[Secure-testing-commits] r12415 - data/CVE

Giuseppe Iuculano derevko-guest at alioth.debian.org
Sun Jul 26 14:58:49 UTC 2009 

Author: derevko-guest
Date: 2009-07-26 14:58:47 +0000 (Sun, 26 Jul 2009)
New Revision: 12415

Modified:
   data/CVE/list
Log:
fckeditor embedded copies checked

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-07-25 21:14:25 UTC (rev 12414)
+++ data/CVE/list	2009-07-26 14:58:47 UTC (rev 12415)
@@ -647,7 +647,15 @@
 	NOTE: moin from 1.8.2-2 uses systemwide copy of fckeditor
 	[lenny] - moin <no-dsa> (unimportant; provides FCKeditor as example files in /usr/share/doc, but not executable in general case)
 	[etch] - moin <not-affected> (doesn't provide FCKeditor sample files)
-	TODO: check knowledgeroot, karrigell, gforge, egroupware, request-tracker3.8
+	- knowledgeroot 0.9.8.5-3
+	NOTE: knowledgeroot from 0.9.8.5-3 uses systemwide copy of fckeditor
+	[etch] - knowledgeroot <not-affected> (doesn't provide FCKeditor sample files)
+	- karrigell <removed>
+	[etch] - karrigell <not-affected> (doesn't provide FCKeditor sample files)
+	- gforge 4.6.99+svn6225-1
+	[etch] - gforge <not-affected> (doesn't contain FCKeditor)
+	- egroupware <not-affected> (doesn't provide FCKeditor sample files)
+	- request-tracker3.8 <not-affected> (doesn't provide FCKeditor sample files)
 CVE-2009-2323 (The web interface on the Axesstel MV 410R redirects users back to the ...)
 	NOT-FOR-US: Axesstel MV 410R
 CVE-2009-2322 (Cross-site scripting (XSS) vulnerability in cgi-bin/sysconf.cgi on the ...)
@@ -837,8 +845,17 @@
 	- moin 1.8.2-2
 	NOTE: moin from 1.8.2-2 uses systemwide copy of fckeditor
 	[lenny] - moin <unfixed> (unimportant)
+	[etch] - moin <not-affected> (Vulnerable code not present)
 	NOTE: moin in lenny provides FCKeditor as example files (/usr/share/doc)
-	TODO: check knowledgeroot, karrigell, gforge, egroupware, request-tracker3.8, moin version in etch
+	- request-tracker3.8 <not-affected> (Vulnerable code not present)
+	- egroupware 1.6.002+dfsg-1 (medium)
+	NOTE: egroupware is orphaned
+	- gforge 4.6.99+svn6225-1
+	[etch] - gforge <not-affected> (doesn't contain FCKeditor)
+	- knowledgeroot 0.9.8.5-3 (medium; bug #538722)
+	- karrigell <removed>
+	[etch] - karrigell <not-affected> (Vulnerable code not present)
+	NOTE: knowledgeroot from 0.9.8.5-3 uses systemwide copy of fckeditor 
 CVE-2009-2264
 	RESERVED
 CVE-2009-2263 (Directory traversal vulnerability in index.php in Awesome PHP Mega ...)

More information about the Secure-testing-commits mailing list