Author: nion Date: 2009-09-03 17:10:12 +0000 (Thu, 03 Sep 2009) New Revision: 12741 Modified: data/CVE/list Log: CVE-2009-3025 fixed in pidgin 2.6.1-1 CVE-2009-3024 fixed in libcompress-raw-zlib-perl 2.015-2 note on CVE-2009-3015, non-issue? someone who''s into webappsec please check CVE-2009-2195 fixed in webkit 1.1.12-1, qt4-x11 unfixed Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-09-02 21:14:15 UTC (rev 12740) +++ data/CVE/list 2009-09-03 17:10:12 UTC (rev 12741) @@ -67,9 +67,12 @@ CVE-2009-3027 RESERVED CVE-2009-3025 (Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to ...) - TODO: check + - pidgin 2.6.1-1 (low) + [lenny] - pidgin <not-affected> (Vulnerable code introduced in 2.6.0) + [etch] - pidgin <not-affected> (Vulnerable code introduced in 2.6.0) CVE-2009-3024 (The verify_hostname_of_cert function in the certificate checking ...) - TODO: check + TODO: next point release [lenny] - libcompress-raw-zlib-perl 2.012-1lenny1 + - libcompress-raw-zlib-perl 2.015-2 (bug #532738) CVE-2009-3023 (Buffer overflow in the FTP server in Microsoft Internet Information ...) NOT-FOR-US: Microsoft IIS CVE-2009-3022 (Cross-site request forgery (CSRF) vulnerability in bingo!CMS 1.2 and ...) @@ -88,6 +91,8 @@ NOT-FOR-US: Apple Safari CVE-2009-3015 (QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and ...) TODO: check + NOTE: I am not sure if this is even a security issue, sure that is javascript executed in + NOTE: the content of the browser but I''m not sure if anything _cross-site_ works as well CVE-2009-3014 (Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; ...) TODO: check CVE-2009-3013 (Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly ...) @@ -2838,7 +2843,8 @@ CVE-2009-2196 (Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote ...) NOT-FOR-US: Apple Safari CVE-2009-2195 (Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote ...) - TODO: check + - webkit 1.1.12-1 (medium) + - qt4-x11 <unfixed> (medium; bug #544903) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=517273 NOTE: http://trac.webkit.org/changeset/45696 CVE-2009-2194 (Apple Mac OS X 10.5 before 10.5.8 does not properly share file ...)