thr3ads.net - Secure testing commits - [Secure-testing-commits] r12415

If this information is useful, please help other people find it:
Share via:

Giuseppe Iuculano

2009-Jul-26 14:58 UTC

[Secure-testing-commits] r12415 - data/CVE

Author: derevko-guest
Date: 2009-07-26 14:58:47 +0000 (Sun, 26 Jul 2009)
New Revision: 12415

Modified:
   data/CVE/list
Log:
fckeditor embedded copies checked

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-07-25 21:14:25 UTC (rev 12414)
+++ data/CVE/list	2009-07-26 14:58:47 UTC (rev 12415)
@@ -647,7 +647,15 @@
 	NOTE: moin from 1.8.2-2 uses systemwide copy of fckeditor
 	[lenny] - moin <no-dsa> (unimportant; provides FCKeditor as example
files in /usr/share/doc, but not executable in general case)
 	[etch] - moin <not-affected> (doesn''t provide FCKeditor sample
files)
-	TODO: check knowledgeroot, karrigell, gforge, egroupware, request-tracker3.8
+	- knowledgeroot 0.9.8.5-3
+	NOTE: knowledgeroot from 0.9.8.5-3 uses systemwide copy of fckeditor
+	[etch] - knowledgeroot <not-affected> (doesn''t provide
FCKeditor sample files)
+	- karrigell <removed>
+	[etch] - karrigell <not-affected> (doesn''t provide FCKeditor
sample files)
+	- gforge 4.6.99+svn6225-1
+	[etch] - gforge <not-affected> (doesn''t contain FCKeditor)
+	- egroupware <not-affected> (doesn''t provide FCKeditor sample
files)
+	- request-tracker3.8 <not-affected> (doesn''t provide FCKeditor
sample files)
 CVE-2009-2323 (The web interface on the Axesstel MV 410R redirects users back
to the ...)
 	NOT-FOR-US: Axesstel MV 410R
 CVE-2009-2322 (Cross-site scripting (XSS) vulnerability in cgi-bin/sysconf.cgi
on the ...)
@@ -837,8 +845,17 @@
 	- moin 1.8.2-2
 	NOTE: moin from 1.8.2-2 uses systemwide copy of fckeditor
 	[lenny] - moin <unfixed> (unimportant)
+	[etch] - moin <not-affected> (Vulnerable code not present)
 	NOTE: moin in lenny provides FCKeditor as example files (/usr/share/doc)
-	TODO: check knowledgeroot, karrigell, gforge, egroupware, request-tracker3.8,
moin version in etch
+	- request-tracker3.8 <not-affected> (Vulnerable code not present)
+	- egroupware 1.6.002+dfsg-1 (medium)
+	NOTE: egroupware is orphaned
+	- gforge 4.6.99+svn6225-1
+	[etch] - gforge <not-affected> (doesn''t contain FCKeditor)
+	- knowledgeroot 0.9.8.5-3 (medium; bug #538722)
+	- karrigell <removed>
+	[etch] - karrigell <not-affected> (Vulnerable code not present)
+	NOTE: knowledgeroot from 0.9.8.5-3 uses systemwide copy of fckeditor 
 CVE-2009-2264
 	RESERVED
 CVE-2009-2263 (Directory traversal vulnerability in index.php in Awesome PHP
Mega ...)

Secure testing commits - Jul 2009 - r12415 - data/CVE

[Secure-testing-commits] r12415 - data/CVE