Author: stef-guest Date: 2007-02-01 22:11:47 +0100 (Thu, 01 Feb 2007) New Revision: 5399 Modified: data/CVE/list Log: - new libx11 issue fixed - new kaya issue fixed - drupal fixed Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-02-01 20:21:40 UTC (rev 5398) +++ data/CVE/list 2007-02-01 21:11:47 UTC (rev 5399) @@ -1,3 +1,8 @@ +CVE-2007-XXXX [kaya buffer overflow, cross-site scripting and data leak] + - kaya 0.2.0-6 (bug #409062) +CVE-2007-XXXX [file descriptor leak when a Compose file uses the "include" directive] + - libx11 2:1.0.3-5 (low) + NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=9279 CVE-2007-0633 (PHP remote file inclusion vulnerability in ...) NOT-FOR-US: MyNews CVE-2007-0632 (SQL injection vulnerability in artreplydelete.asp in ASP EDGE 1.3a and ...) @@ -13,7 +18,7 @@ CVE-2007-0627 (Michael Still gtalkbot before 1.2 places username and password ...) NOT-FOR-US: gtalkbot CVE-2007-0626 (The comment_form_add_preview function in comment.module in Drupal ...) - TODO: check + - drupal 4.7.6-1 CVE-2007-0625 (nxconfigure.sh in NoMachine NX Server before 2.1.0-18 does not ...) NOT-FOR-US: NoMachine NX Server CVE-2007-0624 (user.php in MAXdev MDPro 1.0.76 allows remote attackers to obtain the ...)