[Secure-testing-commits] r13514 - data/CVE

Raphael Geissert geissert at alioth.debian.org
Sat Dec 12 03:45:07 UTC 2009 

Author: geissert
Date: 2009-12-12 03:45:07 +0000 (Sat, 12 Dec 2009)
New Revision: 13514

Modified:
   data/CVE/list
Log:
acpid issue affects etch, rails CVEIfied, 9 moodle issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-12-12 00:53:50 UTC (rev 13513)
+++ data/CVE/list	2009-12-12 03:45:07 UTC (rev 13514)
@@ -1,3 +1,39 @@
+CVE-2009-4305
+        - moodle <unfixed> (bug #559531)
+        NOTE: MSA-09-0031
+        TODO: check
+CVE-2009-4304
+        - moodle <unfixed> (bug #559531)
+        NOTE: MSA-09-0029
+        TODO: check
+CVE-2009-4303
+        - moodle <unfixed> (bug #559531)
+        NOTE: MSA-09-0028
+        TODO: check
+CVE-2009-4302
+        - moodle <unfixed> (bug #559531)
+        NOTE: MSA-09-0027
+        TODO: check
+CVE-2009-4301
+        - moodle <unfixed> (bug #559531)
+        NOTE: MSA-09-0026
+        TODO: check
+CVE-2009-4300
+        - moodle <unfixed> (bug #559531)
+        NOTE: MSA-09-0025
+        TODO: check
+CVE-2009-4299
+        - moodle <unfixed> (bug #559531)
+        NOTE: MSA-09-0024
+        TODO: check
+CVE-2009-4298
+        - moodle <unfixed> (bug #559531)
+        NOTE: MSA-09-0023
+        TODO: check
+CVE-2009-4297
+        - moodle <unfixed> (bug #559531)
+        NOTE: MSA-09-0022
+        TODO: check
 CVE-2009-XXXX [docutils insecure usage of temporary files]
 	- python-docutils <unfixed> (low; bug #560755)
 	[etch] - python-docutils <not-affected> (vulnerable code introduced in 0.5)
@@ -56,7 +92,10 @@
 CVE-2009-4236 (The process function in ...)
 	NOT-FOR-US: EC-CUBE
 CVE-2009-4235 (acpid 1.0.4 sets an unrestrictive umask, which might allow local users ...)
-	TODO: check
+	[etch] - acpid <unfixed> (low; bug #560771)
+	[lenny] - acpid <not-affected> (only logs to syslog)
+	- acpid <not-affected> (only logs to syslog)
+	NOTE: all versions set umask(0), might be worth double-checking what it opens
 CVE-2009-4234 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: Micronet Network Access Controller
 CVE-2009-4233 (Cross-site scripting (XSS) vulnerability in modules/mod_yj_whois.php ...)
@@ -411,7 +450,7 @@
 CVE-2009-4214 (Cross-site scripting (XSS) vulnerability in the strip_tags function in ...)
 	- rails <unfixed> (low; bug #558685)
 	NOTE: http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1
-CVE-2008-XXXX [rails CSRF]
+CVE-2008-7248 [rails CSRF]
 	- rails <unfixed> (medium; bug #558685)
 	NOTE: http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1
 CVE-2009-4073 (The printing functionality in Microsoft Internet Explorer 8 allows ...)

More information about the Secure-testing-commits mailing list