Author: geissert Date: 2009-12-09 00:05:03 +0000 (Wed, 09 Dec 2009) New Revision: 13497 Modified: data/CVE/list Log: new mysql, redmine, polipo issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-12-08 23:02:33 UTC (rev 13496) +++ data/CVE/list 2009-12-09 00:05:03 UTC (rev 13497) @@ -1,3 +1,7 @@ +CVE-2009-XXXX [polipo crash/DoS via overly-large content-length header] + - polipo <unfixed> + TODO: report bug, check affected versions + NOTE: http://www.exploit-db.com/exploits/10338 CVE-2009-4224 (Multiple PHP remote file inclusion vulnerabilities in SweetRice 0.5.4, ...) TODO: check CVE-2009-4223 (PHP remote file inclusion vulnerability in adm/krgourl.php in KR-Web ...) @@ -291,8 +295,10 @@ CVE-2009-4080 (Multiple unspecified vulnerabilities in ldap_cachemgr (aka the LDAP ...) NOT-FOR-US: ldap_cachemgr in Sun Solaris CVE-2009-4079 (Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and ...) + - redmine <unfixed> TODO: check CVE-2009-4078 (Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 ...) + - redmine <unfixed> TODO: check CVE-2009-4077 (Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail ...) - roundcube <unfixed> @@ -305,6 +311,8 @@ CVE-2009-4074 (The XSS Filter in Microsoft Internet Explorer 8 allows remote ...) NOT-FOR-US: Microsoft Internet Explorer 8 CVE-2008-7247 (sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, ...) + - mysql-dfsg-5.1 <unfixed> + - mysql-dfsg-5.0 <removed> TODO: check CVE-2009-XXXX [rails insufficient escaping XSS] - rails <unfixed> (low; bug #558685) @@ -414,10 +422,14 @@ - linux-2.6.24 <not-affected> (kvm introduced in 2.6.25) - kvm <unfixed> (low) CVE-2009-4030 (MySQL 5.1.x before 5.1.41 allows local users to bypass certain ...) + - mysql-dfsg-5.1 5.1.41-1 + - mysql-dfsg-5.0 <removed> TODO: check CVE-2009-4029 RESERVED CVE-2009-4028 (The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x ...) + - mysql-dfsg-5.1 5.1.41-1 + - mysql-dfsg-5.0 <removed> TODO: check CVE-2009-4027 (Race condition in the mac80211 subsystem in the Linux kernel before ...) - linux-2.6 2.6.32-1 (medium)