Author: jmm-guest Date: 2009-06-21 19:39:20 +0000 (Sun, 21 Jun 2009) New Revision: 12176 Modified: data/CVE/list Log: - new rt issue - xulrunner non-issue, need more information on the other - lynx not affected by minor browser privacy leak - dokuwiki fixed Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-06-21 19:31:07 UTC (rev 12175) +++ data/CVE/list 2009-06-21 19:39:20 UTC (rev 12176) @@ -47,6 +47,8 @@ TODO: determine if any of the other webservers are affected CVE-2009-2107 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: Webmedia Explorer +CVE-2009-XXXX [ShowConfigTab unintentionally grants rights intended for SuperUsers] + - request-tracker3.6 3.6.8-1 (low; bug #532990) CVE-2009-2106 (SQL injection vulnerability in the Virtual Civil Services (civserv) ...) NOT-FOR-US: Virtual Civil Services extension for TYPO3 CVE-2009-2105 (SQL injection vulnerability in the References database (t3references) ...) @@ -181,11 +183,11 @@ CVE-2009-2045 RESERVED CVE-2009-2044 (Mozilla Firefox 3.0.10 and earlier on Linux allows remote attackers to ...) - - xulrunner <unfixed> (low) - TODO: check when MFSA is issued + - xulrunner <unfixed> (unknown) + TODO: check on the details once the Mozilla bug has been made public CVE-2009-2043 (nsViewManager.cpp in Mozilla Firefox 3.0.2 through 3.0.10 allows ...) - TODO: check when MFSA is issued - - xulrunner <unfixed> (low) + - xulrunner <unfixed> (unimportant) + NOTE: Browser crashes not treated as security issues CVE-2009-2042 (libpng before 1.2.37 does not properly parse 1-bit interlaced images ...) - libpng 1.2.37-1 (low; bug #533676) CVE-2009-2041 (Cross-site scripting (XSS) vulnerability in A51 D.O.O. activeCollab ...) @@ -375,11 +377,11 @@ - xulrunner <unfixed> (low; bug #532516) - iceweasel <unfixed> (low; bug #532517) - kdebase <unfixed> (low; bug #532519) - - lynx <unfixed> (low; bug #532520) - w3m <unfixed> (low; bug #532521) - dillo <unfixed> (low; bug #532522) - chromium-browser <itp> (low; bug #520324) - TODO: tracking fringe browsers (lynx, w3m, dillo), but need to check whether they are really affected or not + NOTE: lynx not affected, doesn''t support Javascript and multipart/form-data + NOTE: tracking fringe browsers (w3m, dillo), but need to check whether they are really affected or not CVE-2009-1961 (The inode double locking code in fs/ocfs2/file.c in the Linux kernel ...) - linux-2.6 <unfixed> (low) [etch] - linux-2.6 <not-affected> (Affected code was introduced in 2.6.19) @@ -532,7 +534,7 @@ CVE-2008-6820 (The db2fmp process in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 ...) NOT-FOR-US: IBM DB2 CVE-2009-1960 (inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, ...) - - dokuwiki <unfixed> (unimportant) + - dokuwiki 0.0.20090214b-1 (unimportant) NOTE: we don''t support setups with register_globals enabled CVE-2009-1897 RESERVED