Author: gilbert-guest Date: 2009-06-09 19:44:34 +0000 (Tue, 09 Jun 2009) New Revision: 12090 Modified: data/CVE/list Log: - web browser prng issue - ruby issue is medium urgency Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-06-09 18:30:34 UTC (rev 12089) +++ data/CVE/list 2009-06-09 19:44:34 UTC (rev 12090) @@ -1,3 +1,14 @@ +CVE-2009-XXXX [predictable random number generator used in web browsers] + - webkit <unfixed> (low; bug #532514) + - xulrunner <unfixed> (low; bug #532516) + - iceweasel <unfixed> (low; bug #532517) + - epiphany-browser <unfixed> (low; bug #532518) + - kdebase <unfixed> (low; bug #532519) + - lynx <unfixed> (low; bug #532520) + - w3m <unfixed> (low; bug #532521) + - dillo <unfixed> (low; bug #532522) + - chromium-browser <itp> (low; bug #520324) + TODO: tracking fringe browsers (lynx, w3m, dillo), but need to check whether they are really affected or not CVE-2009-1961 (The inode double locking code in fs/ocfs2/file.c in the Linux kernel ...) TODO: check CVE-2009-1959 (Off-by-one error in the event_wallops function in ...) @@ -4625,7 +4636,7 @@ NOT-FOR-US: Simple PHP News CVE-2009-0642 (ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check ...) - ruby1.9 1.9.0.2-9.1 (bug #513528) - - ruby1.8 1.8.7.72-3.1 (bug #517639; bug #522939) + - ruby1.8 1.8.7.72-3.1 (medium; bug #517639; bug #522939) CVE-2009-0641 (sys_term.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions ...) NOT-FOR-US: FreeBSD telnetd (apparently there''s some common code base in netkit-telnet, but it''s not affected CVE-2009-0640 (Directory traversal vulnerability in the administrative web server in ...)