140
+	RESERVED
+CVE-2009-3139
+	RESERVED
+CVE-2009-3138
+	RESERVED
+CVE-2009-3137
+	RESERVED
+CVE-2009-3136
+	RESERVED
+CVE-2009-3135
+	RESERVED
+CVE-2009-3134
+	RESERVED
+CVE-2009-3133
+	RESERVED
+CVE-2009-3132
+	RESERVED
+CVE-2009-3131
+	RESERVED
+CVE-2009-3130
+	RESERVED
+CVE-2009-3129
+	RESERVED
+CVE-2009-3128
+	RESERVED
+CVE-2009-3127
+	RESERVED
+CVE-2009-3126
+	RESERVED
+CVE-2009-3162 (Cross-site scripting (XSS) vulnerability in Multi Website 1.5
allows ...)
 	NOT-FOR-US: Multi Website
-CVE-2009-3161
+CVE-2009-3161 (The server in IBM WebSphere MQ 7.0.0.1, 7.0.0.2, and 7.0.1.0
allows ...)
 	NOT-FOR-US: IBM WebSphere MQ
-CVE-2009-3160
+CVE-2009-3160 (IBM WebSphere MQ 6.x through 6.0.2.7, 7.0.0.0, 7.0.0.1, 7.0.0.2,
and ...)
 	NOT-FOR-US: IBM WebSphere MQ
-CVE-2009-3159
+CVE-2009-3159 (Unspecified vulnerability in the rriDecompress function in IBM
...)
 	NOT-FOR-US: IBM WebSphere MQ
-CVE-2009-3158
+CVE-2009-3158 (admin/files.php in simplePHPWeb 0.2 does not require
authentication, ...)
 	NOT-FOR-US: simplePHPWeb
-CVE-2009-3157
+CVE-2009-3157 (Cross-site scripting (XSS) vulnerability in the Calendar module
6.x ...)
 	NOT-FOR-US: Calendar module for Drupal
-CVE-2009-3156
+CVE-2009-3156 (Cross-site scripting (XSS) vulnerability in the Date Tools
sub-module ...)
 	NOT-FOR-US: Date module for Drupal
-CVE-2009-3155
+CVE-2009-3155 (Cross-site scripting (XSS) vulnerability in gmap.php in the
Almond ...)
 	NOT-FOR-US: Almond Classifieds component for Joomla!
-CVE-2009-3154
+CVE-2009-3154 (SQL injection vulnerability in the Almond Classifieds
(com_aclassf) ...)
 	NOT-FOR-US: Almond Classifieds component for Joomla!
-CVE-2009-3153
+CVE-2009-3153 (Multiple cross-site scripting (XSS) vulnerabilities in x10 MP3
Search ...)
 	NOT-FOR-US: x10 MP3 Search engine
-CVE-2009-3152
+CVE-2009-3152 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	NOT-FOR-US: NTSOFT BBS E-Market Professional
-CVE-2009-3151
+CVE-2009-3151 (Directory traversal vulnerability in actions/downloadFile.php in
...)
 	NOT-FOR-US: Ultrize TimeSheet
-CVE-2009-3150
+CVE-2009-3150 (SQL injection vulnerability in index.php in Multi Website 1.5
allows ...)
 	NOT-FOR-US: Multi Website
-CVE-2009-3149
+CVE-2009-3149 (Directory traversal vulnerability in _css/js.php in Elgg 1.5,
when ...)
 	NOT-FOR-US: Elgg
-CVE-2009-3148
+CVE-2009-3148 (Multiple SQL injection vulnerabilities in PortalXP Teacher
Edition 1.2 ...)
 	NOT-FOR-US: PortalXP Teacher Edition
-CVE-2009-3147
+CVE-2009-3147 (Cross-site scripting (XSS) vulnerability in showproduct.php in
...)
 	NOT-FOR-US: ReviewPost Pro
-CVE-2009-3146
+CVE-2009-3146 (Cross-site scripting (XSS) vulnerability in search_advance.php
in ...)
 	NOT-FOR-US: ArticleFriend Script
 CVE-2009-3125
 	RESERVED
@@ -177,50 +221,39 @@
 	NOT-FOR-US: Uiga Church Portal
 CVE-2009-3080
 	RESERVED
-CVE-2009-3079 [Chrome privilege escalation with FeedWriter]
-	RESERVED
+CVE-2009-3079 (Unspecified vulnerability in Mozilla Firefox before 3.0.14, and
3.5.x ...)
