white at alioth.debian.org
2009-Mar-06 10:50 UTC
[Secure-testing-commits] r11332 - data/CVE
Author: white Date: 2009-03-06 10:50:04 +0000 (Fri, 06 Mar 2009) New Revision: 11332 Modified: data/CVE/list Log: mldonkey CVEified Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-03-06 09:42:31 UTC (rev 11331) +++ data/CVE/list 2009-03-06 10:50:04 UTC (rev 11332) @@ -132,8 +132,6 @@ TODO: check CVE-2009-0754 (PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows ...) TODO: check -CVE-2009-0753 (Absolute path traversal vulnerability in MLDonkey 2.8.4 through 2.9.7 ...) - TODO: check CVE-2008-6398 (sng_regress in SNG 1.0.2 allows local users to overwrite arbitrary ...) TODO: check CVE-2008-6397 (rlatex in AlcoveBook sgml2x 1.0.0 allows local users to overwrite ...) @@ -753,7 +751,7 @@ CVE-2009-XXXX [debian-installer: no-root option in expert installer exposes locally exploitable security flaw] - debian-installer <unfixed> (bug #517018; low) NOTE: should a CVE be requested for this problem? -CVE-2009-XXXX [Http double slash request arbitrary file access vulnerability in mldonkey] +CVE-2009-0753 [Http double slash request arbitrary file access vulnerability in mldonkey] - mldonkey <unfixed> (bug #516829; medium) NOTE: daemon is run as non-root and can only be exploited via localhost CVE-2009-0648 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)