thr3ads.net - Secure testing commits - [Secure-testing-commits] r12920

If this information is useful, please help other people find it:
Share via:
Joey Hess
2009-Oct-02 21:14 UTC
[Secure-testing-commits] r12920 - data/CVE

Author: joeyh
Date: 2009-10-02 21:14:16 +0000 (Fri, 02 Oct 2009)
New Revision: 12920

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-10-02 19:10:16 UTC (rev 12919)
+++ data/CVE/list	2009-10-02 21:14:16 UTC (rev 12920)
@@ -1,40 +1,42 @@
-CVE-2009-3524
+CVE-2009-3525
+	RESERVED
+CVE-2009-3524 (Unspecified vulnerability in ashWsFtr.dll in avast! Home and
...)
 	NOT-FOR-US: avast! Home and Professional
-CVE-2009-3523
+CVE-2009-3523 (aavmKer4.sys in avast! Home and Professional for Windows before
...)
 	NOT-FOR-US: avast! Home and Professional
-CVE-2009-3522
+CVE-2009-3522 (Stack-based buffer overflow in aswMon2.sys in avast! Home and
...)
 	NOT-FOR-US: avast! Home and Professional
-CVE-2009-3521
+CVE-2009-3521 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
 	NOT-FOR-US: WebSphere
-CVE-2009-3520
+CVE-2009-3520 (Cross-site request forgery (CSRF) vulnerability in the
Your_account ...)
 	NOT-FOR-US: CMSphp
-CVE-2009-3519
+CVE-2009-3519 (Multiple memory leaks in the IP module in the kernel in Sun
Solaris 8 ...)
 	NOT-FOR-US: Sun Solaris
-CVE-2009-3518
+CVE-2009-3518 (Argument injection vulnerability in the iim: URI handler in
IBMIM.exe ...)
 	NOT-FOR-US: IBM Installation Manager
-CVE-2009-3517
+CVE-2009-3517 (nfs.ext in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2
does ...)
 	NOT-FOR-US: IBM AIX
-CVE-2009-3516
+CVE-2009-3516 (gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does
not ...)
 	NOT-FOR-US: IBM AIX
-CVE-2009-3515
+CVE-2009-3515 (Directory traversal vulnerability in dnet_admin/index.php in
d.net CMS ...)
 	NOT-FOR-US: d.net CMS
-CVE-2009-3514
+CVE-2009-3514 (Multiple SQL injection vulnerabilities in d.net CMS allow remote
...)
 	NOT-FOR-US: d.net CMS
-CVE-2009-3513
+CVE-2009-3513 (Multiple cross-site scripting (XSS) vulnerabilities in Pilot
Group ...)
 	NOT-FOR-US: Pilot Group (PG) eTraining
-CVE-2009-3512
+CVE-2009-3512 (Multiple cross-site scripting (XSS) vulnerabilities in MyWeight
1.0 ...)
 	NOT-FOR-US: MyWeight
-CVE-2009-3511
+CVE-2009-3511 (Multiple PHP remote file inclusion vulnerabilities in justVisual
1.2 ...)
 	NOT-FOR-US: justVisual
-CVE-2009-3510
+CVE-2009-3510 (SQL injection vulnerability in viewListing.php in linkSpheric
0.74 ...)
 	NOT-FOR-US: linkSpheric
-CVE-2009-3509
+CVE-2009-3509 (Cross-site scripting (XSS) vulnerability in
admin/admin_index.php in ...)
 	NOT-FOR-US: CJ Dynamic Poll PRO
-CVE-2009-3508
+CVE-2009-3508 (Multiple directory traversal vulnerabilities in MUJE CMS
1.0.4.34 ...)
 	NOT-FOR-US: MUJE CMS
-CVE-2009-3507
+CVE-2009-3507 (Directory traversal vulnerability in modules.php in CMSphp 0.21
allows ...)
 	NOT-FOR-US: CMSphp
-CVE-2009-3506
+CVE-2009-3506 (Multiple cross-site scripting (XSS) vulnerabilities in CMSphp
0.21 ...)
 	NOT-FOR-US: CMSphp
 CVE-2009-3505 (SQL injection vulnerability in view_news.php in Vastal I-Tech
MMORPG ...)
 	NOT-FOR-US: Vastal I-Tech MMORPG Zone
@@ -887,16 +889,19 @@
 	[lenny] - pam <not-affected> (pam-auth-update not yet present)
 	[etch] - pam <not-affected> (pam-auth-update not yet present)
 CVE-2009-3229 (The core server component in PostgreSQL 8.4 before 8.4.1, 8.3
before ...)
+	{DSA-1900-1}
 	- postgresql-8.4 8.4.1-1
 	- postgresql-8.3 8.3.8-1
