Author: geissert Date: 2009-12-12 03:45:07 +0000 (Sat, 12 Dec 2009) New Revision: 13514 Modified: data/CVE/list Log: acpid issue affects etch, rails CVEIfied, 9 moodle issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-12-12 00:53:50 UTC (rev 13513) +++ data/CVE/list 2009-12-12 03:45:07 UTC (rev 13514) @@ -1,3 +1,39 @@ +CVE-2009-4305 + - moodle <unfixed> (bug #559531) + NOTE: MSA-09-0031 + TODO: check +CVE-2009-4304 + - moodle <unfixed> (bug #559531) + NOTE: MSA-09-0029 + TODO: check +CVE-2009-4303 + - moodle <unfixed> (bug #559531) + NOTE: MSA-09-0028 + TODO: check +CVE-2009-4302 + - moodle <unfixed> (bug #559531) + NOTE: MSA-09-0027 + TODO: check +CVE-2009-4301 + - moodle <unfixed> (bug #559531) + NOTE: MSA-09-0026 + TODO: check +CVE-2009-4300 + - moodle <unfixed> (bug #559531) + NOTE: MSA-09-0025 + TODO: check +CVE-2009-4299 + - moodle <unfixed> (bug #559531) + NOTE: MSA-09-0024 + TODO: check +CVE-2009-4298 + - moodle <unfixed> (bug #559531) + NOTE: MSA-09-0023 + TODO: check +CVE-2009-4297 + - moodle <unfixed> (bug #559531) + NOTE: MSA-09-0022 + TODO: check CVE-2009-XXXX [docutils insecure usage of temporary files] - python-docutils <unfixed> (low; bug #560755) [etch] - python-docutils <not-affected> (vulnerable code introduced in 0.5) @@ -56,7 +92,10 @@ CVE-2009-4236 (The process function in ...) NOT-FOR-US: EC-CUBE CVE-2009-4235 (acpid 1.0.4 sets an unrestrictive umask, which might allow local users ...) - TODO: check + [etch] - acpid <unfixed> (low; bug #560771) + [lenny] - acpid <not-affected> (only logs to syslog) + - acpid <not-affected> (only logs to syslog) + NOTE: all versions set umask(0), might be worth double-checking what it opens CVE-2009-4234 (Cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: Micronet Network Access Controller CVE-2009-4233 (Cross-site scripting (XSS) vulnerability in modules/mod_yj_whois.php ...) @@ -411,7 +450,7 @@ CVE-2009-4214 (Cross-site scripting (XSS) vulnerability in the strip_tags function in ...) - rails <unfixed> (low; bug #558685) NOTE: http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1 -CVE-2008-XXXX [rails CSRF] +CVE-2008-7248 [rails CSRF] - rails <unfixed> (medium; bug #558685) NOTE: http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1 CVE-2009-4073 (The printing functionality in Microsoft Internet Explorer 8 allows ...)