[Secure-testing-commits] r13405 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Sun Nov 29 20:46:19 UTC 2009
Author: gilbert-guest
Date: 2009-11-29 20:46:19 +0000 (Sun, 29 Nov 2009)
New Revision: 13405
Modified:
data/CVE/list
Log:
- bugs submitted for rails issues
- virtualbox issue was fixed upstream a few versions ago
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-11-29 20:46:10 UTC (rev 13404)
+++ data/CVE/list 2009-11-29 20:46:19 UTC (rev 13405)
@@ -1,10 +1,8 @@
CVE-2009-XXXX [rails insufficient escaping XSS]
- - rails <unfixed> (low)
- TODO: check
+ - rails <unfixed> (low; bug #558685)
NOTE: http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1
CVE-2008-XXXX [rails CSRF]
- - rails <unfixed>
- TODO: check
+ - rails <unfixed> (medium; bug #558685)
NOTE: http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1
CVE-2009-4073 (The printing functionality in Microsoft Internet Explorer 8 allows ...)
NOT-FOR-US: Microsoft Internet Explorer 8
@@ -1293,7 +1291,7 @@
CVE-2009-3568 (Comment RSS 5.x before 5.x-2.2 and 6.x before 6.x-2.2, a module for ...)
NOT-FOR-US: module for Drupal
CVE-2009-3692 (Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in ...)
- - virtualbox-ose <unfixed>
+ - virtualbox-ose 3.0.8-dfsg-1
[lenny] - virtualbox-ose <not-affected> (vulnerable code not present)
CVE-2009-3602 (Unbound before 1.3.4 does not properly verify signatures for NSEC3 ...)
- unbound 1.3.4-1 (low)
More information about the Secure-testing-commits
mailing list