[Secure-testing-commits] r12383 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Mon Jul 20 00:34:54 UTC 2009
Author: gilbert-guest
Date: 2009-07-20 00:34:53 +0000 (Mon, 20 Jul 2009)
New Revision: 12383
Modified:
data/CVE/list
Log:
new non-numbered issues for the past week
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-07-19 18:50:33 UTC (rev 12382)
+++ data/CVE/list 2009-07-20 00:34:53 UTC (rev 12383)
@@ -1,3 +1,15 @@
+CVE-2009-XXXX [incorrect validation of hostnames]
+ - libio-socket-ssl-perl 1.26-1 (medium; bug #537633)
+ NOTE: hostname validition is not implemented until 1.14, so etch
+ NOTE: is in a way is not affected, but in another sense, it is
+ NOTE: completely affected since no validation done at all
+CVE-2009-XXXX [mediawiki: multiple vulnerabilities]
+ - mediawiki <unfixed> (medium; bug #537634)
+ [etch] - mediawiki <not-affected> (vulnerably code introduced in 1.14.0)
+ [lenny] - mediawiki <not-affected> (vulnerably code introduced in 1.14.0)
+ NOTE: fixed in upstream 1.15.1
+CVE-2009-XXXX [htmldoc: buffer overflow]
+ - htmldoc <unfixed> (medium; bug #537637)
CVE-2009-XXXX [insecure tmp file vulnerability in slim]
- slim <unfixed> (unimportant; bug #537604)
NOTE: exploit scenario too constructed
@@ -2021,6 +2033,7 @@
TODO: work with upstream to determine affected/not-affected webkit versions
CVE-2009-1692 (WebKit in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod ...)
- webkit <unfixed> (medium; bug #535793)
+ NOTE: upstream (undisclosed) bug report is https://bugs.webkit.org/show_bug.cgi?id=23319
TODO: work with upstream to determine affected/not-affected webkit versions
CVE-2009-1691 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
- webkit <unfixed> (medium; bug #535793)
More information about the Secure-testing-commits
mailing list