Author: gilbert-guest Date: 2009-07-05 20:18:27 +0000 (Sun, 05 Jul 2009) New Revision: 12281 Modified: data/CVE/list Log: some new higher-severity issues and bug submitted for phpmyadmin issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-07-05 19:21:41 UTC (rev 12280) +++ data/CVE/list 2009-07-05 20:18:27 UTC (rev 12281) @@ -1,3 +1,12 @@ +CVE-2009-XXXX [rails: password bypass] + - rails <unfixed> (high; bug #535896) + NOTE: to be fixed in upstream version 2.3.3 +CVE-2009-XXXX [php: segfaults on corrupted jpeg files] + - php5 <unfixed> (low; bug #535888) + - php4 <unfixed> (low; bug #535897) + TODO: check 5.3.0-1, fix may already be applied +CVE-2009-XXXX [apache2: htaccess override] + - apache2 2.2.9-1 (low; bug #535886) CVE-2009-XXXX [openvpn: possible symlink attack via client-connect script] - openvpn <unfixed> (low; bug #534908) CVE-2009-XXXX [xscreensaver: symlink attack enables local information disclosure] @@ -100,8 +109,7 @@ NOTE: http://drupal.org/node/507572 NOTE: requested CVE id CVE-2009-2284 (Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 ...) - - phpmyadmin 4:3.2.0.1-1 - TODO: need to assess severity of this issue + - phpmyadmin 4:3.2.0.1-1 (medium; bug #535890) CVE-2009-2280 RESERVED CVE-2009-2279