 	- iceweasel 3.0.14-1
 	[etch] - iceweasel <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-CVE-2009-3078 [Location bar spoofing via tall line-height Unicode characters]
-	RESERVED
+CVE-2009-3078 (Visual truncation vulnerability in Mozilla Firefox before
3.0.14, and ...)
 	- xulrunner 1.9.0.14-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-CVE-2009-3077 [TreeColumns dangling pointer vulnerability]
-	RESERVED
+CVE-2009-3077 (Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not
...)
 	- xulrunner 1.9.0.14-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-CVE-2009-3076 [Insufficient warning for PKCS11 module installation and removal]
-	RESERVED
+CVE-2009-3076 (Mozilla Firefox before 3.0.14 does not properly implement
certain ...)
 	- xulrunner 1.9.0.14-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
 	NOTE: Huh?
-CVE-2009-3075 [Crashes with evidence of memory corruption]
-	RESERVED
+CVE-2009-3075 (Multiple unspecified vulnerabilities in the JavaScript engine in
...)
 	- xulrunner 1.9.0.14-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-CVE-2009-3074 [Crashes with evidence of memory corruption]
-	RESERVED
+CVE-2009-3074 (Unspecified vulnerability in the JavaScript engine in Mozilla
Firefox ...)
 	- xulrunner 1.9.0.14-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-CVE-2009-3073 [Crashes with evidence of memory corruption]
-	RESERVED
+CVE-2009-3073 (Unspecified vulnerability in the JavaScript engine in Mozilla
Firefox ...)
 	- xulrunner <not-affected> (Only affects Firefox 3.5.x)
 	[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5.x)
 	[etch] - xulrunner <not-affected> (Only affects Firefox 3.5.x)
-CVE-2009-3072 [Crashes with evidence of memory corruption]
-	RESERVED
+CVE-2009-3072 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
 	- xulrunner 1.9.0.14-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-CVE-2009-3071 [Crashes with evidence of memory corruption]
-	RESERVED
+CVE-2009-3071 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
 	- xulrunner 1.9.0.14-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-CVE-2009-3070 [Crashes with evidence of memory corruption]
-	RESERVED
+CVE-2009-3070 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
 	- xulrunner 1.9.0.14-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-CVE-2009-3069 [Crashes with evidence of memory corruption]
-	RESERVED
+CVE-2009-3069 (Unspecified vulnerability in the browser engine in Mozilla
Firefox ...)
 	- xulrunner <not-affected> (Only affects Firefox 3.5.x)
 	[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5.x)
 	[etch] - xulrunner <not-affected> (Only affects Firefox 3.5.x)
@@ -302,23 +335,20 @@
 	NOT-FOR-US: Hero Super Player
 CVE-2008-7161 (Fortinet FortiGuard Fortinet FortiGate-1000 3.00 build
040075,070111 ...)
 	NOT-FOR-US: Fortinet FortiGuard Fortinet
-CVE-2008-7159 [silc ASN1 encoding format string vulnerability]
-	RESERVED
+CVE-2008-7159 (The silc_asn1_encoder function in lib/silcasn1/silcasn1_encode.c
in ...)
 	{DSA-1879-1}
 	[lenny] - silc-toolkit 1.1.7-2+lenny1
 	- silc-toolkit 1.1.10-1 (low)
 	- silc-client 1.1-2 (low)
 	- silc-server <not-affected> (Vulnerable code not present)
 	NOTE: silc-client uses libsilc from silc-toolkit since 1.1-2
-CVE-2009-3051 [silc various format string vulnerabilities]
-	RESERVED
+CVE-2009-3051 (Multiple format string vulnerabilities in ...)
 	{DSA-1879-1}
 	- silc-toolkit 1.1.10-1 (medium)
 	- silc-client 1.1-2 (medium)
 	- silc-server 1.1.2-1 (medium)
 	NOTE: silc-client/silc-server use libsilc from silc-toolkit since 1.1-2
-CVE-2008-7160 [silcd format string vulnerability in http server]
-	RESERVED
+CVE-2008-7160 (The silc_http_server_parse function in
lib/silchttp/silchttpserver.c ...)
 	{DSA-1879-1}
 	- silc-toolkit 1.1.10-1 (low)
 	- silc-client <not-affected> (Vulnerable code not present)
@@ -761,7 +791,7 @@
 	{DSA-1882-1}
 	- xapian-omega 1.0.15-2
 CVE-2009-2946 (Eval injection vulnerability in scripts/uscan.pl before Rev 1984
in ...)
