diff options
author | Luciano Bello <luciano@debian.org> | 2016-04-14 20:16:46 +0000 |
---|---|---|
committer | Luciano Bello <luciano@debian.org> | 2016-04-14 20:16:46 +0000 |
commit | 4adf9a05fdd2ce876ee8ea44b5e4d0d4947de6af (patch) | |
tree | 4040fac17deae885726231b324b1c8e36b3fff3e /data/CVE/2009.list | |
parent | 52d7d219be6b1b54c02e0a69a1efee96cee641e5 (diff) |
broken links
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@40936 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data/CVE/2009.list')
-rw-r--r-- | data/CVE/2009.list | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/data/CVE/2009.list b/data/CVE/2009.list index c3f08b6750..42a1ef81d7 100644 --- a/data/CVE/2009.list +++ b/data/CVE/2009.list @@ -1505,7 +1505,7 @@ CVE-2009-4484 (Multiple stack-based buffer overflows in the CertDecoder::GetName - mysql-dfsg-5.0 <removed> (medium) - mysql-5.1 5.1.41-4 (medium) - cyassl <not-affected> (Fixed before initial upload to archive) - NOTE: http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html + NOTE: http://web.archive.org/web/20100129040903/http://intevydis.blogspot.com:80/2010/01/mysq-yassl-stack-overflow.html NOTE: http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1 CVE-2009-4483 (Unspecified vulnerability in LDAP3A.exe in MailSite 8.0.4 allows ...) NOT-FOR-US: MailSite @@ -2671,7 +2671,7 @@ CVE-2009-4023 (Argument injection vulnerability in the sendmail implementation o CVE-2009-4022 (Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before ...) {DSA-1961-1} - bind9 1:9.6.1.dfsg.P2-1 (medium) - NOTE: <https://www.isc.org/node/504> + NOTE: https://www.isc.org/node/504 NOTE: Only affects installations with trust anchors, but then the NOTE: consequences are quite severe. CVE-2009-4020 (Stack-based buffer overflow in the hfs subsystem in the Linux kernel ...) @@ -2683,8 +2683,8 @@ CVE-2009-4019 (mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does {DSA-1997-1} - mysql-5.1 5.1.41-1 - mysql-dfsg-5.0 <removed> - NOTE: http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html - NOTE: http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html + NOTE: http://web.archive.org/web/20140722233305/http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html + NOTE: http://web.archive.org/web/20140723045533/http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html NOTE: http://bugs.mysql.com/47780 NOTE: http://bugs.mysql.com/48291 CVE-2009-4018 (The proc_open function in ext/standard/proc_open.c in PHP before ...) @@ -3300,7 +3300,7 @@ CVE-2009-XXXX [multiple missing input sanity checks in KDE] [lenny] - kdelibs <no-dsa> (minor and unlikely to be exploited) [etch] - kdelibs <no-dsa> (minor and unlikely to be exploited) NOTE: http://www.ocert.org/advisories/ocert-2009-015.html - NOTE: http://www.portcullis-security.com/advisories + NOTE: https://www.portcullis-security.com/security-research-and-downloads/security-advisories/pre-2014-advisories/ NOTE: advisory mentions kmail and ark (from kdepim and kdeutils, respectively) NOTE: but the "fixes" linked from the advisory only change code in kdelibs NOTE: more info at oss-sec threads @@ -7402,7 +7402,7 @@ CVE-2009-2347 (Multiple integer overflows in inter-color spaces conversion tools CVE-2009-2346 (The IAX2 protocol implementation in Asterisk Open Source 1.2.x before ...) - asterisk 1:1.6.2.0~dfsg~beta3-1 (bug #539473) [etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support) - [lenny] - asterisk <no-dsa> (Intrusive protocol-level vulnerabilitity, see http://downloads.asterisk.org/pub/security/IAX2-security.pdf) + [lenny] - asterisk <no-dsa> (Intrusive protocol-level vulnerabilitity, see http://downloads.asterisk.org/pub/security/IAX2-security.pdf ) CVE-2009-2345 (Multiple SQL injection vulnerabilities in ClanSphere before 2009.0.1 ...) NOT-FOR-US: ClanSphere CVE-2009-2344 (The web-based management interfaces in Sourcefire Defense Center (DC) ...) @@ -8956,7 +8956,7 @@ CVE-2009-1725 (WebKit in Apple Safari before 4.0.2, as used on iPhone OS before - kde4libs <not-affected> (medium; bug #538349) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=513813#c18 NOTE: patch http://trac.webkit.org/changeset/44799/ - NOTE: PoC https://cevans-app.appspot.com/static/webkitentityoffbyone.html + NOTE: PoC http://web.archive.org/web/20110813092643/https://cevans-app.appspot.com/static/webkitentityoffbyone.html CVE-2009-1724 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) - qt4-x11 <not-affected> (bug #538403) [etch] - qt4-x11 <not-affected> (webkit support introduced in version 4.4) @@ -9572,15 +9572,15 @@ CVE-2009-1548 (SQL injection vulnerability in index.php in BluSky CMS allows rem NOT-FOR-US: BluSky CMS CVE-2009-XXXX [prewkikka: pasword world-readable] - prewikka 0.9.11.3-2 (low; bug #527476) - NOTE: FEDORA-2009-3761 (http://lwn.net/Articles/330642) + NOTE: FEDORA-2009-3761 http://lwn.net/Articles/330642 CVE-2009-XXXX [prelude-manager: password world-readable] - prelude-manager <not-affected> (The postinst sets correct permissions, see bug #527344) - NOTE: FEDORA-2009-3931 (http://lwn.net/Articles/331612) + NOTE: FEDORA-2009-3931 http://lwn.net/Articles/331612 CVE-2009-XXXX [bash-completion: does not properly quote characters] - bash-completion 200811xx~bzr1223 (bug #259987) NOTE: adding this reference to track the fact that this has already been addressed by debian security NOTE: fixed over a year ago in debian; but fedora finally got around to addressing the issue recently - NOTE: FEDORA-2009-3639 (http://lwn.net/Articles/331605) + NOTE: FEDORA-2009-3639 http://lwn.net/Articles/331605 CVE-2009-1547 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2009-1546 (Integer overflow in Avifil32.dll in the Windows Media file handling ...) @@ -10274,12 +10274,12 @@ CVE-2009-1292 (UCM-CQ in IBM Rational ClearCase 7.0.0.x before 7.0.0.5, 7.0.1.x CVE-2009-1371 (The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before ...) {DSA-1771-1} - clamav 0.95.1+dfsg-1 - NOTE: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1552 + NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=1552 CVE-2009-1372 (Stack-based buffer overflow in the cli_url_canon function in ...) - clamav 0.95.1+dfsg-1 [etch] - clamav <not-affected> (vulnerable code not present) [lenny] - clamav <not-affected> (vulnerable code not present) - NOTE: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1552 + NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=1552 CVE-2009-1291 (Stack-based buffer overflow in TIBCO SmartSockets before 6.8.2, ...) NOT-FOR-US: SmartSockets CVE-2009-1290 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...) @@ -13087,7 +13087,7 @@ CVE-2009-0217 (The design of the W3C XML Signature Syntax and Processing (XMLDsi [lenny] - xmlsec1 <no-dsa> (Minor issue) - mono 2.4.2.3+dfsg-1 NOTE: http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html - NOTE: http://anonsvn.mono-project.com/viewvc?view=rev&revision=137891 + NOTE: http://web.archive.org/web/20090124230233/http://anonsvn.mono-project.com:80/viewvc?view=rev NOTE: http://www.aleksey.com/xmlsec/download.html (1.2.12 has fix) - sun-java6 6-15-1 [lenny] - sun-java6 6-20-0lenny1 |