nion at alioth.debian.org
2009-Mar-15 13:27 UTC
[Secure-testing-commits] r11403 - data/CVE
Author: nion Date: 2009-03-15 13:27:54 +0000 (Sun, 15 Mar 2009) New Revision: 11403 Modified: data/CVE/list Log: - NFU - CVE-2009-0848 doesn''t affect gtk2 in Debian - CVE-2008-6428 fixed in kaya 0.4.2-1 Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-03-14 21:14:14 UTC (rev 11402) +++ data/CVE/list 2009-03-15 13:27:54 UTC (rev 11403) @@ -47,7 +47,7 @@ CVE-2009-0849 (Stack-based buffer overflow in the DtbClsLogin function in NovaStor ...) NOT-FOR-US: NovaNET CVE-2009-0848 (Untrusted search path vulnerability in GTK2 in OpenSUSE 11.0 and 11.1 ...) - TODO: check + - gtk+2.0 <not-affected> (suse specific patch) CVE-2009-0847 RESERVED CVE-2009-0846 @@ -77,7 +77,7 @@ CVE-2008-6449 (Cross-site request forgery (CSRF) vulnerability in multiple Century ...) NOT-FOR-US: Century Systems routers CVE-2008-6448 (Cross-site scripting (XSS) vulnerability in install.cgi in SKYARC ...) - TODO: check + NOT-FOR-US: SKYARC System MTCMS WYSIWYG Editor CVE-2008-6447 (Buffer overflow in emmailstore.dll 6.5.0.3 in the QuikSoft EasyMail ...) NOT-FOR-US: QuikSoft EasyMail CVE-2008-6446 (Static code injection vulnerability in the Guestbook component in CMS ...) @@ -115,8 +115,8 @@ CVE-2008-6429 (SQL injection vulnerability in the PrayerCenter (com_prayercenter) ...) NOT-FOR-US: Joomla CVE-2008-6428 (The CGI framework in Kaya 0.4.0 allows remote attackers to inject ...) - TODO: check - NOTE: asked maintainer about it + - kaya 0.4.2-1 (low) + NOTE: the fix checks with a regex for malicious characters in the HTTP header, see CGI.k changes CVE-2008-6427 (SQL injection vulnerability in index.php in Hivemaker Professional ...) NOT-FOR-US: Hivemaker Professional CVE-2008-6425 (SQL injection vulnerability in news.php in ComicShout 2.8 allows ...)