jmm-guest at alioth.debian.org
2009-Apr-01 21:24 UTC
[Secure-testing-commits] r11530 - data/CVE
Author: jmm-guest Date: 2009-04-01 21:23:59 +0000 (Wed, 01 Apr 2009) New Revision: 11530 Modified: data/CVE/list Log: - checked another legacy Mozilla issue with upstream - two screen issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-04-01 21:14:11 UTC (rev 11529) +++ data/CVE/list 2009-04-01 21:23:59 UTC (rev 11530) @@ -1,7 +1,7 @@ CVE-2009-1215 (Race condition in GNU screen 4.0.3 allows local users to create or ...) - TODO: check + - screen <unfixed> (bug #521123) CVE-2009-1214 (GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with ...) - TODO: check + - screen <unfixed> (bug #521123) CVE-2009-1213 (Cross-site request forgery (CSRF) vulnerability in attachment.cgi in ...) TODO: check CVE-2009-1212 (Multiple insecure method vulnerabilities in PRECIS~2.DLL in the ...) @@ -3524,10 +3524,7 @@ CVE-2009-0254 (Stack-based buffer overflow in easyHDR PRO 1.60.2 allows user-assisted ...) NOT-FOR-US: easyHDR PRO CVE-2009-0253 (Mozilla Firefox 3.0.5 allows remote attackers to trick a user into ...) - - iceweasel <unfixed> (low; bug #513004) - TODO: check if xulrunner etc are also affected by this - NOTE: the attack basically works but the URL bar still shows the correct location after - NOTE: clicking the link, still there is the risk to miss this + NOTE: Mozilla #474967, upstream disputes this being a bug CVE-2009-0252 (Multiple SQL injection vulnerabilities in default.asp in Enthrallweb ...) NOT-FOR-US: Enthrallweb eReservations CVE-2009-0251 (Static code injection vulnerability in admin.php in Ryneezy phoSheezy ...)