[Secure-testing-commits] r12020 - in data: . CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Tue Jun 2 19:24:40 UTC 2009
Author: jmm-guest
Date: 2009-06-02 19:24:39 +0000 (Tue, 02 Jun 2009)
New Revision: 12020
Modified:
data/CVE/list
data/ospu-candidates.txt
data/spu-candidates.txt
Log:
- gnutls no-dsa
- mozilla non-issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-06-02 19:16:14 UTC (rev 12019)
+++ data/CVE/list 2009-06-02 19:24:39 UTC (rev 12020)
@@ -1100,8 +1100,10 @@
CVE-2009-1418 (Cross-site scripting (XSS) vulnerability in HP System Management ...)
NOT-FOR-US: HP System Management Homepage
CVE-2009-1417 (gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and ...)
- - gnutls26 2.6.6-1 (medium; bug #528281)
+ - gnutls26 2.6.6-1 (low; bug #528281)
+ [lenny] - gnutls26 <no-dsa> (Minor issue, explicitly labeled as a test program)
- gnutls13 <removed>
+ [etch] - gnutls13 <no-dsa> (Minor issue, explicitly labeled as a test program)
CVE-2009-1416 (lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates ...)
- gnutls26 2.6.6-1 (medium)
- gnutls13 <removed>
@@ -1943,9 +1945,9 @@
CVE-2008-6586 (Cross-site request forgery (CSRF) vulnerability in gui/index.php in ...)
NOT-FOR-US: ?Torrent (uTorrent) WebUI
CVE-2008-6585 (Cross-site request forgery (CSRF) vulnerability in html/admin.php in ...)
- - torrentflux <unfixed> (bug filed)
+ - torrentflux <unfixed> (bug #531614)
CVE-2008-6584 (html/index.php in TorrentFlux 2.3 allows remote authenticated users to ...)
- - torrentflux <unfixed> (bug filed)
+ - torrentflux <unfixed> (bug #531614)
CVE-2008-6583 (Buffer overflow in BS.player 2.27 build 959 allows remote attackers to ...)
NOT-FOR-US: BS.player
CVE-2009-1274 (Integer overflow in the qt_error parse_trak_atom function in ...)
@@ -9287,20 +9289,12 @@
CVE-2008-4725 (Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 ...)
NOT-FOR-US: Opera
CVE-2008-4724 (Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome ...)
- {CVE-2008-4723}
- webkit <unfixed> (low; bug #520052)
[lenny] - webkit <no-dsa> (Minor issue)
NOTE: webkit properly handles this issue with respect to extensions such as jpg and txt, but not in general; for example, the attack works for odp, xls, etc extensions (only tested with midori 0.1.4)
NOTE: not reproducible using iceweasel 3.0.1
CVE-2008-4723 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox ...)
- {CVE-2008-4724}
- - xulrunner <unfixed>
- - iceweasel <unfixed>
- NOTE: http://www.jorgan.users.cg.yu/ seems to be the original source
- NOTE: Not enough details to tell if this is a real vulnerability.
- NOTE: My guess is that file names containing <>& are incorrectly
- NOTE: handled in FTP mode. Since the server might directly serve
- NOTE: HTML files anyway, this seems a remote risk.
+ NOTE: Bogus ID, see https://bugzilla.redhat.com/show_bug?id=468397
CVE-2008-4722 (Unspecified vulnerability in Sun Integrated Lights-Out Manager (ILOM) ...)
NOT-FOR-US: Sun ILOM
CVE-2008-4721 (PHP Jabbers Post Comment 3.0 allows remote attackers to bypass ...)
Modified: data/ospu-candidates.txt
===================================================================
--- data/ospu-candidates.txt 2009-06-02 19:16:14 UTC (rev 12019)
+++ data/ospu-candidates.txt 2009-06-02 19:24:39 UTC (rev 12020)
@@ -259,6 +259,11 @@
--
+gnutls13 (CVE-2009-1417)
+#531614
+
+--
+
gpsdrive (CVE-2008-5704, CVE-2008-5703, CVE-2008-5380)
#496436, #508597, #508595
notified maintainer
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2009-06-02 19:16:14 UTC (rev 12019)
+++ data/spu-candidates.txt 2009-06-02 19:24:39 UTC (rev 12020)
@@ -39,6 +39,11 @@
--
+gnutls26 (CVE-2009-1417)
+#531614
+
+--
+
lcms (CVE-2009-0793)
notified maintainer through initial bugreport
More information about the Secure-testing-commits
mailing list