Author: nion Date: 2009-09-02 14:10:59 +0000 (Wed, 02 Sep 2009) New Revision: 12732 Modified: data/CVE/list Log: cveified ocsinventory-server and spip Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-09-02 02:13:18 UTC (rev 12731) +++ data/CVE/list 2009-09-02 14:10:59 UTC (rev 12732) @@ -968,11 +968,12 @@ NOT-FOR-US: DD-WRT CVE-2008-6974 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) NOT-FOR-US: DD-WRT -CVE-2009-XXXX [Sql injection in OCS Inventory NG Server] +CVE-2009-3040 [Sql injection in OCS Inventory NG Server] - ocsinventory-server 1.02.1-2 (low; bug #541995) - NOTE: http://seclists.org/fulldisclosure/2009/Aug/0143.html NOTE: Authentication is needed - NOTE: cve id already requested on oss-sec +CVE-2009-3042 [Sql injection in OCS Inventory NG Server] + - ocsinventory-server 1.02.1-2 (low; bug #541995) + NOTE: Authentication is needed CVE-2009-2763 RESERVED CVE-2009-XXXX [logrotate race condition could lead to file disclosure] @@ -1257,10 +1258,8 @@ - mantis 1.1.8+dfsg-2 (medium; bug #425010) [lenny] - mantis 1.1.6+dfsg-2lenny1 NOTE: cve id requested on oss-sec -CVE-2009-XXXX [missing authorization check in spip installer] +CVE-2009-3041 [missing authorization check in spip installer] - spip 2.0.9-1 (medium) - NOTE: CVE id requested - NOTE: http://www.spip-contrib.net/SPIP-Security-Alert-new-version CVE-2009-XXXX [rubygems: integrity violation] - libgems-ruby <not-affected> (Debian''s version installs gems packages to /var/lib/gems, bug #540610) NOTE: so no opportunity to overwrite system files