Author: gilbert-guest Date: 2009-07-20 00:34:53 +0000 (Mon, 20 Jul 2009) New Revision: 12383 Modified: data/CVE/list Log: new non-numbered issues for the past week Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-07-19 18:50:33 UTC (rev 12382) +++ data/CVE/list 2009-07-20 00:34:53 UTC (rev 12383) @@ -1,3 +1,15 @@ +CVE-2009-XXXX [incorrect validation of hostnames] + - libio-socket-ssl-perl 1.26-1 (medium; bug #537633) + NOTE: hostname validition is not implemented until 1.14, so etch + NOTE: is in a way is not affected, but in another sense, it is + NOTE: completely affected since no validation done at all +CVE-2009-XXXX [mediawiki: multiple vulnerabilities] + - mediawiki <unfixed> (medium; bug #537634) + [etch] - mediawiki <not-affected> (vulnerably code introduced in 1.14.0) + [lenny] - mediawiki <not-affected> (vulnerably code introduced in 1.14.0) + NOTE: fixed in upstream 1.15.1 +CVE-2009-XXXX [htmldoc: buffer overflow] + - htmldoc <unfixed> (medium; bug #537637) CVE-2009-XXXX [insecure tmp file vulnerability in slim] - slim <unfixed> (unimportant; bug #537604) NOTE: exploit scenario too constructed @@ -2021,6 +2033,7 @@ TODO: work with upstream to determine affected/not-affected webkit versions CVE-2009-1692 (WebKit in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod ...) - webkit <unfixed> (medium; bug #535793) + NOTE: upstream (undisclosed) bug report is https://bugs.webkit.org/show_bug.cgi?id=23319 TODO: work with upstream to determine affected/not-affected webkit versions CVE-2009-1691 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) - webkit <unfixed> (medium; bug #535793)