[Secure-testing-commits] r12234 - data/CVE

[Giuseppe Iuculano]

Author: derevko-guest
Date: 2009-06-30 15:48:44 +0000 (Tue, 30 Jun 2009)
New Revision: 12234

Modified:
   data/CVE/list
Log:
- CVE-2009-2210: icedove, iceape and kompozer are affected
- CVE-2008-6838, CVE-2008-6837: new zoph issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-06-30 13:10:40 UTC (rev 12233)
+++ data/CVE/list	2009-06-30 15:48:44 UTC (rev 12234)
@@ -39,13 +39,19 @@
 CVE-2009-2234 (Multiple SQL injection vulnerabilities in admin.php in VICIDIAL Call ...)
 	NOT-FOR-US: VICIDIAL Call Center Suite
 CVE-2009-2210 (Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow ...)
-	TODO: check
+	- icedove <unfixed>
+	- iceape <unfixed>
+	- kompozer <unfixed>
+	TODO: check on the details once the Mozilla bug has been made public
+	NOTE: http://www.mozilla.org/security/announce/2009/mfsa2009-33.html
+	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=495057
 CVE-2008-6839 (Multiple cross-site scripting (XSS) vulnerabilities in TGS Content ...)
 	NOT-FOR-US: TGS Content Management
 CVE-2008-6838 (Cross-site scripting (XSS) vulnerability in search.php in Zoph 0.7.2.1 ...)
-	TODO: check
+	- zoph <unfixed> (low; bug #535188)
 CVE-2008-6837 (SQL injection vulnerability in Zoph 0.7.2.1 allows remote attackers to ...)
-	TODO: check
+	- zoph <unfixed> (bug #535188)
+	NOTE: the details are unknown
 CVE-2008-6836 (Cross-site request forgery (CSRF) vulnerability in OpenID 5.x before ...)
 	TODO: check
 CVE-2008-6835 (Cross-site scripting (XSS) vulnerability in OpenID 5.x before 5.x-1.2, ...)