[Secure-testing-commits] r11530 - data/CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Wed Apr 1 21:24:00 UTC 2009
Author: jmm-guest
Date: 2009-04-01 21:23:59 +0000 (Wed, 01 Apr 2009)
New Revision: 11530
Modified:
data/CVE/list
Log:
- checked another legacy Mozilla issue with upstream
- two screen issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-04-01 21:14:11 UTC (rev 11529)
+++ data/CVE/list 2009-04-01 21:23:59 UTC (rev 11530)
@@ -1,7 +1,7 @@
CVE-2009-1215 (Race condition in GNU screen 4.0.3 allows local users to create or ...)
- TODO: check
+ - screen <unfixed> (bug #521123)
CVE-2009-1214 (GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with ...)
- TODO: check
+ - screen <unfixed> (bug #521123)
CVE-2009-1213 (Cross-site request forgery (CSRF) vulnerability in attachment.cgi in ...)
TODO: check
CVE-2009-1212 (Multiple insecure method vulnerabilities in PRECIS~2.DLL in the ...)
@@ -3524,10 +3524,7 @@
CVE-2009-0254 (Stack-based buffer overflow in easyHDR PRO 1.60.2 allows user-assisted ...)
NOT-FOR-US: easyHDR PRO
CVE-2009-0253 (Mozilla Firefox 3.0.5 allows remote attackers to trick a user into ...)
- - iceweasel <unfixed> (low; bug #513004)
- TODO: check if xulrunner etc are also affected by this
- NOTE: the attack basically works but the URL bar still shows the correct location after
- NOTE: clicking the link, still there is the risk to miss this
+ NOTE: Mozilla #474967, upstream disputes this being a bug
CVE-2009-0252 (Multiple SQL injection vulnerabilities in default.asp in Enthrallweb ...)
NOT-FOR-US: Enthrallweb eReservations
CVE-2009-0251 (Static code injection vulnerability in admin.php in Ryneezy phoSheezy ...)
More information about the Secure-testing-commits
mailing list