[Secure-testing-commits] r14107 - data/CVE
Raphael Geissert
geissert at alioth.debian.org
Tue Feb 16 00:24:29 UTC 2010
Author: geissert
Date: 2010-02-16 00:24:18 +0000 (Tue, 16 Feb 2010)
New Revision: 14107
Modified:
data/CVE/list
Log:
dillo issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-02-15 23:23:13 UTC (rev 14106)
+++ data/CVE/list 2010-02-16 00:24:18 UTC (rev 14107)
@@ -1,3 +1,7 @@
+CVE-2010-XXXX [dillo improper restriction of path in cookies]
+ - dillo <undetermined>
+ NOTE: http://hg.dillo.org/dillo/file/tip/ChangeLog
+ NOTE: it is not clear whether the issue affects pre-2.x versions
CVE-2010-XXXX [pidgin remote dos]
- pidgin <unfixed> (low; bug #562720)
TODO: check
@@ -8827,7 +8831,7 @@
- advi 1.6.0-15 (low; bug #550440)
CVE-2009-2294 (Integer overflow in the Png_datainfo_callback function in Dillo 2.1 ...)
- dillo <unfixed> (medium; bug #535788)
- NOTE: fixed in upstream version 2.2.1
+ NOTE: fixed in upstream version 2.1.1
CVE-2009-2293 (Optimum Web Design Tutorial Share 3.5.0 and earlier allows remote ...)
NOT-FOR-US: Optimum Web Design Tutorial Share
CVE-2009-2292 (Cross-site scripting (XSS) vulnerability in Appleple a-News 2.32 ...)
@@ -9692,9 +9696,7 @@
- chromium-browser <itp> (low; bug #520324)
- lynx 2.8.7rel.1-1 (unimportant; bug #532520)
NOTE: lynx doesn't have Javascript and form-data support
- - dillo <unfixed> (low; bug #532522)
- [lenny] - dillo <no-dsa> (Minor issue)
- [etch] - dillo <no-dsa> (Minor issue)
+ - dillo <not-affected> (bug #532522)
NOTE: These issues can be fixed in more recent upstream versions, but the risk
NOTE: of regression doesn't outweigh the issue at hand
CVE-2009-1961 (The inode double locking code in fs/ocfs2/file.c in the Linux kernel ...)
More information about the Secure-testing-commits
mailing list