Author: joeyh
Date: 2009-10-30 21:14:22 +0000 (Fri, 30 Oct 2009)
New Revision: 13157
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-10-30 17:45:19 UTC (rev 13156)
+++ data/CVE/list 2009-10-30 21:14:22 UTC (rev 13157)
@@ -432,8 +432,7 @@
NOT-FOR-US: FrontRange HEAT
CVE-2009-3641 (Snort before 2.8.5.1, when the -v option is enabled, allows
remote ...)
TODO: check
-CVE-2009-3640 [linux-2.6: kvm null ptr dereference]
- RESERVED
+CVE-2009-3640 (The update_cr8_intercept function in arch/x86/kvm/x86.c in the
KVM ...)
- linux-2.6 <unfixed> (medium)
[etch] - linux-2.6 <not-affected> (introduced in 2.6.25)
NOTE: fixed in upstream 2.6.32-rc1
@@ -442,8 +441,7 @@
CVE-2009-3639 (The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before
...)
- proftpd-dfsg 1.3.2a-2 (low)
NOTE: http://bugs.proftpd.org/show_bug.cgi?id=3275
-CVE-2009-3638 [linux-2.6: integer overflow in
kvm_dev_ioctl_get_supported_cpuid()]
- RESERVED
+CVE-2009-3638 (Integer overflow in the kvm_dev_ioctl_get_supported_cpuid
function in ...)
- linux-2.6 <unfixed> (medium)
[etch] - linux-2.6 <not-affected> (introduced in 2.6.25)
NOTE: fixed in upstream 2.6.32-rc4
@@ -479,13 +477,11 @@
CVE-2009-3628 [typo3-sa-2009-016]
RESERVED
- typo3-src 4.2.10-1 (medium; bug #552020)
-CVE-2009-3627 ["decode_entities()" Denial of Service]
- RESERVED
+CVE-2009-3627 (The decode_entities function in util.c in HTML-Parser before
3.63 ...)
{DSA-1923-1}
- libhtml-parser-perl 3.64-1 (bug #552531)
NOTE: http://secunia.com/advisories/37155/
-CVE-2009-3626 [perl utf8 DoS]
- RESERVED
+CVE-2009-3626 (Perl 5.10.1 allows context-dependent attackers to cause a denial
of ...)
- perl <unfixed> (bug #552291)
[lenny] - perl <not-affected> (Vulnerable code not present)
[etch] - perl <not-affected> (Vulnerable code not present)
@@ -1110,64 +1106,51 @@
RESERVED
CVE-2009-3384
RESERVED
-CVE-2009-3383
- RESERVED
+CVE-2009-3383 (Multiple unspecified vulnerabilities in the JavaScript engine in
...)
- xulrunner 1.9.1.4-1
[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
[etch] - xulrunner <not-affected> (Only affects Firefox 3.5)
-CVE-2009-3382
- RESERVED
+CVE-2009-3382 (layout/base/nsCSSFrameConstructor.cpp in the browser engine in
Mozilla ...)
{DSA-1922-1}
- xulrunner 1.9.1.4-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-CVE-2009-3381
- RESERVED
+CVE-2009-3381 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
- xulrunner 1.9.1.4-1
[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
[etch] - xulrunner <not-affected> (Only affects Firefox 3.5)
-CVE-2009-3380
- RESERVED
+CVE-2009-3380 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
{DSA-1922-1}
- xulrunner 1.9.1.4-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-CVE-2009-3379
- RESERVED
+CVE-2009-3379 (Multiple unspecified vulnerabilities in libvorbis, as used in
Mozilla ...)
- libvorbis 1.2.3-1
-CVE-2009-3378
- RESERVED
+CVE-2009-3378 (The oggplay_data_handle_theora_frame function in ...)
- liboggplay <unfixed> (bug filed)
-CVE-2009-3377
- RESERVED
+CVE-2009-3377 (Multiple unspecified vulnerabilities in liboggz before ...)
- liboggz 0.9.9-1
-CVE-2009-3376
- RESERVED
+CVE-2009-3376 (Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and
SeaMonkey ...)
{DSA-1922-1}
- xulrunner 1.9.1.4-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-CVE-2009-3375
- RESERVED
+CVE-2009-3375 (content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox
3.0.x ...)
{DSA-1922-1}
- xulrunner 1.9.1.4-1
[etch] - xulrunner <not-affected> (Only affects Firefox 3.x)
-CVE-2009-3374
- RESERVED
+CVE-2009-3374 (The XPCVariant::VariantDataToJS function in the XPCOM
implementation ...)
{DSA-1922-1}
- xulrunner 1.9.1.4-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-CVE-2009-3373
- RESERVED
+CVE-2009-3373 (Heap-based buffer overflow in the GIF image parser in Mozilla
Firefox ...)
{DSA-1922-1}
- xulrunner 1.9.1.4-1
[etch] - xulrunner <not-affected> (Only affects Firefox 3.x)
-CVE-2009-3372
- RESERVED
+CVE-2009-3372 (Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and
SeaMonkey ...)
{DSA-1922-1}
- xulrunner 1.9.1.4-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-CVE-2009-3371
- RESERVED
-CVE-2009-3370
- RESERVED
+CVE-2009-3371 (Use-after-free vulnerability in Mozilla Firefox 3.5.x before
3.5.4 ...)
+ TODO: check
+CVE-2009-3370 (Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows
remote ...)
{DSA-1922-1}
- xulrunner 1.9.1.4-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
@@ -1375,7 +1358,7 @@
NOT-FOR-US: NASD CORE.NET Terelik (aka corenet1)
CVE-2009-3275
(Blocks/Common/Src/Configuration/Manageability/Adm/AdmContentBuilder.cs ...)
NOT-FOR-US: Microsoft patterns & practices Enterprise Library
-CVE-2009-3274 (Mozilla Firefox 3.6a1, 3.5.2, and earlier 2.x and 3.x versions
on ...)
+CVE-2009-3274 (Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions,
and ...)
{DSA-1922-1}
- xulrunner 1.9.1.4-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
@@ -6769,8 +6752,7 @@
RESERVED
CVE-2009-1564
RESERVED
-CVE-2009-1563
- RESERVED
+CVE-2009-1563 (Array index error in Mozilla Firefox 3.0.x before 3.0.15 and
3.5.x ...)
- nspr <unfixed>
[etch] - nspr <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
CVE-2009-1562