thr3ads.net - Secure testing commits - [Secure-testing-commits] r11258

If this information is useful, please help other people find it:
Share via:

atomo64-guest at alioth.debian.org

2009-Feb-24 00:13 UTC

[Secure-testing-commits] r11258 - data/CVE

Author: atomo64-guest
Date: 2009-02-24 00:13:00 +0000 (Tue, 24 Feb 2009)
New Revision: 11258

Modified:
   data/CVE/list
Log:
add more info about the mldonkey issue


Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-02-23 23:48:20 UTC (rev 11257)
+++ data/CVE/list	2009-02-24 00:13:00 UTC (rev 11258)
@@ -1,5 +1,6 @@
 CVE-2009-XXXX [Http double slash request arbitrary file access vulnerability in
mldonkey]
-	- mldonkey <unfixed> (bug #516829; high)
+	- mldonkey <unfixed> (bug #516829; medium)
+	NOTE: daemon is run as non-root and can only be exploited via localhost
 CVE-2009-0648 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
 	NOT-FOR-US: Falt4 CMS
 CVE-2009-0647 (msnmsgr.exe in Windows Live Messenger (WLM) 2009 build
14.0.8064.206, ...)

Secure testing commits - Feb 2009 - r11258 - data/CVE

[Secure-testing-commits] r11258 - data/CVE