[Secure-testing-commits] r12312 - data/CVE

[Giuseppe Iuculano]

Author: derevko-guest
Date: 2009-07-09 08:45:40 +0000 (Thu, 09 Jul 2009)
New Revision: 12312

Modified:
   data/CVE/list
Log:
fckeditor issues triaging

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-07-09 07:16:34 UTC (rev 12311)
+++ data/CVE/list	2009-07-09 08:45:40 UTC (rev 12312)
@@ -79,7 +79,14 @@
 CVE-2009-2325 (Directory traversal vulnerability in index.php in Clicknet CMS 2.1 ...)
 	NOT-FOR-US: Clicknet CMS
 CVE-2009-2324 (Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor ...)
-	- fckeditor 1:2.6.4.1-1 (medium; bug #536051)
+	- fckeditor 1:2.6.4.1-1 (low; bug #536051)
+	- moin 1.8.2-2
+	NOTE: moin from 1.8.2-2 uses systemwide copy of fckeditor
+	[lenny] - moin <unfixed> (unimportant)
+	NOTE: moin in lenny provides FCKeditor as example files (/usr/share/doc)
+	[etch] - moin <not-affected> (Vulnerable code not present)
+	NOTE: moin in etch doesn't provide FCKeditor sample files
+	TODO: check knowledgeroot, karrigell, gforge, egroupware, request-tracker3.8
 CVE-2009-2323 (The web interface on the Axesstel MV 410R redirects users back to the ...)
 	NOT-FOR-US: Axesstel MV 410R
 CVE-2009-2322 (Cross-site scripting (XSS) vulnerability in cgi-bin/sysconf.cgi on the ...)
@@ -269,6 +276,12 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2009/06/22/2
 CVE-2009-2265 (Multiple directory traversal vulnerabilities in FCKeditor before ...)
 	- fckeditor 1:2.6.4.1-1 (medium; bug #536051)
+	NOTE: http://dev.fckeditor.net/changeset/3815/FCKeditor/trunk/editor/filemanager
+	- moin 1.8.2-2
+	NOTE: moin from 1.8.2-2 uses systemwide copy of fckeditor
+	[lenny] - moin <unfixed> (unimportant)
+	NOTE: moin in lenny provides FCKeditor as example files (/usr/share/doc)
+	TODO: check knowledgeroot, karrigell, gforge, egroupware, request-tracker3.8, moin version in etch
 CVE-2009-2264
 	RESERVED
 CVE-2009-2263 (Directory traversal vulnerability in index.php in Awesome PHP Mega ...)