[Secure-testing-commits] r13497 - data/CVE

Raphael Geissert geissert at alioth.debian.org
Wed Dec 9 00:05:36 UTC 2009 

Author: geissert
Date: 2009-12-09 00:05:03 +0000 (Wed, 09 Dec 2009)
New Revision: 13497

Modified:
   data/CVE/list
Log:
new mysql, redmine, polipo issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-12-08 23:02:33 UTC (rev 13496)
+++ data/CVE/list	2009-12-09 00:05:03 UTC (rev 13497)
@@ -1,3 +1,7 @@
+CVE-2009-XXXX [polipo crash/DoS via overly-large content-length header]
+	- polipo <unfixed>
+	TODO: report bug, check affected versions
+	NOTE: http://www.exploit-db.com/exploits/10338
 CVE-2009-4224 (Multiple PHP remote file inclusion vulnerabilities in SweetRice 0.5.4, ...)
 	TODO: check
 CVE-2009-4223 (PHP remote file inclusion vulnerability in adm/krgourl.php in KR-Web ...)
@@ -291,8 +295,10 @@
 CVE-2009-4080 (Multiple unspecified vulnerabilities in ldap_cachemgr (aka the LDAP ...)
 	NOT-FOR-US: ldap_cachemgr in Sun Solaris
 CVE-2009-4079 (Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and ...)
+	- redmine <unfixed>
 	TODO: check
 CVE-2009-4078 (Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 ...)
+	- redmine <unfixed>
 	TODO: check
 CVE-2009-4077 (Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail ...)
 	- roundcube <unfixed>
@@ -305,6 +311,8 @@
 CVE-2009-4074 (The XSS Filter in Microsoft Internet Explorer 8 allows remote ...)
 	NOT-FOR-US: Microsoft Internet Explorer 8
 CVE-2008-7247 (sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, ...)
+	- mysql-dfsg-5.1 <unfixed>
+	- mysql-dfsg-5.0 <removed>
 	TODO: check
 CVE-2009-XXXX [rails insufficient escaping XSS]
 	- rails <unfixed> (low; bug #558685)
@@ -414,10 +422,14 @@
 	- linux-2.6.24 <not-affected> (kvm introduced in 2.6.25)
 	- kvm <unfixed> (low)
 CVE-2009-4030 (MySQL 5.1.x before 5.1.41 allows local users to bypass certain ...)
+	- mysql-dfsg-5.1 5.1.41-1
+	- mysql-dfsg-5.0 <removed>
 	TODO: check
 CVE-2009-4029
 	RESERVED
 CVE-2009-4028 (The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x ...)
+	- mysql-dfsg-5.1 5.1.41-1
+	- mysql-dfsg-5.0 <removed>
 	TODO: check
 CVE-2009-4027 (Race condition in the mac80211 subsystem in the Linux kernel before ...)
 	- linux-2.6 2.6.32-1 (medium)

More information about the Secure-testing-commits mailing list