Author: joeyh Date: 2010-01-20 21:14:31 +0000 (Wed, 20 Jan 2010) New Revision: 13868 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-01-20 20:56:55 UTC (rev 13867) +++ data/CVE/list 2010-01-20 21:14:31 UTC (rev 13868) @@ -399,8 +399,7 @@ CVE-2010-0220 (The nsObserverList::FillObserverArray function in ...) - xulrunner <unfixed> (unimportant) NOTE: browser DoS not treated as security issue -CVE-2009-4605 [phpMyAdmin 2.11.10 unserialize fix] - RESERVED +CVE-2009-4605 (scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before ...) - phpmyadmin 4:3.2.4-1 NOTE: vulnerable code does not in the 3.x series (sid and squeeze checked) NOTE: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=13149 @@ -946,12 +945,10 @@ NOT-FOR-US: Auto-Surf Traffic Exchange Script CVE-2009-4459 (Redmine 0.8.7 and earlier uses the title tag before defining the ...) - redmine <unfixed> (bug #563940) -CVE-2008-7252 [phpMyAdmin tempfile issue] - RESERVED +CVE-2008-7252 (libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses ...) - phpmyadmin 4:3.0.0-1 NOTE: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=11528 -CVE-2008-7251 [phpMyAdmin tempfile issue] - RESERVED +CVE-2008-7251 (libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a ...) - phpmyadmin 4:3.0.0-1 NOTE: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=11536 CVE-2008-7250 (Cross-site scripting (XSS) vulnerability in Squid Analysis Report ...) @@ -1479,8 +1476,7 @@ RESERVED CVE-2010-0008 RESERVED -CVE-2010-0007 [normal users can modify etables rules] - RESERVED +CVE-2010-0007 (net/bridge/netfilter/ebtables.c in the ebtables module in the ...) - linux-2.6 <unfixed> - linux-2.6.24 <removed> CVE-2010-0006 [ipv6 null ptr dereference] @@ -1505,6 +1501,7 @@ - bash <not-affected> (mandriva-specific packaging issue) CVE-2010-0001 [gzip: integer underflow via LZW compressed gzip archive] RESERVED + {DSA-1974-1} - gzip <unfixed> (medium; bug #566002) CVE-2009-4324 (Use-after-free vulnerability in the Doc.media.newPlayer method in ...) NOT-FOR-US: Adobe Reader and Acrobat 8.0 @@ -1954,8 +1951,7 @@ CVE-2009-4142 (The htmlspecialchars function in PHP before 5.2.12 does not properly ...) - php5 5.2.12.dfsg.1-1 TODO: determine real impact -CVE-2009-4141 - RESERVED +CVE-2009-4141 (Use-after-free vulnerability in the fasync_helper function in ...) - linux-2.6 <unfixed> [lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28) [etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28) @@ -2316,8 +2312,7 @@ RESERVED CVE-2009-4013 RESERVED -CVE-2009-4012 [libthai integer overflow] - RESERVED +CVE-2009-4012 (Multiple integer overflows in LibThai before 0.1.13 might allow ...) {DSA-1971-1} - libthai 0.1.13-1 CVE-2009-4011 [dtc-xen race condition] @@ -3010,8 +3005,8 @@ RESERVED CVE-2009-3740 RESERVED -CVE-2009-3739 - RESERVED +CVE-2009-3739 (Multiple unspecified vulnerabilities on the Rockwell Automation AB ...) + TODO: check CVE-2009-3738 RESERVED CVE-2009-3737 @@ -7051,6 +7046,7 @@ - libxerces2-java <unfixed> CVE-2009-2624 [gzip: missing input sanitation related to dynamic Huffman codes] RESERVED + {DSA-1974-1} - gzip 1.3.12-8 (medium; bug #507263) CVE-2009-2623 RESERVED @@ -53707,7 +53703,7 @@ [sarge] - lha <no-dsa> (Non-free not supported) [etch] - lha <no-dsa> (Non-free not supported) CVE-2006-4334 (Unspecified vulnerability in gzip 1.3.5 allows context-dependent ...) - {DSA-1181-1} + {DSA-1974-1 DSA-1181-1} - gzip 1.3.5-15 (high) CVE-2006-4333 (The SSCOP dissector in Wireshark (formerly Ethereal) before 0.99.3 allows ...) {DSA-1171}