Author: derevko-guest Date: 2009-07-09 08:45:40 +0000 (Thu, 09 Jul 2009) New Revision: 12312 Modified: data/CVE/list Log: fckeditor issues triaging Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-07-09 07:16:34 UTC (rev 12311) +++ data/CVE/list 2009-07-09 08:45:40 UTC (rev 12312) @@ -79,7 +79,14 @@ CVE-2009-2325 (Directory traversal vulnerability in index.php in Clicknet CMS 2.1 ...) NOT-FOR-US: Clicknet CMS CVE-2009-2324 (Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor ...) - - fckeditor 1:2.6.4.1-1 (medium; bug #536051) + - fckeditor 1:2.6.4.1-1 (low; bug #536051) + - moin 1.8.2-2 + NOTE: moin from 1.8.2-2 uses systemwide copy of fckeditor + [lenny] - moin <unfixed> (unimportant) + NOTE: moin in lenny provides FCKeditor as example files (/usr/share/doc) + [etch] - moin <not-affected> (Vulnerable code not present) + NOTE: moin in etch doesn''t provide FCKeditor sample files + TODO: check knowledgeroot, karrigell, gforge, egroupware, request-tracker3.8 CVE-2009-2323 (The web interface on the Axesstel MV 410R redirects users back to the ...) NOT-FOR-US: Axesstel MV 410R CVE-2009-2322 (Cross-site scripting (XSS) vulnerability in cgi-bin/sysconf.cgi on the ...) @@ -269,6 +276,12 @@ NOTE: http://www.openwall.com/lists/oss-security/2009/06/22/2 CVE-2009-2265 (Multiple directory traversal vulnerabilities in FCKeditor before ...) - fckeditor 1:2.6.4.1-1 (medium; bug #536051) + NOTE: http://dev.fckeditor.net/changeset/3815/FCKeditor/trunk/editor/filemanager + - moin 1.8.2-2 + NOTE: moin from 1.8.2-2 uses systemwide copy of fckeditor + [lenny] - moin <unfixed> (unimportant) + NOTE: moin in lenny provides FCKeditor as example files (/usr/share/doc) + TODO: check knowledgeroot, karrigell, gforge, egroupware, request-tracker3.8, moin version in etch CVE-2009-2264 RESERVED CVE-2009-2263 (Directory traversal vulnerability in index.php in Awesome PHP Mega ...)