Author: fw Date: 2010-08-22 16:50:09 +0000 (Sun, 22 Aug 2010) New Revision: 15184 Modified: data/CVE/list Log: CVE-2010-2234: couchdb CVEified Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-08-22 15:57:33 UTC (rev 15183) +++ data/CVE/list 2010-08-22 16:50:09 UTC (rev 15184) @@ -2080,8 +2080,6 @@ RESERVED CVE-2010-2235 RESERVED -CVE-2010-2234 (Cross-site request forgery (CSRF) vulnerability in Apache CouchDB ...) - TODO: check CVE-2010-2233 (tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used ...) - tiff 3.9.1-1 [lenny] - tiff <not-affected> (Only affects 3.9.x) @@ -6749,11 +6747,9 @@ CVE-2010-0628 (The spnego_gss_accept_sec_context function in ...) - krb5 1.8+dfsg-1.1 (bug #575740) [lenny] - krb5 <not-affected> (Only affects 1.7/1.8) -CVE-2010-XXXX [CouchDB: browser interface has XSS, CSRF issues] +CVE-2010-2234 [CouchDB: browser interface has XSS, CSRF issues] - couchdb <unfixed> (bug #570013) [lenny] - couchdb <no-dsa> (does not support authentication at all) - NOTE: http://mail-archives.apache.org/mod_mbox/couchdb-dev/201002.mbox/%3C87bpfz5t39.fsf at mid.deneb.enyo.de%3E - NOTE: http://www.openwall.com/lists/oss-security/2010/02/15/5 CVE-2010-0637 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...) - webcalendar <undetermined> (bug #572557) CVE-2010-0636 (Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar ...)