[Secure-testing-commits] r12741 - data/CVE

Nico Golde nion at alioth.debian.org
Thu Sep 3 17:10:12 UTC 2009 

Author: nion
Date: 2009-09-03 17:10:12 +0000 (Thu, 03 Sep 2009)
New Revision: 12741

Modified:
   data/CVE/list
Log:
CVE-2009-3025 fixed in pidgin 2.6.1-1
CVE-2009-3024 fixed in libcompress-raw-zlib-perl 2.015-2
note on CVE-2009-3015, non-issue? someone who's into webappsec please check
CVE-2009-2195 fixed in webkit 1.1.12-1, qt4-x11 unfixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-09-02 21:14:15 UTC (rev 12740)
+++ data/CVE/list	2009-09-03 17:10:12 UTC (rev 12741)
@@ -67,9 +67,12 @@
 CVE-2009-3027
 	RESERVED
 CVE-2009-3025 (Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to ...)
-	TODO: check
+	- pidgin 2.6.1-1 (low)
+	[lenny] - pidgin <not-affected> (Vulnerable code introduced in 2.6.0)
+	[etch] - pidgin <not-affected> (Vulnerable code introduced in 2.6.0)
 CVE-2009-3024 (The verify_hostname_of_cert function in the certificate checking ...)
-	TODO: check
+	TODO: next point release [lenny] - libcompress-raw-zlib-perl 2.012-1lenny1
+	- libcompress-raw-zlib-perl 2.015-2 (bug #532738)
 CVE-2009-3023 (Buffer overflow in the FTP server in Microsoft Internet Information ...)
 	NOT-FOR-US: Microsoft IIS
 CVE-2009-3022 (Cross-site request forgery (CSRF) vulnerability in bingo!CMS 1.2 and ...)
@@ -88,6 +91,8 @@
 	NOT-FOR-US: Apple Safari
 CVE-2009-3015 (QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and ...)
 	TODO: check
+	NOTE: I am not sure if this is even a security issue, sure that is javascript executed in
+	NOTE: the content of the browser but I'm not sure if anything _cross-site_ works as well
 CVE-2009-3014 (Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; ...)
 	TODO: check
 CVE-2009-3013 (Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly ...)
@@ -2838,7 +2843,8 @@
 CVE-2009-2196 (Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote ...)
 	NOT-FOR-US: Apple Safari
 CVE-2009-2195 (Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote ...)
-	TODO: check
+	- webkit 1.1.12-1 (medium)
+	- qt4-x11 <unfixed> (medium; bug #544903)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=517273
 	NOTE: http://trac.webkit.org/changeset/45696
 CVE-2009-2194 (Apple Mac OS X 10.5 before 10.5.8 does not properly share file ...)

More information about the Secure-testing-commits mailing list