Author: derevko-guest Date: 2009-06-30 15:48:44 +0000 (Tue, 30 Jun 2009) New Revision: 12234 Modified: data/CVE/list Log: - CVE-2009-2210: icedove, iceape and kompozer are affected - CVE-2008-6838, CVE-2008-6837: new zoph issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-06-30 13:10:40 UTC (rev 12233) +++ data/CVE/list 2009-06-30 15:48:44 UTC (rev 12234) @@ -39,13 +39,19 @@ CVE-2009-2234 (Multiple SQL injection vulnerabilities in admin.php in VICIDIAL Call ...) NOT-FOR-US: VICIDIAL Call Center Suite CVE-2009-2210 (Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow ...) - TODO: check + - icedove <unfixed> + - iceape <unfixed> + - kompozer <unfixed> + TODO: check on the details once the Mozilla bug has been made public + NOTE: http://www.mozilla.org/security/announce/2009/mfsa2009-33.html + NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=495057 CVE-2008-6839 (Multiple cross-site scripting (XSS) vulnerabilities in TGS Content ...) NOT-FOR-US: TGS Content Management CVE-2008-6838 (Cross-site scripting (XSS) vulnerability in search.php in Zoph 0.7.2.1 ...) - TODO: check + - zoph <unfixed> (low; bug #535188) CVE-2008-6837 (SQL injection vulnerability in Zoph 0.7.2.1 allows remote attackers to ...) - TODO: check + - zoph <unfixed> (bug #535188) + NOTE: the details are unknown CVE-2008-6836 (Cross-site request forgery (CSRF) vulnerability in OpenID 5.x before ...) TODO: check CVE-2008-6835 (Cross-site scripting (XSS) vulnerability in OpenID 5.x before 5.x-1.2, ...)