Author: gilbert-guest
Date: 2009-05-17 22:35:28 +0000 (Sun, 17 May 2009)
New Revision: 11913
Modified:
data/CVE/list
Log:
- new drupal and kdebase issues
- tightvnc issue doesn''t appear to be windows-specific
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-05-17 09:23:16 UTC (rev 11912)
+++ data/CVE/list 2009-05-17 22:35:28 UTC (rev 11913)
@@ -1,3 +1,10 @@
+CVE-2009-XXXX [drupal: cross-site scripting vulnerability]
+ - drupal5 5.18 (low; bug #529191)
+ - drupal6 6.12 (low; bug #529190)
+CVE-2009-XXXX [kdebase: potential digital certificate deficiencies in konqueror
4]
+ - kdebase <unfixed> (low; bug #526985)
+ [etch] - kdebase <not-affected> (vulnerability introduced in konqueror
4)
+ [lenny] - kdebase <not-affected> (vulnerability introduced in konqueror
4)
CVE-2009-1636
RESERVED
CVE-2009-1635
@@ -4659,7 +4666,8 @@
CVE-2009-0389 (Multiple insecure method vulnerabilities in the Web On Windows
(WOW) ...)
NOT-FOR-US: ActiveX
CVE-2009-0388 (Multiple integer signedness errors in (1) UltraVNC 1.0.2 and
1.0.5 and ...)
- - tightvnc <not-affected> (only the windows version is affected)
+ - tightvnc 1.3.10 (low; bug #528204)
+ NOTE: i''ve looked at the patches and don''t see why this
would be considered windows-specific
CVE-2009-0387 (Array index error in the qtdemux_parse_samples function in ...)
{DSA-1729-1}
- gst-plugins-good0.10 0.10.8-4.1 (bug #514177)