Secure testing commits - Jan 2010 - r13758 - data/CVE

Author: jmm-guest
Date: 2010-01-07 23:02:29 +0000 (Thu, 07 Jan 2010)
New Revision: 13758

Modified:
   data/CVE/list
Log:
sql-ledger has limited security support


Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-01-07 22:53:06 UTC (rev 13757)
+++ data/CVE/list	2010-01-07 23:02:29 UTC (rev 13758)
@@ -644,7 +644,8 @@
 CVE-2009-4403 (Cross-site scripting (XSS) vulnerability in index.php in Rumba
XML 1.8 ...)
 	NOT-FOR-US: Rumba XML
 CVE-2009-4402 (The default configuration of SQL-Ledger 2.8.24 allows remote
attackers ...)
-	- sql-ledger <unfixed> (bug #562639)
+	- sql-ledger <unfixed> (unimportant; bug #562639)
+	NOTE: Only supported behind an authenticated HTTP zone, see README.Debian
 CVE-2009-4410 (The fuse_ioctl_copy_user function in the ioctl handler in ...)
 	- linux-2.6 2.6.32-1 (low)
 	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
@@ -3091,15 +3092,20 @@
 	- request-tracker3.4 <removed>
 	- request-tracker3.6 3.6.9-2 (low)
 CVE-2009-3584 (SQL-Ledger 2.8.24 does not set the secure flag for the session
cookie ...)
-	- sql-ledger <unfixed> (bug #562639)
+	- sql-ledger <unfixed> (unimportant; bug #562639)
+	NOTE: Only supported behind an authenticated HTTP zone, see README.Debian
 CVE-2009-3583 (Directory traversal vulnerability in the Preferences menu item
in ...)
-	- sql-ledger <unfixed> (bug #562639)
+	- sql-ledger <unfixed> (unimportant; bug #562639)
+	NOTE: Only supported behind an authenticated HTTP zone, see README.Debian
 CVE-2009-3582 (Multiple SQL injection vulnerabilities in the delete subroutine
in ...)
-	- sql-ledger <unfixed> (bug #562639)
+	- sql-ledger <unfixed> (unimportant; bug #562639)
+	NOTE: Only supported behind an authenticated HTTP zone, see README.Debian
 CVE-2009-3581 (Multiple cross-site scripting (XSS) vulnerabilities in
SQL-Ledger ...)
-	- sql-ledger <unfixed> (bug #562639)
+	- sql-ledger <unfixed> (unimportant; bug #562639)
+	NOTE: Only supported behind an authenticated HTTP zone, see README.Debian
 CVE-2009-3580 (Cross-site request forgery (CSRF) vulnerability in am.pl in
SQL-Ledger ...)
-	- sql-ledger <unfixed> (bug #562639)
+	- sql-ledger <unfixed> (unimportant; bug #562639)
+	NOTE: Only supported behind an authenticated HTTP zone, see README.Debian
 CVE-2009-3578 (Autodesk Maya 8.0, 8.5, 2008, 2009, and 2010 and Alias Wavefront
Maya ...)
 	NOT-FOR-US: Autodesk Maya
 CVE-2009-3577 (Autodesk 3D Studio Max (3DSMax) 6 through 9 and 2008 through
2010 ...)