-	{DSA-1878-1}
+	{DSA-1878-2 DSA-1878-1}
 	- devscripts 2.10.54
 CVE-2009-2945
 	RESERVED
@@ -1159,8 +1189,8 @@
 	RESERVED
 CVE-2009-2816
 	RESERVED
-CVE-2009-2815
-	RESERVED
+CVE-2009-2815 (The Telephony component in Apple iPhone OS before 3.1 does not
...)
+	TODO: check
 CVE-2009-2814
 	RESERVED
 CVE-2009-2813
@@ -1191,18 +1221,18 @@
 	RESERVED
 CVE-2009-2800
 	RESERVED
-CVE-2009-2799
-	RESERVED
-CVE-2009-2798
-	RESERVED
-CVE-2009-2797
-	RESERVED
-CVE-2009-2796
-	RESERVED
-CVE-2009-2795
-	RESERVED
-CVE-2009-2794
-	RESERVED
+CVE-2009-2799 (Heap-based buffer overflow in Apple QuickTime before 7.6.4
allows ...)
+	TODO: check
+CVE-2009-2798 (Heap-based buffer overflow in Apple QuickTime before 7.6.4
allows ...)
+	TODO: check
+CVE-2009-2797 (The WebKit component in Safari in Apple iPhone OS before 3.1,
and ...)
+	TODO: check
+CVE-2009-2796 (The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1
for ...)
+	TODO: check
+CVE-2009-2795 (Heap-based buffer overflow in the Recovery Mode component in
Apple ...)
+	TODO: check
+CVE-2009-2794 (The Exchange Support component in Apple iPhone OS before 3.1,
and ...)
+	TODO: check
 CVE-2009-2793
 	RESERVED
 CVE-2009-2792 (Directory traversal vulnerability in plugings/pagecontent.php in
...)
@@ -3173,18 +3203,18 @@
 	- kfreebsd-7 7.2-2
 	[lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
 	NOTE: http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
-CVE-2009-2207
-	RESERVED
-CVE-2009-2206
-	RESERVED
+CVE-2009-2207 (The MobileMail component in Apple iPhone OS 3.0 and 3.0.1, and
iPhone ...)
+	TODO: check
+CVE-2009-2206 (Multiple heap-based buffer overflows in the CoreAudio component
in ...)
+	TODO: check
 CVE-2009-2205 (Stack-based buffer overflow in the Java Web Start command
launcher in ...)
 	NOT-FOR-US: Mac OS X
 CVE-2009-2204 (Unspecified vulnerability in the CoreTelephony component in
Apple ...)
 	NOT-FOR-US: Apple iPhone OS 
-CVE-2009-2203
-	RESERVED
-CVE-2009-2202
-	RESERVED
+CVE-2009-2203 (Buffer overflow in Apple QuickTime before 7.6.4 allows remote
...)
+	TODO: check
+CVE-2009-2202 (Apple QuickTime before 7.6.4 allows remote attackers to execute
...)
+	TODO: check
 CVE-2009-2201
 	RESERVED
 CVE-2009-2200 (WebKit in Apple Safari before 4.0.3 does not properly restrict
the URL ...)
@@ -3846,7 +3876,7 @@
 	RESERVED
 CVE-2009-1927
 	RESERVED
-CVE-2009-1926 (Microsoft Windows 2000 SP4, Server 2003 SP2, Vista Gold, SP1,
and SP2, ...)
+CVE-2009-1926 (Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2,
Vista ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2009-1925 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1,
and ...)
 	NOT-FOR-US: Microsoft Windows Vista Gold
@@ -4376,7 +4406,7 @@
 	NOT-FOR-US: CoreTypes in Apple Mac OS X
 CVE-2009-1726 (Heap-based buffer overflow in ColorSync in Apple Mac OS X
10.4.11 and ...)
 	NOT-FOR-US: ColorSync in Apple Mac OS X
-CVE-2009-1725 (WebKit in Apple Safari before 4.0.2, KHTML in kdelibs in KDE,
QtWebKit ...)
+CVE-2009-1725 (WebKit in Apple Safari before 4.0.2, as used on iPhone OS before
3.1, ...)
 	- webkit 1.1.13-1 (medium; bug #538346)
 	- qt4-x11 4:4.5.2-2 (medium; bug #538347)
 	- kdelibs <not-affected> (medium; bug #538350)
Secure testing commits - Sep 2009 - r12792 - data/CVE

[Secure-testing-commits] r12792 - data/CVE
