[Secure-testing-commits] r13498 - data/CVE
Raphael Geissert
geissert at alioth.debian.org
Wed Dec 9 00:34:21 UTC 2009
Author: geissert
Date: 2009-12-09 00:34:20 +0000 (Wed, 09 Dec 2009)
New Revision: 13498
Modified:
data/CVE/list
Log:
rails issue CVEified, two xfig issues
I hope I got the xfig stuff right
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-12-09 00:05:03 UTC (rev 13497)
+++ data/CVE/list 2009-12-09 00:34:20 UTC (rev 13498)
@@ -1,3 +1,11 @@
+CVE-2009-4228 [xfig stack-consumption DoS]
+ - xfig <unfixed>
+ TODO: check
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=543905
+CVE-2009-4227 [xfig read_1_3_textobject issue]
+ - xfig 1:3.2.5.b-1 (bug #559274)
+ TODO: check
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=543905
CVE-2009-XXXX [polipo crash/DoS via overly-large content-length header]
- polipo <unfixed>
TODO: report bug, check affected versions
@@ -22,8 +30,6 @@
TODO: check
CVE-2009-4215 (Panda Global Protection 2010, Internet Security 2010, and Antivirus ...)
TODO: check
-CVE-2009-4214 (Cross-site scripting (XSS) vulnerability in the strip_tags function in ...)
- TODO: check
CVE-2009-4213
RESERVED
CVE-2009-4212
@@ -314,7 +320,7 @@
- mysql-dfsg-5.1 <unfixed>
- mysql-dfsg-5.0 <removed>
TODO: check
-CVE-2009-XXXX [rails insufficient escaping XSS]
+CVE-2009-4214 [rails insufficient escaping XSS]
- rails <unfixed> (low; bug #558685)
NOTE: http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1
CVE-2008-XXXX [rails CSRF]
More information about the Secure-testing-commits
mailing list