[Secure-testing-commits] r11042 - data/CVE
nion at alioth.debian.org
nion at alioth.debian.org
Sun Jan 25 16:44:14 UTC 2009
Author: nion
Date: 2009-01-25 16:44:14 +0000 (Sun, 25 Jan 2009)
New Revision: 11042
Modified:
data/CVE/list
Log:
new iceweasel issue (CVE-2009-0253), maintainer poked for CVE-2009-0259
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-01-25 16:20:16 UTC (rev 11041)
+++ data/CVE/list 2009-01-25 16:44:14 UTC (rev 11042)
@@ -2,10 +2,14 @@
- gst-plugins-good0.10 0.10.13-1 (bug #512818)
CVE-2009-0259 (The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows ...)
TODO: check
+ NOTE: poked rene, not reproducible
CVE-2009-0254 (Stack-based buffer overflow in easyHDR PRO 1.60.2 allows user-assisted ...)
NOT-FOR-US: easyHDR PRO
CVE-2009-0253 (Mozilla Firefox 3.0.5 allows remote attackers to trick a user into ...)
- TODO: check
+ - iceweasel <unfixed> (low; bug #513004)
+ TODO: check if xulrunner etc are also affected by this
+ NOTE: the attack basically works but the URL bar still shows the correct location after
+ NOTE: clicking the link, still there is the risk to miss this
CVE-2009-0252 (Multiple SQL injection vulnerabilities in default.asp in Enthrallweb ...)
NOT-FOR-US: Enthrallweb eReservations
CVE-2009-0251 (Static code injection vulnerability in admin.php in Ryneezy phoSheezy ...)
More information about the Secure-testing-commits
mailing list