nion at alioth.debian.org
2009-Jan-25 16:44 UTC
[Secure-testing-commits] r11042 - data/CVE
Author: nion Date: 2009-01-25 16:44:14 +0000 (Sun, 25 Jan 2009) New Revision: 11042 Modified: data/CVE/list Log: new iceweasel issue (CVE-2009-0253), maintainer poked for CVE-2009-0259 Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-01-25 16:20:16 UTC (rev 11041) +++ data/CVE/list 2009-01-25 16:44:14 UTC (rev 11042) @@ -2,10 +2,14 @@ - gst-plugins-good0.10 0.10.13-1 (bug #512818) CVE-2009-0259 (The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows ...) TODO: check + NOTE: poked rene, not reproducible CVE-2009-0254 (Stack-based buffer overflow in easyHDR PRO 1.60.2 allows user-assisted ...) NOT-FOR-US: easyHDR PRO CVE-2009-0253 (Mozilla Firefox 3.0.5 allows remote attackers to trick a user into ...) - TODO: check + - iceweasel <unfixed> (low; bug #513004) + TODO: check if xulrunner etc are also affected by this + NOTE: the attack basically works but the URL bar still shows the correct location after + NOTE: clicking the link, still there is the risk to miss this CVE-2009-0252 (Multiple SQL injection vulnerabilities in default.asp in Enthrallweb ...) NOT-FOR-US: Enthrallweb eReservations CVE-2009-0251 (Static code injection vulnerability in admin.php in Ryneezy phoSheezy ...)