[Secure-testing-commits] r12833 - data/CVE

Giuseppe Iuculano derevko-guest at alioth.debian.org
Thu Sep 17 07:21:45 UTC 2009 

Author: derevko-guest
Date: 2009-09-17 07:21:45 +0000 (Thu, 17 Sep 2009)
New Revision: 12833

Modified:
   data/CVE/list
Log:
- old elink issue got a CVE id
- bugzilla issues
- changetrack got a CVE id


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-09-17 05:59:09 UTC (rev 12832)
+++ data/CVE/list	2009-09-17 07:21:45 UTC (rev 12833)
@@ -34,14 +34,13 @@
 	NOT-FOR-US: Crazy Star plugin 2.0 for Discuz!
 CVE-2009-3184 (Multiple SQL injection vulnerabilities in index.php in Pirates of The ...)
 	NOT-FOR-US: Pirates of The Caribbean
-CVE-2008-XXXX [changetrack command injection]
+CVE-2009-3233 [changetrack command injection]
 	- changetrack <unfixed> (medium; bug #546791)
-	NOTE: CVE id requested
 CVE-2008-7228 (Multiple format string vulnerabilities in White_Dune before ...)
 	- whitedune <not-affected> (bug #546903)
 	NOTE: The debian binary versions are not compiled with the --with-aflockdebug option
 CVE-2008-7224 (Buffer overflow in entity_cache in ELinks before 0.11.4rc0 allows ...)
-	TODO: check
+	- elinks 0.11.3-1 (low; bug #380347)
 CVE-2009-3183 (Heap-based buffer overflow in w in Sun Solaris 8 through 10, and ...)
 	NOT-FOR-US: Sun Solaris
 CVE-2008-7239 (Multiple unspecified vulnerabilities in Oracle E-Business Suite ...)
@@ -79,9 +78,10 @@
 CVE-2008-7221 (Cross-site request forgery (CSRF) vulnerability in RunCMS 1.6.1 allows ...)
 	NOT-FOR-US: RunCMS
 CVE-2009-3166 (token.cgi in Bugzilla 3.4rc1 through 3.4.1 places a password in a URL ...)
-	TODO: check
+	- bugzilla <not-affected> (only 3.4.x is affected)
+	TODO: check when 3.4.x will be uploaded in unstable
 CVE-2009-3165 (SQL injection vulnerability in the Bug.create WebService function in ...)
-	TODO: check
+	- bugzilla <unfixed> (low; bug #547132)
 CVE-2008-7220 (Unspecified vulnerability in Prototype JavaScript framework ...)
 	- prototypejs 1.6.0.2-1
 CVE-2008-7219 (Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 ...)
@@ -257,7 +257,8 @@
 CVE-2009-3146 (Cross-site scripting (XSS) vulnerability in search_advance.php in ...)
 	NOT-FOR-US: ArticleFriend Script
 CVE-2009-3125 (SQL injection vulnerability in the Bug.search WebService function in ...)
-	TODO: check
+	- bugzilla <not-affected> (Only 3.3.x and 3.4.x are affected)
+	TODO: check when 3.3.x or 3.4.x will be uploaded in unstable
 CVE-2009-3124 (Directory traversal vulnerability in get_message.cgi in QuarkMail ...)
 	NOT-FOR-US: QuarkMail
 CVE-2009-3123 (Directory traversal vulnerability in gallery/gallery.php in Wap-Motor ...)

More information about the Secure-testing-commits mailing list