Secure testing commits - Feb 2010 - r14107 - data/CVE

Author: geissert
Date: 2010-02-16 00:24:18 +0000 (Tue, 16 Feb 2010)
New Revision: 14107

Modified:
   data/CVE/list
Log:
dillo issues


Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-02-15 23:23:13 UTC (rev 14106)
+++ data/CVE/list	2010-02-16 00:24:18 UTC (rev 14107)
@@ -1,3 +1,7 @@
+CVE-2010-XXXX [dillo improper restriction of path in cookies]
+	- dillo <undetermined>
+	NOTE: http://hg.dillo.org/dillo/file/tip/ChangeLog
+	NOTE: it is not clear whether the issue affects pre-2.x versions
 CVE-2010-XXXX [pidgin remote dos]
 	- pidgin <unfixed> (low; bug #562720)
 	TODO: check
@@ -8827,7 +8831,7 @@
 	- advi 1.6.0-15 (low; bug #550440)
 CVE-2009-2294 (Integer overflow in the Png_datainfo_callback function in Dillo
2.1 ...)
 	- dillo <unfixed> (medium; bug #535788)
-	NOTE: fixed in upstream version 2.2.1
+	NOTE: fixed in upstream version 2.1.1
 CVE-2009-2293 (Optimum Web Design Tutorial Share 3.5.0 and earlier allows
remote ...)
 	NOT-FOR-US: Optimum Web Design Tutorial Share
 CVE-2009-2292 (Cross-site scripting (XSS) vulnerability in Appleple a-News 2.32
...)
@@ -9692,9 +9696,7 @@
 	- chromium-browser <itp> (low; bug #520324)
 	- lynx 2.8.7rel.1-1 (unimportant; bug #532520)
 	NOTE: lynx doesn''t have Javascript and form-data support
-	- dillo <unfixed> (low; bug #532522)
-	[lenny] - dillo <no-dsa> (Minor issue)
-	[etch] - dillo <no-dsa> (Minor issue)
+	- dillo <not-affected> (bug #532522)
 	NOTE: These issues can be fixed in more recent upstream versions, but the risk
 	NOTE: of regression doesn''t outweigh the issue at hand
 CVE-2009-1961 (The inode double locking code in fs/ocfs2/file.c in the Linux
kernel ...)