Author: joeyh Date: 2009-10-20 21:14:19 +0000 (Tue, 20 Oct 2009) New Revision: 13055 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-10-19 22:51:22 UTC (rev 13054) +++ data/CVE/list 2009-10-20 21:14:19 UTC (rev 13055) @@ -247,13 +247,12 @@ - liboping 1.3.3-1 (low; bug #548684) [lenny] - liboping <not-affected> (doesn''t have -f option yet) [etch] - liboping <not-affected> (doesn''t have -f option yet) -CVE-2009-3613 [kernel remote DoS] - RESERVED +CVE-2009-3613 (The swiotlb functionality in the r8169 driver in drivers/net/r8169.c ...) - linux-2.6 2.6.29-1 (medium) - linux-2.6.24 <removed> NOTE: http://www.openwall.com/lists/oss-security/2009/10/15/4 -CVE-2009-3612 - RESERVED +CVE-2009-3612 (The tcf_fill_node function in net/sched/cls_api.c in the netlink ...) + TODO: check CVE-2009-3611 [backintime information disclosure] RESERVED - backintime 0.9.26-3 (bug #543785) @@ -400,8 +399,7 @@ RESERVED CVE-2009-3547 RESERVED -CVE-2009-3546 - RESERVED +CVE-2009-3546 (The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.0, and the ...) - php5 <not-affected> (the php packages use the system libgd2) NOTE: http://svn.php.net/viewvc?view=revision&revision=289557 NOTE: <20091015173822.084de220 at redhat.com> in OSS-sec @@ -610,16 +608,16 @@ RESERVED CVE-2009-3463 RESERVED -CVE-2009-3462 - RESERVED -CVE-2009-3461 - RESERVED -CVE-2009-3460 - RESERVED +CVE-2009-3462 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...) + TODO: check +CVE-2009-3461 (Unspecified vulnerability in Adobe Acrobat 9.x before 9.2 allows ...) + TODO: check +CVE-2009-3460 (Adobe Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x ...) + TODO: check CVE-2009-3459 (Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before ...) NOT-FOR-US: Adobe Acrobat -CVE-2009-3458 - RESERVED +CVE-2009-3458 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...) + TODO: check CVE-2009-3457 (Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) ...) NOT-FOR-US: Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) CVE-2009-3456 (Google Chrome, possibly 3.0.195.21 and earlier, does not properly ...) @@ -1136,10 +1134,10 @@ - kolab-cyrus-imapd 2.2.13-5.1 (medium; bug #547712) - dovecot 1:1.2.1-1 (medium; bug #546656) NOTE: This is a different vulnerability than CVE-2009-2632, it covers a few additional buffer overflows -CVE-2009-3228 - RESERVED -CVE-2005-4881 - RESERVED +CVE-2009-3228 (The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem ...) + TODO: check +CVE-2005-4881 (The netlink subsystem in the Linux kernel 2.4.x before 2.4.37.6 and ...) + TODO: check CVE-2009-3236 (The form library in Horde Application Framework 3.2 before 3.2.5 and ...) {DSA-1897-1} - horde3 3.3.5+debian0-1 (medium; bug #547318) @@ -2014,46 +2012,46 @@ TODO: next point release [lenny] - serveez 0.1.5-2.1+lenny1 [etch] - serveez <no-dsa> (Fringe package, mostly unused) TODO: next point release [etch] - serveez 0.1.5-2+etch1 -CVE-2009-2998 - RESERVED -CVE-2009-2997 - RESERVED -CVE-2009-2996 - RESERVED -CVE-2009-2995 - RESERVED -CVE-2009-2994 - RESERVED -CVE-2009-2993 - RESERVED -CVE-2009-2992 - RESERVED -CVE-2009-2991 - RESERVED -CVE-2009-2990 - RESERVED -CVE-2009-2989 - RESERVED -CVE-2009-2988 - RESERVED -CVE-2009-2987 - RESERVED -CVE-2009-2986 - RESERVED -CVE-2009-2985 - RESERVED -CVE-2009-2984 - RESERVED -CVE-2009-2983 - RESERVED -CVE-2009-2982 - RESERVED -CVE-2009-2981 - RESERVED -CVE-2009-2980 - RESERVED -CVE-2009-2979 - RESERVED +CVE-2009-2998 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...) + TODO: check +CVE-2009-2997 (Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before ...) + TODO: check +CVE-2009-2996 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...) + TODO: check +CVE-2009-2995 (Integer overflow in Adobe Acrobat 7.x before 7.1.4, 8.x before 8.1.7, ...) + TODO: check +CVE-2009-2994 (Buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x ...) + TODO: check +CVE-2009-2993 (The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before ...) + TODO: check +CVE-2009-2992 (An unspecified ActiveX control in Adobe Reader and Acrobat 9.x before ...) + TODO: check +CVE-2009-2991 (Unspecified vulnerability in the Mozilla plug-in in Adobe Reader and ...) + TODO: check +CVE-2009-2990 (Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x ...) + TODO: check +CVE-2009-2989 (Integer overflow in Adobe Acrobat 9.x before 9.2, 8.x before 8.1.7, ...) + TODO: check +CVE-2009-2988 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...) + TODO: check +CVE-2009-2987 (Unspecified vulnerability in an ActiveX control in Adobe Reader and ...) + TODO: check +CVE-2009-2986 (Multiple heap-based buffer overflows in Adobe Reader and Acrobat 7.x ...) + TODO: check +CVE-2009-2985 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...) + TODO: check +CVE-2009-2984 (Unspecified vulnerability in the image decoder in Adobe Acrobat 9.x ...) + TODO: check +CVE-2009-2983 (Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and ...) + TODO: check +CVE-2009-2982 (An unspecified certificate in Adobe Reader and Acrobat 9.x before 9.2, ...) + TODO: check +CVE-2009-2981 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...) + TODO: check +CVE-2009-2980 (Integer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x ...) + TODO: check +CVE-2009-2979 (Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and ...) + TODO: check CVE-2009-2978 (SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and ...) NOT-FOR-US: SugarCRM CVE-2009-2977 (The Cisco Security Monitoring, Analysis and Response System (CS-MARS) ...) @@ -2096,8 +2094,8 @@ NOT-FOR-US: ArubaOS CVE-2009-2971 RESERVED -CVE-2009-2970 - RESERVED +CVE-2009-2970 (Stack-based buffer overflow in the GetUiDllVersion function in an ...) + TODO: check CVE-2009-2969 RESERVED CVE-2009-2968 (Directory traversal vulnerability in a support component in the web ...) @@ -45389,8 +45387,8 @@ - clamav 0.88.7-1 (medium; bug #401873) CVE-2006-6405 (BitDefender Mail Protection for SMB 2.0 allows remote attackers to ...) NOT-FOR-US: BitDefender -CVE-2006-6404 - RESERVED +CVE-2006-6404 (Innovation Data Processing FDR allows remote attackers to cause a ...) + TODO: check CVE-2006-6403 (mystats.php in MyStats 1.0.8 and earlier allows remote attackers to ...) NOT-FOR-US: MyStats CVE-2006-6402 (SQL injection vulnerability in mystats.php in MyStats 1.0.8 and ...)