[Secure-testing-commits] r11469 - data/CVE

Tue Mar 24 15:19:47 UTC 2009

Author: atomo64-guest
Date: 2009-03-24 15:19:46 +0000 (Tue, 24 Mar 2009)
New Revision: 11469

Modified:
   data/CVE/list
Log:
some horde issues already fixed; filed reports about proxy/Host issues


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2009-03-24 13:04:52 UTC (rev 11468)
+++ data/CVE/list	2009-03-24 15:19:46 UTC (rev 11469)
@@ -263,9 +263,11 @@
 CVE-2009-0933 (Cross-site scripting (XSS) vulnerability in the administrative ...)
 	NOT-FOR-US: Dotclear
 CVE-2009-0932 (Directory traversal vulnerability in framework/Image/Image.php in ...)
-	TODO: check
+	- horde3 3.2.2+debian0-2 (bug #513265)
+	[etch] - horde3 <unfixed> (bug #513265; medium)
 CVE-2009-0931 (Cross-site scripting (XSS) vulnerability in the tag cloud search ...)
-	TODO: check
+	- horde3 3.2.2+debian0-2 (bug #513265)
+	[etch] - horde3 <not-affected> (Vulnerable code not present)
 CVE-2009-0930 (Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP ...)
 	TODO: check
 CVE-2009-0929 (Directory traversal vulnerability in the media manager in Nucleus CMS ...)
@@ -698,16 +700,14 @@
 CVE-2009-0805 (Cross-site scripting (XSS) vulnerability in piCal 0.91h and earlier, a ...)
 	NOT-FOR-US: piCal
 CVE-2009-0804 (Ziproxy 2.6.0, when transparent interception mode is enabled, uses the ...)
-	- ziproxy <unfixed>
-	TODO: file bug
+	- ziproxy <unfixed> (low; bug #521051)
 CVE-2009-0803 (SmoothWall SmoothGuardian, as used in SmoothWall Firewall, ...)
 	NOT-FOR-US: SmoothWall
 CVE-2009-0802 (Qbik WinGate, when transparent interception mode is enabled, uses the ...)
 	NOT-FOR-US: Qbik WinGate
 CVE-2009-0801 (Squid, when transparent interception mode is enabled, uses the HTTP ...)
-	- squid <unfixed> (low)
-	- squid3 <unfixed> (low)
-	TODO: report bug
+	- squid <unfixed> (low; bug #521053)
+	- squid3 <unfixed> (low; bug #521052)
 CVE-2009-0800
 	RESERVED
 CVE-2009-0799


