[Secure-testing-commits] r11258 - data/CVE
atomo64-guest at alioth.debian.org
atomo64-guest at alioth.debian.org
Tue Feb 24 00:13:01 UTC 2009
Author: atomo64-guest
Date: 2009-02-24 00:13:00 +0000 (Tue, 24 Feb 2009)
New Revision: 11258
Modified:
data/CVE/list
Log:
add more info about the mldonkey issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-02-23 23:48:20 UTC (rev 11257)
+++ data/CVE/list 2009-02-24 00:13:00 UTC (rev 11258)
@@ -1,5 +1,6 @@
CVE-2009-XXXX [Http double slash request arbitrary file access vulnerability in mldonkey]
- - mldonkey <unfixed> (bug #516829; high)
+ - mldonkey <unfixed> (bug #516829; medium)
+ NOTE: daemon is run as non-root and can only be exploited via localhost
CVE-2009-0648 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
NOT-FOR-US: Falt4 CMS
CVE-2009-0647 (msnmsgr.exe in Windows Live Messenger (WLM) 2009 build 14.0.8064.206, ...)
More information about the Secure-testing-commits
mailing list