 	- postgresql-8.1 <not-affected>
 	- postgresql-7.4 <not-affected>
 CVE-2009-3230 (The core server component in PostgreSQL 8.4 before 8.4.1, 8.3
before ...)
+	{DSA-1900-1}
 	- postgresql-8.4 8.4.1-1
 	- postgresql-8.3 8.3.8-1
 	- postgresql-8.1 <removed>
 	- postgresql-7.4 <removed>
 CVE-2009-3231 (The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2
...)
+	{DSA-1900-1}
 	- postgresql-8.4 8.4.1-1
 	- postgresql-8.3 8.3.8-1
 	- postgresql-8.1 <not-affected>
@@ -1216,7 +1221,7 @@
 	NOT-FOR-US: ActiveX
 CVE-2008-7167 (Unrestricted file upload vulnerability in upload.php in Page
Manager ...)
 	NOT-FOR-US: Page Manager
-CVE-2009-3068 (Unspecified vulnerability in Adobe RoboHelp Server 8 might allow
...)
+CVE-2009-3068 (Unrestricted file upload vulnerability in the RoboHelpServer
Servlet ...)
 	NOT-FOR-US: Adobe RoboHelp Server
 CVE-2009-3067 (Cross-site scripting (XSS) vulnerability in index.php in
Reservation ...)
 	NOT-FOR-US: Reservation Manager
@@ -1911,8 +1916,7 @@
 CVE-2009-2905 (Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6,
and ...)
 	{DSA-1894-1}
 	- newt <unfixed> (medium; bug #548198)
-CVE-2009-2904
-	RESERVED
+CVE-2009-2904 (A certain Red Hat modification to the ChrootDirectory feature in
...)
 	- openssh <not-affected> (issue with homechroot patch specific to Red
Hat)
 CVE-2009-2903 (Memory leak in the appletalk subsystem in the Linux kernel 2.4.x
...)
 	- linux-2.6 <unfixed> (low)
@@ -2855,6 +2859,7 @@
 	- xulrunner 1.9.0.13-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
 CVE-2009-2661 (The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2
before ...)
+	{DSA-1899-1}
 	- strongswan 4.3.2-1.1 (bug #540144)
 CVE-2009-2660 (Multiple integer overflows in CamlImages 2.2 might allow ...)
 	{DSA-1857-1}
@@ -4229,6 +4234,7 @@
 CVE-2009-2186 (Unspecified vulnerability in Adobe Shockwave Player before
11.0.0.465 ...)
 	NOT-FOR-US: Adobe Shockwave Playe
 CVE-2009-2185 (The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, ...)
+	{DSA-1899-1 DSA-1898-1}
 	- strongswan 4.2.14-1.2 (bug #533837)
 	- openswan 1:2.6.22+dfsg-1
 CVE-2009-XXXX [request-tracker: root priviledges for dialog]
@@ -5102,9 +5108,11 @@
 CVE-2003-1572 (Sun Java Media Framework (JMF) 2.1.1 through 2.1.1c allows
unsigned ...)
 	NOT-FOR-US: Historic issues in proprietary Java
 CVE-2009-1957 (charon/sa/ike_sa.c in the charon daemon in strongSWAN before
4.3.1 ...)
+	{DSA-1899-1}
 	- strongswan 4.2.14-1.1 (medium; bug #531612)
 	[etch] - strongswan <not-affected> (Vulnerable code not present, IKEv2
was introduced in 4.3)
 CVE-2009-1958 (charon/sa/tasks/child_create.c in the charon daemon in
strongSWAN ...)
+	{DSA-1899-1}
 	- strongswan 4.2.14-1.1 (medium; bug #531612)
 	[etch] - strongswan <not-affected> (Vulnerable code not present, IKEv2
was introduced in 4.3)
 CVE-2009-1841 (js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox
before ...)
@@ -11213,7 +11221,7 @@
 	NOT-FOR-US: AREVA e-terrahabitat
 CVE-2009-0210 (Buffer overflow in the MLF application in AREVA e-terrahabitat
5.7 and ...)
 	NOT-FOR-US: AREVA e-terrahabitat
-CVE-2009-0209
+CVE-2009-0209 (PI Server in OSIsoft PI System before 3.4.380.x does not
properly use ...)
 	NOT-FOR-US: OSIsoft PI System
 CVE-2009-0208 (Unspecified vulnerability in HP Virtual Rooms Client before
7.0.1, ...)
 	NOT-FOR-US: HP Virtual Rooms Client
Secure testing commits - Oct 2009 - r12920 - data/CVE

[Secure-testing-commits] r12920 - data/CVE
