Author: fw Date: 2009-03-01 17:36:09 +0000 (Sun, 01 Mar 2009) New Revision: 11298 Modified: data/CVE/list Log: NFUs CVE-2009-0737: mediawiki CVE assigned CVE-2009-0676: linux-2.6 et al. Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-03-01 17:03:19 UTC (rev 11297) +++ data/CVE/list 2009-03-01 17:36:09 UTC (rev 11298) @@ -15,9 +15,7 @@ CVE-2009-0739 (SQL injection vulnerability in login.php in MyNews 0.10 allows remote ...) NOT-FOR-US: MyNews CVE-2009-0738 (SQL injection vulnerability in login.php in Auth Php 1.0 allows remote ...) - TODO: check -CVE-2009-0737 (Multiple cross-site scripting (XSS) vulnerabilities in the web-based ...) - TODO: check + NOT-FOR-US: Auth Php CVE-2009-0736 (Cross-site scripting (XSS) vulnerability in Pebble before 2.3.2 allows ...) NOT-FOR-US: Pebble CVE-2009-0735 (Directory traversal vulnerability in lib/classes/message_class.php in ...) @@ -139,7 +137,12 @@ CVE-2009-0677 (avatarlist.php in the Your Account module, reached through ...) NOT-FOR-US: RavenNuke CVE-2009-0676 (The sock_getsockopt function in net/core/sock.c in the Linux kernel ...) - TODO: check + - linux-2.6 <unfixed> (low) + - linux-2.6.24 <unfixed> (low) + NOTE: Original fix was incomplete/risky, see: + NOTE: <http://marc.info/?l=linux-kernel&m=123540732700371&w=2> + NOTE: Reproducer in <https://bugzilla.redhat.com/show_bug.cgi?id=486305> + NOTE: lacks initialzer for len. Leak confirmed with fixed reproducer. CVE-2009-0675 (The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux ...) TODO: check CVE-2009-0674 (images/captcha.php in Raven Web Services RavenNuke 2.30, when ...) @@ -833,10 +836,9 @@ CVE-2009-XXXX [konqueror: potential exploits via application launchers] - kdebase <unfixed> (low; bug #515106) NOTE: need to submit a request for CVE id -CVE-2009-XXXX [mediawiki XSS in installer scripts] +CVE-2009-0737 (Multiple cross-site scripting (XSS) vulnerabilities in the web-based ...) - mediawiki <unfixed> (low; bug #514547) [lenny] - mediawiki 1:1.12.0-2lenny3 - NOTE: CVE id was requested on oss-sec CVE-2009-0524 RESERVED CVE-2009-0523