Author: geissert Date: 2009-10-27 23:04:29 +0000 (Tue, 27 Oct 2009) New Revision: 13107 Modified: data/CVE/list Log: new kde issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-10-27 21:14:20 UTC (rev 13106) +++ data/CVE/list 2009-10-27 23:04:29 UTC (rev 13107) @@ -1,3 +1,11 @@ +CVE-2009-XXXX [multiple missing input sanity checks in KDE] + - kdelibs <unfixed> (low) + [lenny] - kdelibs <no-dsa> (minor and unlikely to be exploited) + [etch] - kdelibs <no-dsa> (minor and unlikely to be exploited) + NOTE: http://www.ocert.org/advisories/ocert-2009-015.html + NOTE: advisory mentions kmail and ark (from kdepim and kdeutils, respectively) + NOTE: but the "fixes" linked from the advisory only change code in kdelibs + NOTE: 4.3.3, which fixes the issue, is due to be released in a week CVE-2009-3800 RESERVED CVE-2009-3799