[Secure-testing-commits] r12176 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Sun Jun 21 19:39:21 UTC 2009 

Author: jmm-guest
Date: 2009-06-21 19:39:20 +0000 (Sun, 21 Jun 2009)
New Revision: 12176

Modified:
   data/CVE/list
Log:
- new rt issue
- xulrunner non-issue, need more information on the other
- lynx not affected by minor browser privacy leak
- dokuwiki fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-06-21 19:31:07 UTC (rev 12175)
+++ data/CVE/list	2009-06-21 19:39:20 UTC (rev 12176)
@@ -47,6 +47,8 @@
 	TODO: determine if any of the other webservers are affected
 CVE-2009-2107 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
 	NOT-FOR-US: Webmedia Explorer
+CVE-2009-XXXX [ShowConfigTab unintentionally grants rights intended for SuperUsers]
+	- request-tracker3.6 3.6.8-1 (low; bug #532990)
 CVE-2009-2106 (SQL injection vulnerability in the Virtual Civil Services (civserv) ...)
 	NOT-FOR-US: Virtual Civil Services extension for TYPO3
 CVE-2009-2105 (SQL injection vulnerability in the References database (t3references) ...)
@@ -181,11 +183,11 @@
 CVE-2009-2045
 	RESERVED
 CVE-2009-2044 (Mozilla Firefox 3.0.10 and earlier on Linux allows remote attackers to ...)
-	- xulrunner <unfixed> (low)
-	TODO: check when MFSA is issued
+	- xulrunner <unfixed> (unknown)
+	TODO: check on the details once the Mozilla bug has been made public
 CVE-2009-2043 (nsViewManager.cpp in Mozilla Firefox 3.0.2 through 3.0.10 allows ...)
-	TODO: check when MFSA is issued
-	- xulrunner <unfixed> (low)
+	- xulrunner <unfixed> (unimportant)
+	NOTE: Browser crashes not treated as security issues
 CVE-2009-2042 (libpng before 1.2.37 does not properly parse 1-bit interlaced images ...)
 	- libpng 1.2.37-1 (low; bug #533676)
 CVE-2009-2041 (Cross-site scripting (XSS) vulnerability in A51 D.O.O. activeCollab ...)
@@ -375,11 +377,11 @@
 	- xulrunner <unfixed> (low; bug #532516)	
 	- iceweasel <unfixed> (low; bug #532517)
 	- kdebase <unfixed> (low; bug #532519)
-	- lynx <unfixed> (low; bug #532520)
 	- w3m <unfixed> (low; bug #532521)
 	- dillo <unfixed> (low; bug #532522)
 	- chromium-browser <itp> (low; bug #520324)
-	TODO: tracking fringe browsers (lynx, w3m, dillo), but need to check whether they are really affected or not
+	NOTE: lynx not affected, doesn't support Javascript and multipart/form-data
+	NOTE: tracking fringe browsers (w3m, dillo), but need to check whether they are really affected or not
 CVE-2009-1961 (The inode double locking code in fs/ocfs2/file.c in the Linux kernel ...)
 	- linux-2.6 <unfixed> (low)
 	[etch] - linux-2.6 <not-affected> (Affected code was introduced in 2.6.19)
@@ -532,7 +534,7 @@
 CVE-2008-6820 (The db2fmp process in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 ...)
 	NOT-FOR-US: IBM DB2
 CVE-2009-1960 (inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, ...)
-	- dokuwiki <unfixed> (unimportant)
+	- dokuwiki 0.0.20090214b-1 (unimportant)
 	NOTE: we don't support setups with register_globals enabled
 CVE-2009-1897
 	RESERVED

More information about the Secure-testing-commits mailing list