[Secure-testing-commits] r12732 - data/CVE
Nico Golde
nion at alioth.debian.org
Wed Sep 2 14:11:00 UTC 2009
Author: nion
Date: 2009-09-02 14:10:59 +0000 (Wed, 02 Sep 2009)
New Revision: 12732
Modified:
data/CVE/list
Log:
cveified ocsinventory-server and spip
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-09-02 02:13:18 UTC (rev 12731)
+++ data/CVE/list 2009-09-02 14:10:59 UTC (rev 12732)
@@ -968,11 +968,12 @@
NOT-FOR-US: DD-WRT
CVE-2008-6974 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
NOT-FOR-US: DD-WRT
-CVE-2009-XXXX [Sql injection in OCS Inventory NG Server]
+CVE-2009-3040 [Sql injection in OCS Inventory NG Server]
- ocsinventory-server 1.02.1-2 (low; bug #541995)
- NOTE: http://seclists.org/fulldisclosure/2009/Aug/0143.html
NOTE: Authentication is needed
- NOTE: cve id already requested on oss-sec
+CVE-2009-3042 [Sql injection in OCS Inventory NG Server]
+ - ocsinventory-server 1.02.1-2 (low; bug #541995)
+ NOTE: Authentication is needed
CVE-2009-2763
RESERVED
CVE-2009-XXXX [logrotate race condition could lead to file disclosure]
@@ -1257,10 +1258,8 @@
- mantis 1.1.8+dfsg-2 (medium; bug #425010)
[lenny] - mantis 1.1.6+dfsg-2lenny1
NOTE: cve id requested on oss-sec
-CVE-2009-XXXX [missing authorization check in spip installer]
+CVE-2009-3041 [missing authorization check in spip installer]
- spip 2.0.9-1 (medium)
- NOTE: CVE id requested
- NOTE: http://www.spip-contrib.net/SPIP-Security-Alert-new-version
CVE-2009-XXXX [rubygems: integrity violation]
- libgems-ruby <not-affected> (Debian's version installs gems packages to /var/lib/gems, bug #540610)
NOTE: so no opportunity to overwrite system files
More information about the Secure-testing-commits
mailing list