Author: derevko-guest Date: 2009-09-17 07:21:45 +0000 (Thu, 17 Sep 2009) New Revision: 12833 Modified: data/CVE/list Log: - old elink issue got a CVE id - bugzilla issues - changetrack got a CVE id Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-09-17 05:59:09 UTC (rev 12832) +++ data/CVE/list 2009-09-17 07:21:45 UTC (rev 12833) @@ -34,14 +34,13 @@ NOT-FOR-US: Crazy Star plugin 2.0 for Discuz! CVE-2009-3184 (Multiple SQL injection vulnerabilities in index.php in Pirates of The ...) NOT-FOR-US: Pirates of The Caribbean -CVE-2008-XXXX [changetrack command injection] +CVE-2009-3233 [changetrack command injection] - changetrack <unfixed> (medium; bug #546791) - NOTE: CVE id requested CVE-2008-7228 (Multiple format string vulnerabilities in White_Dune before ...) - whitedune <not-affected> (bug #546903) NOTE: The debian binary versions are not compiled with the --with-aflockdebug option CVE-2008-7224 (Buffer overflow in entity_cache in ELinks before 0.11.4rc0 allows ...) - TODO: check + - elinks 0.11.3-1 (low; bug #380347) CVE-2009-3183 (Heap-based buffer overflow in w in Sun Solaris 8 through 10, and ...) NOT-FOR-US: Sun Solaris CVE-2008-7239 (Multiple unspecified vulnerabilities in Oracle E-Business Suite ...) @@ -79,9 +78,10 @@ CVE-2008-7221 (Cross-site request forgery (CSRF) vulnerability in RunCMS 1.6.1 allows ...) NOT-FOR-US: RunCMS CVE-2009-3166 (token.cgi in Bugzilla 3.4rc1 through 3.4.1 places a password in a URL ...) - TODO: check + - bugzilla <not-affected> (only 3.4.x is affected) + TODO: check when 3.4.x will be uploaded in unstable CVE-2009-3165 (SQL injection vulnerability in the Bug.create WebService function in ...) - TODO: check + - bugzilla <unfixed> (low; bug #547132) CVE-2008-7220 (Unspecified vulnerability in Prototype JavaScript framework ...) - prototypejs 1.6.0.2-1 CVE-2008-7219 (Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 ...) @@ -257,7 +257,8 @@ CVE-2009-3146 (Cross-site scripting (XSS) vulnerability in search_advance.php in ...) NOT-FOR-US: ArticleFriend Script CVE-2009-3125 (SQL injection vulnerability in the Bug.search WebService function in ...) - TODO: check + - bugzilla <not-affected> (Only 3.3.x and 3.4.x are affected) + TODO: check when 3.3.x or 3.4.x will be uploaded in unstable CVE-2009-3124 (Directory traversal vulnerability in get_message.cgi in QuarkMail ...) NOT-FOR-US: QuarkMail CVE-2009-3123 (Directory traversal vulnerability in gallery/gallery.php in Wap-Motor ...)