diff options
author | Joey Hess <joeyh@debian.org> | 2009-04-02 21:14:10 +0000 |
---|---|---|
committer | Joey Hess <joeyh@debian.org> | 2009-04-02 21:14:10 +0000 |
commit | 5d52a01bf8cb5596ea2c65d2c55ebe1e76ceecf2 (patch) | |
tree | 59d09f1d24d23bb5787dce3800534d4606b10428 | |
parent | ce76afd7b99e6a4779de4e3be588d2478a33af4e (diff) |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@11542 e39458fd-73e7-0310-bf30-c45bca0a0e42
-rw-r--r-- | data/CVE/2001.list | 4 | ||||
-rw-r--r-- | data/CVE/2002.list | 4 | ||||
-rw-r--r-- | data/CVE/2004.list | 2 | ||||
-rw-r--r-- | data/CVE/2005.list | 2 | ||||
-rw-r--r-- | data/CVE/2007.list | 4 | ||||
-rw-r--r-- | data/CVE/2008.list | 23 | ||||
-rw-r--r-- | data/CVE/2009.list | 17 |
7 files changed, 42 insertions, 14 deletions
diff --git a/data/CVE/2001.list b/data/CVE/2001.list index 1f084ad011..b2c3af03d3 100644 --- a/data/CVE/2001.list +++ b/data/CVE/2001.list @@ -130,7 +130,7 @@ CVE-2001-1529 (Buffer overflow in rpc.yppasswdd (yppasswd server) in AIX allows NOT-FOR-US: AIX CVE-2001-1528 (AmTote International homebet program returns different error messages ...) NOT-FOR-US: AmTote International homebet -CVE-2001-1527 (easyNews 1.5 and earlier stores adminstration passwords in cleartext ...) +CVE-2001-1527 (easyNews 1.5 and earlier stores administration passwords in cleartext ...) NOT-FOR-US: easynews CVE-2001-1526 (Cross-site scripting (XSS) vulnerability in the comments action in ...) NOT-FOR-US: easynews @@ -261,7 +261,7 @@ CVE-2001-1465 (SurfControl SuperScout only filters packets containing both an HT NOT-FOR-US: SurfControl SuperScout CVE-2001-1464 (Crystal Reports, when displaying data for a password protected ...) NOT-FOR-US: Crystal Reports -CVE-2001-1463 (The remote admimnistration client for RhinoSoft Serv-U 3.0 sends the ...) +CVE-2001-1463 (The remote administration client for RhinoSoft Serv-U 3.0 sends the ...) NOT-FOR-US: RhinoSoft Serv-U CVE-2001-1462 (WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, ...) NOT-FOR-US: RSA Security SecurID diff --git a/data/CVE/2002.list b/data/CVE/2002.list index 40ff109c22..c39a4b6e5a 100644 --- a/data/CVE/2002.list +++ b/data/CVE/2002.list @@ -302,7 +302,7 @@ CVE-2002-2281 (Symantec Java! JIT (Just-In-Time) Compiler for Netscape Communica NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2280 (syslogd on OpenBSD 2.9 through 3.2 does not change the source IP ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2002-2279 (Unspecified vulnerability in the bind function in config.inc of aldap 0.09 ...) +CVE-2002-2279 (Unspecified vulnerability in the bind function in config.inc of aldap ...) NOT-FOR-US: aldap CVE-2002-2278 (Cross-site scripting (XSS) vulnerability in mod_search/index.php in ...) NOT-FOR-US: PortailPHP @@ -937,7 +937,7 @@ CVE-2002-1980 (Buffer overflow in Volume Manager daemon (vold) of Sun Solaris 2. NOT-FOR-US: Solaris CVE-2002-1979 (WatchGuard SOHO products running firmware 5.1.6 and earlier, and ...) NOT-FOR-US: Watchguard SOHO -CVE-2002-1978 (IPFilter 3.1.1 through 3.4.28 allows remote attckers to bypass ...) +CVE-2002-1978 (IPFilter 3.1.1 through 3.4.28 allows remote attackers to bypass ...) NOT-FOR-US: IPFilter CVE-2002-1977 (Network Associates PGP 7.0.4 and 7.1 does