Author: geissert Date: 2009-12-09 00:34:20 +0000 (Wed, 09 Dec 2009) New Revision: 13498 Modified: data/CVE/list Log: rails issue CVEified, two xfig issues I hope I got the xfig stuff right Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-12-09 00:05:03 UTC (rev 13497) +++ data/CVE/list 2009-12-09 00:34:20 UTC (rev 13498) @@ -1,3 +1,11 @@ +CVE-2009-4228 [xfig stack-consumption DoS] + - xfig <unfixed> + TODO: check + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=543905 +CVE-2009-4227 [xfig read_1_3_textobject issue] + - xfig 1:3.2.5.b-1 (bug #559274) + TODO: check + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=543905 CVE-2009-XXXX [polipo crash/DoS via overly-large content-length header] - polipo <unfixed> TODO: report bug, check affected versions @@ -22,8 +30,6 @@ TODO: check CVE-2009-4215 (Panda Global Protection 2010, Internet Security 2010, and Antivirus ...) TODO: check -CVE-2009-4214 (Cross-site scripting (XSS) vulnerability in the strip_tags function in ...) - TODO: check CVE-2009-4213 RESERVED CVE-2009-4212 @@ -314,7 +320,7 @@ - mysql-dfsg-5.1 <unfixed> - mysql-dfsg-5.0 <removed> TODO: check -CVE-2009-XXXX [rails insufficient escaping XSS] +CVE-2009-4214 [rails insufficient escaping XSS] - rails <unfixed> (low; bug #558685) NOTE: http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1 CVE-2008-XXXX [rails CSRF]