Secure testing commits - Nov 2009 - r13280 - data/CVE

Author: joeyh
Date: 2009-11-12 21:14:19 +0000 (Thu, 12 Nov 2009)
New Revision: 13280

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-11-12 18:58:53 UTC (rev 13279)
+++ data/CVE/list	2009-11-12 21:14:19 UTC (rev 13280)
@@ -1,3 +1,15 @@
+CVE-2009-3930 (Multiple integer overflows in Christos Zoulas file before 5.02
allow ...)
+	TODO: check
+CVE-2009-3929
+	RESERVED
+CVE-2009-3928
+	RESERVED
+CVE-2009-3927
+	RESERVED
+CVE-2009-3926
+	RESERVED
+CVE-2009-3925
+	RESERVED
 CVE-2009-XXXX [dansguardian: not blocking sites]
 	- dansguardian <unfixed> (low; bug #548108)
 CVE-2009-3924 (Buffer overflow in pbsv.dll, as used in Soldier of Fortune II
and ...)
@@ -428,8 +440,7 @@
 	TODO: check
 CVE-2009-3728 (Directory traversal vulnerability in the ICC_Profile.getInstance
...)
 	TODO: check
-CVE-2009-3727 [asterisk AST-2009-008]
-	RESERVED
+CVE-2009-3727 (Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3,
...)
 	- asterisk <unfixed>
 	[lenny] - asterisk <no-dsa> (Minor issue)
 	[etch] - asterisk <no-dsa> (Minor issue)
@@ -2125,24 +2136,24 @@
 	RESERVED
 CVE-2009-3136
 	RESERVED
-CVE-2009-3135
-	RESERVED
-CVE-2009-3134
-	RESERVED
-CVE-2009-3133
-	RESERVED
-CVE-2009-3132
-	RESERVED
-CVE-2009-3131
-	RESERVED
-CVE-2009-3130
-	RESERVED
-CVE-2009-3129
-	RESERVED
-CVE-2009-3128
-	RESERVED
-CVE-2009-3127
-	RESERVED
+CVE-2009-3135 (Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and
2008 for ...)
+	TODO: check
+CVE-2009-3134 (Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2;
...)
+	TODO: check
+CVE-2009-3133 (Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac,
and ...)
+	TODO: check
+CVE-2009-3132 (Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2;
...)
+	TODO: check
+CVE-2009-3131 (Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2;
...)
+	TODO: check
+CVE-2009-3130 (Heap-based buffer overflow in Microsoft Office Excel 2002 SP3,
Office ...)
+	TODO: check
+CVE-2009-3129 (Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2;
...)
+	TODO: check
+CVE-2009-3128 (Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel
Viewer ...)
+	TODO: check
+CVE-2009-3127 (Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and
2008 for ...)
+	TODO: check
 CVE-2009-3126 (Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1,
Windows ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2009-3162 (Cross-site scripting (XSS) vulnerability in Multi Website 1.5
allows ...)
@@ -3308,55 +3319,54 @@
 	RESERVED
 CVE-2009-2841
 	RESERVED
-CVE-2009-2840
-	RESERVED
-CVE-2009-2839
-	RESERVED
-CVE-2009-2838
-	RESERVED
-CVE-2009-2837
-	RESERVED
-CVE-2009-2836
-	RESERVED
-CVE-2009-2835
-	RESERVED
-CVE-2009-2834
-	RESERVED
-CVE-2009-2833
-	RESERVED
-CVE-2009-2832
-	RESERVED
-CVE-2009-2831
-	RESERVED
-CVE-2009-2830
-	RESERVED
-CVE-2009-2829
-	RESERVED
-CVE-2009-2828
-	RESERVED
-CVE-2009-2827
-	RESERVED
-CVE-2009-2826
-	RESERVED
-CVE-2009-2825
-	RESERVED
-CVE-2009-2824
-	RESERVED
-CVE-2009-2823
-	RESERVED
+CVE-2009-2840 (Spotlight in Apple Mac OS X 10.5.8 does not properly handle
temporary ...)
+	TODO: check
+CVE-2009-2839 (Screen Sharing in Apple Mac OS X 10.5.8 allows remote VNC
servers to ...)
+	TODO: check
+CVE-2009-2838 (Integer overflow in QuickLook in Apple Mac OS X 10.5.8 allows
remote ...)
+	TODO: check
+CVE-2009-2837 (Heap-based buffer overflow in QuickDraw Manager in Apple Mac OS
X ...)
+	TODO: check
+CVE-2009-2836 (Race condition in Login Window in Apple Mac OS X 10.6.x before
10.6.2, ...)
+	TODO: check
+CVE-2009-2835 (The kernel in Apple Mac OS X before 10.6.2 does not properly
handle ...)
+	TODO: check
+CVE-2009-2834 (IOKit in Apple Mac OS X before 10.6.2 allows local users to
modify the ...)
+	TODO: check
+CVE-2009-2833 (Buffer overflow in the UCCompareTextDefault API in International
...)
+	TODO: check
+CVE-2009-2832 (Buffer overflow in FTP Server in Apple Mac OS X before 10.6.2
allows ...)
+	TODO: check
+CVE-2009-2831 (Dictionary in Apple Mac OS X 10.5.8 allows remote attackers to
create ...)
+	TODO: check
+CVE-2009-2830 (Multiple buffer overflows in Christos Zoulas file before 5.03 in
Apple ...)
+	TODO: check
+CVE-2009-2829 (Event Monitor in Apple Mac OS X 10.5.8 does not properly handle
...)
+	TODO: check
+CVE-2009-2828 (The server in DirectoryService in Apple Mac OS X 10.5.8 allows
remote ...)
