Author: gilbert-guest Date: 2009-11-29 20:46:19 +0000 (Sun, 29 Nov 2009) New Revision: 13405 Modified: data/CVE/list Log: - bugs submitted for rails issues - virtualbox issue was fixed upstream a few versions ago Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-11-29 20:46:10 UTC (rev 13404) +++ data/CVE/list 2009-11-29 20:46:19 UTC (rev 13405) @@ -1,10 +1,8 @@ CVE-2009-XXXX [rails insufficient escaping XSS] - - rails <unfixed> (low) - TODO: check + - rails <unfixed> (low; bug #558685) NOTE: http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1 CVE-2008-XXXX [rails CSRF] - - rails <unfixed> - TODO: check + - rails <unfixed> (medium; bug #558685) NOTE: http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1 CVE-2009-4073 (The printing functionality in Microsoft Internet Explorer 8 allows ...) NOT-FOR-US: Microsoft Internet Explorer 8 @@ -1293,7 +1291,7 @@ CVE-2009-3568 (Comment RSS 5.x before 5.x-2.2 and 6.x before 6.x-2.2, a module for ...) NOT-FOR-US: module for Drupal CVE-2009-3692 (Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in ...) - - virtualbox-ose <unfixed> + - virtualbox-ose 3.0.8-dfsg-1 [lenny] - virtualbox-ose <not-affected> (vulnerable code not present) CVE-2009-3602 (Unbound before 1.3.4 does not properly verify signatures for NSEC3 ...) - unbound 1.3.4-1 (low)