[Secure-testing-commits] r12281 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Sun Jul 5 20:18:28 UTC 2009
Author: gilbert-guest
Date: 2009-07-05 20:18:27 +0000 (Sun, 05 Jul 2009)
New Revision: 12281
Modified:
data/CVE/list
Log:
some new higher-severity issues and bug submitted for phpmyadmin issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-07-05 19:21:41 UTC (rev 12280)
+++ data/CVE/list 2009-07-05 20:18:27 UTC (rev 12281)
@@ -1,3 +1,12 @@
+CVE-2009-XXXX [rails: password bypass]
+ - rails <unfixed> (high; bug #535896)
+ NOTE: to be fixed in upstream version 2.3.3
+CVE-2009-XXXX [php: segfaults on corrupted jpeg files]
+ - php5 <unfixed> (low; bug #535888)
+ - php4 <unfixed> (low; bug #535897)
+ TODO: check 5.3.0-1, fix may already be applied
+CVE-2009-XXXX [apache2: htaccess override]
+ - apache2 2.2.9-1 (low; bug #535886)
CVE-2009-XXXX [openvpn: possible symlink attack via client-connect script]
- openvpn <unfixed> (low; bug #534908)
CVE-2009-XXXX [xscreensaver: symlink attack enables local information disclosure]
@@ -100,8 +109,7 @@
NOTE: http://drupal.org/node/507572
NOTE: requested CVE id
CVE-2009-2284 (Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 ...)
- - phpmyadmin 4:3.2.0.1-1
- TODO: need to assess severity of this issue
+ - phpmyadmin 4:3.2.0.1-1 (medium; bug #535890)
CVE-2009-2280
RESERVED
CVE-2009-2279
More information about the Secure-testing-commits
mailing list