nion at alioth.debian.org
2009-Mar-17 14:39 UTC
[Secure-testing-commits] r11430 - data/CVE
Author: nion
Date: 2009-03-17 14:39:56 +0000 (Tue, 17 Mar 2009)
New Revision: 11430
Modified:
data/CVE/list
Log:
CVE-2009-0753 fixed in mldonkey 3.0.0-1
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-03-17 14:23:28 UTC (rev 11429)
+++ data/CVE/list 2009-03-17 14:39:56 UTC (rev 11430)
@@ -1103,7 +1103,7 @@
NOTE: should a CVE be requested for this problem?
CVE-2009-0753 (Absolute path traversal vulnerability in MLDonkey 2.8.4 through
2.9.7 ...)
{DSA-1739-1}
- - mldonkey <unfixed> (bug #516829; medium)
+ - mldonkey 3.0.0-1 (bug #516829; medium)
[etch] - mldonkey <not-affected> (vulnerable code not present)
NOTE: daemon is run as non-root and can only be exploited via localhost
CVE-2009-0648 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)