Author: kees Date: 2009-09-10 22:31:47 +0000 (Thu, 10 Sep 2009) New Revision: 12786 Modified: data/CVE/list Log: unfixed: open-iscsi rhythmbox, fixed: freeradius pidgin Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-09-10 22:02:04 UTC (rev 12785) +++ data/CVE/list 2009-09-10 22:31:47 UTC (rev 12786) @@ -61,7 +61,7 @@ CVE-2009-3112 (Unspecified vulnerability in OXID eShop Professional, Enterprise, and ...) NOT-FOR-US: OXID eShop Professional CVE-2009-3111 (The rad_decode function in FreeRADIUS before 1.1.8 allows remote ...) - TODO: check + - freeradius 2.0.0-1 (low) CVE-2008-7202 (Multiple cross-site scripting (XSS) vulnerabilities in OpenWebMail ...) NOT-FOR-US: OpenWebMail CVE-2008-7201 (Lantronix MSS485-T allows remote attackers to cause a denial of ...) @@ -157,13 +157,13 @@ CVE-2009-3086 (A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x ...) - rails <unfixed> (low; bug #545063) CVE-2009-3085 (The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not ...) - TODO: check + - pidgin 2.6.2-1 (low) CVE-2009-3084 (The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c ...) - TODO: check + - pidgin 2.6.2-1 (low) CVE-2009-3083 (The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the ...) - TODO: check + - pidgin 2.6.2-1 (low) CVE-2008-7185 (GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of ...) - TODO: check + - rhythmbox <unfixed> (low) CVE-2008-7184 (Cross-site scripting (XSS) vulnerability in Diigo Toolbar and Diigolet ...) NOT-FOR-US: Diigo Toolbar and Diigolet CVE-2008-7183 (PHP remote file inclusion vulnerability in eva/index.php in EVA CMS ...) @@ -5708,7 +5708,7 @@ CVE-2009-1298 RESERVED CVE-2009-1297 - RESERVED + - open-iscsi <unfixed> (low) CVE-2009-1296 (The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on ...) - ecryptfs-utils 75-2 (unimportant; bug #532372) NOTE: this is a non-issue as the debian installer doesn''t support per user