[Secure-testing-commits] r12090 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Tue Jun 9 19:44:34 UTC 2009
Author: gilbert-guest
Date: 2009-06-09 19:44:34 +0000 (Tue, 09 Jun 2009)
New Revision: 12090
Modified:
data/CVE/list
Log:
- web browser prng issue
- ruby issue is medium urgency
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-06-09 18:30:34 UTC (rev 12089)
+++ data/CVE/list 2009-06-09 19:44:34 UTC (rev 12090)
@@ -1,3 +1,14 @@
+CVE-2009-XXXX [predictable random number generator used in web browsers]
+ - webkit <unfixed> (low; bug #532514)
+ - xulrunner <unfixed> (low; bug #532516)
+ - iceweasel <unfixed> (low; bug #532517)
+ - epiphany-browser <unfixed> (low; bug #532518)
+ - kdebase <unfixed> (low; bug #532519)
+ - lynx <unfixed> (low; bug #532520)
+ - w3m <unfixed> (low; bug #532521)
+ - dillo <unfixed> (low; bug #532522)
+ - chromium-browser <itp> (low; bug #520324)
+ TODO: tracking fringe browsers (lynx, w3m, dillo), but need to check whether they are really affected or not
CVE-2009-1961 (The inode double locking code in fs/ocfs2/file.c in the Linux kernel ...)
TODO: check
CVE-2009-1959 (Off-by-one error in the event_wallops function in ...)
@@ -4625,7 +4636,7 @@
NOT-FOR-US: Simple PHP News
CVE-2009-0642 (ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check ...)
- ruby1.9 1.9.0.2-9.1 (bug #513528)
- - ruby1.8 1.8.7.72-3.1 (bug #517639; bug #522939)
+ - ruby1.8 1.8.7.72-3.1 (medium; bug #517639; bug #522939)
CVE-2009-0641 (sys_term.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions ...)
NOT-FOR-US: FreeBSD telnetd (apparently there's some common code base in netkit-telnet, but it's not affected
CVE-2009-0640 (Directory traversal vulnerability in the administrative web server in ...)
More information about the Secure-testing-commits
mailing list