+	TODO: check
+CVE-2009-2827 (Heap-based buffer overflow in Disk Images in Apple Mac OS X
10.5.8 ...)
+	TODO: check
+CVE-2009-2826 (Multiple integer overflows in CoreGraphics in Apple Mac OS X
10.5.8 ...)
+	TODO: check
+CVE-2009-2825 (Certificate Assistant in Apple Mac OS X before 10.6.2 does not
...)
+	TODO: check
+CVE-2009-2824 (Multiple buffer overflows in Apple Type Services (ATS) in Apple
Mac OS ...)
+	TODO: check
+CVE-2009-2823 (The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables
the ...)
+	TODO: check
 CVE-2009-2822
 	RESERVED
 CVE-2009-2821
 	RESERVED
-CVE-2009-2820 [cups: admin webfrontend is prone to XSS]
-	RESERVED
+CVE-2009-2820 (CUPS in Apple Mac OS X before 10.6.2 does not properly handle
(1) HTTP ...)
 	{DSA-1933-1}
 	- cups <unfixed> (low; bug #555666)
 	- cupsys <removed>
-CVE-2009-2819
-	RESERVED
-CVE-2009-2818
-	RESERVED
+CVE-2009-2819 (AFP Client in Apple Mac OS X 10.5.8 allows remote AFP servers to
...)
+	TODO: check
+CVE-2009-2818 (Adaptive Firewall in Apple Mac OS X before 10.6.2 does not
properly ...)
+	TODO: check
 CVE-2009-2817 (Buffer overflow in Apple iTunes before 9.0.1 allows remote
attackers ...)
 	NOT-FOR-US: Apple iTunes
 CVE-2009-2816
@@ -3374,12 +3384,12 @@
 	NOT-FOR-US: Apple Mac OS X
 CVE-2009-2811 (Incomplete blacklist vulnerability in Launch Services in Apple
Mac OS ...)
 	NOT-FOR-US: Apple Mac OS X
-CVE-2009-2810
-	RESERVED
+CVE-2009-2810 (Launch Services in Apple Mac OS X 10.6.x before 10.6.2
recursively ...)
+	TODO: check
 CVE-2009-2809 (ImageIO in Apple Mac OS X 10.4.11 and 10.5.8 allows remote
attackers ...)
 	NOT-FOR-US: ImageIO in Apple Mac OS X
-CVE-2009-2808
-	RESERVED
+CVE-2009-2808 (Help Viewer in Apple Mac OS X before 10.6.2 does not use an
HTTPS ...)
+	TODO: check
 CVE-2009-2807 (Heap-based buffer overflow in the USB backend in CUPS in Apple
Mac OS ...)
 	- cupsys <not-affected> (issue in darwin-specific code; bug #550150)
 	- cups <not-affected> (issue in darwin-specific code; bug #550150)
@@ -4471,8 +4481,8 @@
 	NOT-FOR-US: Microsoft Windows Media Runtime
 CVE-2009-2524 (Integer underflow in the NTLM authentication feature in the
Local ...)
 	NOT-FOR-US: Microsoft Windows XP 
-CVE-2009-2523
-	RESERVED
+CVE-2009-2523 (Heap-based buffer overflow in the License Logging Server in
Microsoft ...)
+	TODO: check
 CVE-2009-2522
 	RESERVED
 CVE-2009-2521 (Stack consumption vulnerability in the FTP Service in Microsoft
...)
@@ -4489,12 +4499,12 @@
 	NOT-FOR-US: Microsoft Windows 2000
 CVE-2009-2515 (Integer underflow in the kernel in Microsoft Windows 2000 SP4,
XP SP2 ...)
 	NOT-FOR-US: Microsoft Windows 2000
-CVE-2009-2514
-	RESERVED
-CVE-2009-2513
-	RESERVED
-CVE-2009-2512
-	RESERVED
+CVE-2009-2514 (win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2
and ...)
+	TODO: check
+CVE-2009-2513 (The Graphics Device Interface (GDI) in win32k.sys in the kernel
in ...)
+	TODO: check
+CVE-2009-2512 (The Web Services on Devices API (WSDAPI) in Windows Vista Gold,
SP1, ...)
+	TODO: check
 CVE-2009-2511 (Integer overflow in the CryptoAPI component in Microsoft Windows
2000 ...)
 	NOT-FOR-US: Microsoft Windows 2000
 CVE-2009-2510 (The CryptoAPI component in Microsoft Windows 2000 SP4, Windows
XP SP2 ...)
@@ -6070,8 +6080,8 @@
 	NOT-FOR-US: Microsoft Windows
 CVE-2009-1929 (Heap-based buffer overflow in the Microsoft Terminal Services
Client ...)
 	NOT-FOR-US: ActiveX
-CVE-2009-1928
-	RESERVED
+CVE-2009-1928 (Stack consumption vulnerability in the LDAP service in Active
...)
+	TODO: check
 CVE-2009-1927
 	RESERVED
 CVE-2009-1926 (Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2,
Vista ...)
@@ -7081,8 +7091,8 @@
 CVE-2009-1571
 	RESERVED
 CVE-2009-1570 [gimp bmp parsing integer overflow]
+	RESERVED
 	- gimp <unfixed> (medium; bug #555929)
-	RESERVED
 CVE-2009-1569
 	RESERVED
 CVE-2009-1568
@@ -8769,8 +8779,8 @@
 	NOT-FOR-US: Microsoft
 CVE-2009-1128 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3
allows ...)
 	NOT-FOR-US: Microsoft
-CVE-2009-1127
-	RESERVED
+CVE-2009-1127 (win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2
and ...)
+	TODO: check
 CVE-2009-1126 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and
Server ...)
 	NOT-FOR-US: Microsoft
 CVE-2009-1125 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server
2003 ...)