jmm-guest at alioth.debian.org
2009-Feb-10 23:08 UTC
[Secure-testing-commits] r11185 - data/CVE
Author: jmm-guest Date: 2009-02-10 23:08:25 +0000 (Tue, 10 Feb 2009) New Revision: 11185 Modified: data/CVE/list Log: one bugzilla issue CVEfied (but there are more) Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-02-10 23:02:08 UTC (rev 11184) +++ data/CVE/list 2009-02-10 23:08:25 UTC (rev 11185) @@ -27,9 +27,11 @@ CVE-2009-0491 (Stack-based buffer overflow in Elecard MPEG Player 5.5 build ...) TODO: check CVE-2009-0488 (Cross-site scripting (XSS) vulnerability in Phorum before 5.2.10 ...) - TODO: check + NOT-FOR-US: Phorum CVE-2009-0486 (Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls ...) - TODO: check + - bugzilla <unfixed> (bug #514143) + [etch] - bugzilla <not-affected> (Versions before 3.2.1, 3.0.7, and 3.3.2 were not affected) + [lenny] - bugzilla <not-affected> (Versions before 3.2.1, 3.0.7, and 3.3.2 were not affected) CVE-2009-0485 (Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.17 to ...) TODO: check CVE-2009-0484 (Cross-site request forgery (CSRF) vulnerability in Bugzilla 3.0 before ...) @@ -488,8 +490,6 @@ - squid3 3.0.STABLE8-3 (medium) [etch] - squid <not-affected> (Vulnerable code not present) NOTE: http://www.squid-cache.org/Advisories/SQUID-2009_1.txt -CVE-2009-XXXX [bugzilla: Insufficiently Random Numbers] - - bugzilla <unfixed> (bug #514143) CVE-2009-XXXX [bugzilla: Abuse of Functionality (Attachments)] - bugzilla <unfixed> (bug #514143) CVE-2009-XXXX [bugzilla: Cross-Site Request Forgery (2x)]