[Secure-testing-commits] r12786 - data/CVE

Kees Cook kees at alioth.debian.org
Thu Sep 10 22:31:47 UTC 2009 

Author: kees
Date: 2009-09-10 22:31:47 +0000 (Thu, 10 Sep 2009)
New Revision: 12786

Modified:
   data/CVE/list
Log:
unfixed: open-iscsi rhythmbox, fixed: freeradius pidgin

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-09-10 22:02:04 UTC (rev 12785)
+++ data/CVE/list	2009-09-10 22:31:47 UTC (rev 12786)
@@ -61,7 +61,7 @@
 CVE-2009-3112 (Unspecified vulnerability in OXID eShop Professional, Enterprise, and ...)
 	NOT-FOR-US: OXID eShop Professional
 CVE-2009-3111 (The rad_decode function in FreeRADIUS before 1.1.8 allows remote ...)
-	TODO: check
+	- freeradius 2.0.0-1 (low)
 CVE-2008-7202 (Multiple cross-site scripting (XSS) vulnerabilities in OpenWebMail ...)
 	NOT-FOR-US: OpenWebMail
 CVE-2008-7201 (Lantronix MSS485-T allows remote attackers to cause a denial of ...)
@@ -157,13 +157,13 @@
 CVE-2009-3086 (A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x ...)
 	- rails <unfixed> (low; bug #545063)
 CVE-2009-3085 (The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not ...)
-	TODO: check
+	- pidgin 2.6.2-1 (low)
 CVE-2009-3084 (The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c ...)
-	TODO: check
+	- pidgin 2.6.2-1 (low)
 CVE-2009-3083 (The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the ...)
-	TODO: check
+	- pidgin 2.6.2-1 (low)
 CVE-2008-7185 (GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of ...)
-	TODO: check
+	- rhythmbox <unfixed> (low)
 CVE-2008-7184 (Cross-site scripting (XSS) vulnerability in Diigo Toolbar and Diigolet ...)
 	NOT-FOR-US: Diigo Toolbar and Diigolet
 CVE-2008-7183 (PHP remote file inclusion vulnerability in eva/index.php in EVA CMS ...)
@@ -5708,7 +5708,7 @@
 CVE-2009-1298
 	RESERVED
 CVE-2009-1297
-	RESERVED
+	- open-iscsi <unfixed> (low)
 CVE-2009-1296 (The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on ...)
 	- ecryptfs-utils 75-2 (unimportant; bug #532372)
 	NOTE: this is a non-issue as the debian installer doesn't support per user

More information about the Secure-testing-commits mailing list