not time out according to ...) NOT-FOR-US: Proprietary PGP diff --git a/data/CVE/2004.list b/data/CVE/2004.list index f910a867f6..a10a0d9dc5 100644 --- a/data/CVE/2004.list +++ b/data/CVE/2004.list @@ -3266,7 +3266,7 @@ CVE-2004-1195 (Star Wars Battlefront 1.11 and earlier allows remote attackers to NOT-FOR-US: Star Wars Battlefront CVE-2004-1194 (Buffer overflow in Star Wars Battlefront 1.11 and earlier allows ...) NOT-FOR-US: Star Wars Battlefront -CVE-2004-1193 (Prevx Home 1.0 allows local users with adminstrator privileges to ...) +CVE-2004-1193 (Prevx Home 1.0 allows local users with administrator privileges to ...) NOT-FOR-US: Prevex Home CVE-2004-1192 (Format string vulnerability in the lprintf function in Citadel/UX 6.27 ...) NOT-FOR-US: Citadel/UX diff --git a/data/CVE/2005.list b/data/CVE/2005.list index e384bb582e..32c8fb0db7 100644 --- a/data/CVE/2005.list +++ b/data/CVE/2005.list @@ -9786,7 +9786,7 @@ CVE-2005-0736 (Integer overflow in sys_epoll_wait in eventpoll.c for Linux kerne - kernel-source-2.4.27 <not-affected> (There is no epoll in kernel 2.4) - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.1) [sarge] - kernel-source-2.6.8 2.6.8-14 -CVE-2005-0735 (newsscript.pl for NewsScript allows remote attachers to gain ...) +CVE-2005-0735 (newsscript.pl for NewsScript allows remote attackers to gain ...) NOT-FOR-US: newsscript CVE-2005-0734 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...) NOT-FOR-US: PY Software Active Webcam WebServer diff --git a/data/CVE/2007.list b/data/CVE/2007.list index d5144bb791..9c475d9101 100644 --- a/data/CVE/2007.list +++ b/data/CVE/2007.list @@ -5377,8 +5377,8 @@ CVE-2007-4476 (Buffer overflow in the safer_name_suffix function in GNU tar has {DSA-1566-1 DSA-1438-1} - tar 1.18-1 (low; bug #441444) - cpio 2.9-5 (low; bug #449222) -CVE-2007-4475 - RESERVED +CVE-2007-4475 (Stack-based buffer overflow in EAI WebViewer3D ActiveX control ...) + TODO: check CVE-2007-4474 (Multiple stack-based buffer overflows in the IBM Lotus Domino Web ...) NOT-FOR-US: IBM Lotus Domino Web Access CVE-2007-4473 (Gesytec Easylon OPC Server before 2.3.44 does not properly validate ...) diff --git a/data/CVE/2008.list b/data/CVE/2008.list index ff520679de..b4bb076d54 100644 --- a/data/CVE/2008.list +++ b/data/CVE/2008.list @@ -1,3 +1,17 @@ +CVE-2008-6579 (Nortel Communication Server 1000 4.50.x allows remote attackers to ...) + TODO: check +CVE-2008-6578 (Multiple unspecified vulnerabilities in Nortel Communication Server ...) + TODO: check +CVE-2008-6577 (Nortel MG1000S, Signaling Server, and Call Server on the ...) + TODO: check +CVE-2008-6576 (Unspecified vulnerability in the "session limitation technique" in the ...) + TODO: check +CVE-2008-6575 (Unspecified vulnerability in the SIP server in SIP Enablement Services ...) + TODO: check +CVE-2008-6574 (Unspecified vulnerability in SIP Enablement Services (SES) in Avaya ...) + TODO: check +CVE-2008-6573 (Multiple SQL injection vulnerabilities in Avaya SIP Enablement ...) + TODO: check CVE-2008-6572 (SQL injection vulnerability in search_results.php in ABK-Soft ...) NOT-FOR-US: ABK-Soft AbleDating CVE-2008-6571 (Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before ...) @@ -3938,8 +3952,8 @@ CVE-2008-4827 (Multiple heap-based buffer overflows in the AddTab method in the NOT-FOR-US: ComponentOne SizerOne CVE-2008-4826 RESERVED -CVE-2008-4825 - RESERVED +CVE-2008-4825 (Multiple buffer overflows in UltraISO 9.3.1.2633, and possibly other ...) + TODO: check CVE-2008-4824 (Multiple unspecified vulnerabilities in Adobe Flash Player 10.x before ...) NOT-FOR-US: Adobe Flash Player CVE-2008-4823 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player ...) @@ -6225,8 +6239,8 @@ CVE-2008-3872 (Adobe Flash Player 8.0.39.0 and earlier, and 9.x up to 9.0.115.0, - flashplugin-nonfree 1:1.4 [etch] - flashplugin-nonfree <no-dsa> (Contrib not supported) NOTE: automatically downloads latest update from adobe which is 9.0.124.0 currently -CVE-2008-3871 - RESERVED +CVE-2008-3871 (Multiple format string vulnerabilities in UltraISO 9.3.1.2633, and ...) + TODO: check CVE-2008-3870 RESERVED CVE-2008-3869 @@ -13003,6 +13017,7 @@ CVE-2008-1038 (PHP remote file inclusion vulnerability in mod/mod.extmanager.php CVE-2008-1037 (Cross-site scripting (XSS) vulnerability in the file listing function ...) NOT-FOR-US: Packeteer PacketShaper CVE-2008-1036 (The International Components for Unicode (ICU) library in Apple Mac OS ...) + {DSA-1762-1} - icu 4.0.1-1 CVE-2008-1035 (Use-after-free vulnerability in Apple iCal 3.0.1 on Mac OS X allows ...) NOT-FOR-US: Apple iCal diff --git a/data/CVE/2009.list b/data/CVE/2009.list index 336af5cfda..c219f1e71e 100644 --- a/data/CVE/2009.list +++ b/data/CVE/2009.list @@ -1,3 +1,15 @@ +CVE-2009-1221 + RESERVED +CVE-2009-1220 (Cross-site scripting (XSS) vulnerability in +webvpn+/index.html in ...) + TODO: check +CVE-2009-1219 (Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun ...) + TODO: check +CVE-2009-1218 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar ...) + TODO: check +CVE-2009-1217 (Off-by-one error in the GpFont::SetData function in gdiplus.dll in ...) + TODO: check +CVE-2009-1216 (Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c ...) + TODO: check CVE-2009-1215 (Race condition in GNU screen 4.0.3 allows local users to create or ...) - screen <unfixed> (bug #521123) [etch] - screen <not-affected> (etch version predates #433338) @@ -14,7 +26,7 @@ CVE-2009-1212 (Multiple insecure method vulnerabilities in PRECIS~2.DLL in the . NOT-FOR-US: PrecisionID Datamatrix ActiveX control CVE-2009-1211 (Blue Coat ProxySG, when transparent interception mode is enabled, uses ...) NOT-FOR-US: Blue Coat ProxySG -CVE-2009-1210 (Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector ...) +CVE-2009-1210 (Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in ...) - wireshark <unfixed> TODO: File bug CVE-2009-1209 (Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows ...) @@ -26,7 +38,8 @@ CVE-2009-1207 (Race condition in the dircmp script in Sun Solaris 8 through 10, NOT-FOR-US: Solaris CVE-2009-1206 (Unspecified vulnerability in futomi's CGI Cafe Access Analyzer CGI ...) NOT-FOR-US: Cafe Access Analyzer CGI Professional -CVE-2009-1205 (Stack-based buffer overflow in EAI WebViewer3D ActiveX control ...) +CVE-2009-1205 + REJECTED NOT-FOR-US: EAI WebViewer3D ActiveX control CVE-2009-1204 (Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki) ...) NOT-FOR-US: TikiWiki |