thr3ads.net - Secure testing commits - [Secure-testing-commits] r13304

If this information is useful, please help other people find it:
Share via:
Joey Hess
2009-Nov-17 21:14 UTC
[Secure-testing-commits] r13304 - data/CVE

Author: joeyh
Date: 2009-11-17 21:14:24 +0000 (Tue, 17 Nov 2009)
New Revision: 13304

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-11-17 18:35:24 UTC (rev 13303)
+++ data/CVE/list	2009-11-17 21:14:24 UTC (rev 13304)
@@ -1,3 +1,47 @@
+CVE-2009-3960
+	RESERVED
+CVE-2009-3959
+	RESERVED
+CVE-2009-3958
+	RESERVED
+CVE-2009-3957
+	RESERVED
+CVE-2009-3956
+	RESERVED
+CVE-2009-3955
+	RESERVED
+CVE-2009-3954
+	RESERVED
+CVE-2009-3953
+	RESERVED
+CVE-2009-3952
+	RESERVED
+CVE-2009-3951
+	RESERVED
+CVE-2009-3950 (Multiple cross-site scripting (XSS) vulnerabilities in Bractus
...)
+	TODO: check
+CVE-2009-3949 (cp/profile.php in VivaPrograms Infinity 2.0.5 and earlier does
not ...)
+	TODO: check
+CVE-2009-3948 (JetAudio 7.5.3 COWON Media Center allows remote attackers to
cause a ...)
+	TODO: check
+CVE-2009-3947 (Buffer overflow in the FTP service on the Tandberg MXP F7.0
allows ...)
+	TODO: check
+CVE-2009-3946 (Joomla! before 1.5.15 allows remote attackers to read an
extension''s ...)
+	TODO: check
+CVE-2009-3945 (Unspecified vulnerability in the Front-End Editor in the
com_content ...)
+	TODO: check
+CVE-2009-3944 (Research In Motion (RIM) BlackBerry Browser on the BlackBerry
8800 ...)
+	TODO: check
+CVE-2009-3943 (Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7
through ...)
+	TODO: check
+CVE-2009-3942 (Martin Lambers msmtp before 1.4.19, when OpenSSL is used, does
not ...)
+	TODO: check
+CVE-2009-3941 (Martin Lambers mpop before 1.0.19, when OpenSSL is used, does
not ...)
+	TODO: check
+CVE-2009-3940 (Unspecified vulnerability in Guest Additions in Sun xVM
VirtualBox ...)
+	TODO: check
+CVE-2009-3939 (The poll_mode_io file for the megaraid_sas driver in the Linux
kernel ...)
+	TODO: check
 CVE-2009-XXXX [kernel memory corruption in kvm_vcpu_ioctl_x86_setup_mce]
 	- linux-2.6 <unfixed>
 	- kvm <unfixed>
@@ -114,10 +158,10 @@
 	RESERVED
 CVE-2009-3890
 	RESERVED
-CVE-2009-3889
-	RESERVED
-CVE-2009-3888
-	RESERVED
+CVE-2009-3889 (The dbg_lvl file for the megaraid_sas driver in the Linux kernel
...)
+	TODO: check
+CVE-2009-3888 (The do_mmap_pgoff function in mm/nommu.c in the Linux kernel
before ...)
+	TODO: check
 CVE-2009-3887
 	RESERVED
 CVE-2009-3886 (The Java Web Start implementation in Sun Java SE 6 before Update
17 ...)
@@ -184,7 +228,7 @@
 	NOT-FOR-US: IBM Tivoli Storage Manager
 CVE-2009-3854 (Buffer overflow in the traditional client scheduler in the
client in ...)
 	NOT-FOR-US: IBM Tivoli Storage Manager
-CVE-2009-3853 (Buffer overflow in the client acceptor daemon (CAD) scheduler in
the ...)
+CVE-2009-3853 (Stack-based buffer overflow in the client acceptor daemon (CAD)
...)
 	NOT-FOR-US: IBM Tivoli Storage Manager
 CVE-2009-3852 (Unspecified vulnerability in the XML component in IBM Runtimes
for ...)
 	NOT-FOR-US: IBM Runtimes for Java Technology 5.0.0 
@@ -3405,7 +3449,7 @@
 	TODO: check
 CVE-2009-2817 (Buffer overflow in Apple iTunes before 9.0.1 allows remote
attackers ...)
 	NOT-FOR-US: Apple iTunes
-CVE-2009-2816 (WebKit in Apple Safari before 4.0.4 includes certain custom HTTP
...)
+CVE-2009-2816 (WebKit, as used in Apple Safari before 4.0.4 and Google Chrome
before ...)
 	TODO: check
 CVE-2009-2815 (The Telephony component in Apple iPhone OS before 3.1 does not
...)
 	NOT-FOR-US: Apple iPhone OS
@@ -3656,8 +3700,8 @@
 	RESERVED
 CVE-2009-2747
 	RESERVED
-CVE-2009-2746
-	RESERVED
+CVE-2009-2746 (Cross-site request forgery (CSRF) vulnerability in the
administrative ...)
+	TODO: check
 CVE-2009-2745
 	RESERVED
 CVE-2009-2744 (Unspecified vulnerability in IBM WebSphere Application Server
(WAS) ...)
@@ -3758,6 +3802,7 @@
 CVE-2009-2731
 	RESERVED
 CVE-2009-2730 (libgnutls in GnuTLS before 2.8.2 does not properly handle a
''\0'' ...)
+	{DSA-1935-1}
 	- gnutls26 2.8.3-1 (low; bug #541439)
 	- gnutls13 <removed>
 CVE-2009-2729
@@ -4868,7 +4913,7 @@
 CVE-2009-2410 (The local_handler_callback function in ...)
 	NOT-FOR-US: sssd
 CVE-2009-2409 (The Network Security Services (NSS) library before 3.12.3, as
used in ...)
-	{DSA-1888-1 DSA-1874-1}
+	{DSA-1935-1 DSA-1888-1 DSA-1874-1}
 	- nss 3.12.3-1 (low; bug #539895)
 	- openssl 0.9.8k-4 (low; bug #539899)
 	- gnutls26 2.4.2-5 (low; bug #539901)
@@ -15664,7 +15709,7 @@
 CVE-2008-4827 (Multiple heap-based buffer overflows in the AddTab method in the
(1) ...)
 	NOT-FOR-US: ComponentOne SizerOne
 CVE-2008-4826
-	RESERVED
+	REJECTED
 CVE-2008-4825 (Multiple buffer overflows in UltraISO 9.3.1.2633, and possibly
other ...)
 	NOT-FOR-US: UltraISO
 CVE-2008-4824 (Multiple unspecified vulnerabilities in Adobe Flash Player 10.x
before ...)
Secure testing commits - Nov 2009 - r13304 - data/CVE

[Secure-testing-commits] r13304 - data/CVE
