[Secure-testing-commits] r13913 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Mon Jan 25 03:01:25 UTC 2010
Author: gilbert-guest
Date: 2010-01-25 03:01:25 +0000 (Mon, 25 Jan 2010)
New Revision: 13913
Modified:
data/CVE/list
Log:
ruby issue is already in the tracker
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-01-25 02:58:08 UTC (rev 13912)
+++ data/CVE/list 2010-01-25 03:01:25 UTC (rev 13913)
@@ -22,10 +22,6 @@
- phpbb2 <removed>
NOTE: http://www.openwall.com/lists/oss-security/2010/01/16/2
TODO: check
-CVE-2010-XXXX [ruby: escape sequence injection]
- - ruby1.9.1 1.9.1.378-1 (medium; bug #564646)
- - ruby1.9 <unfixed> (medium; bug #564647)
- - ruby1.8 <unfixed> (medium; bug #564598)
CVE-2010-0379 (Multiple unspecified vuilnerabilities in the Macromedia Flash ActiveX ...)
TODO: check
CVE-2010-0378 (Use-after-free vulnerability in Adobe Flash Player 6.0.79, as ...)
@@ -950,8 +946,8 @@
NOT-FOR-US: Orion httpd
CVE-2009-4492 (WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through ...)
- ruby1.8 1.8.7.249-1 (unimportant; bug #564598)
- - ruby1.8 1.8.7.249-1 (unimportant; bug #564598)
- ruby1.9 <unfixed> (unimportant; bug #564647)
+ - ruby1.9.1 1.9.1.378-1 (medium; bug #564646)
NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487
NOTE: same as CVE-2009-4487
CVE-2009-4491 (thttpd 2.25b0 writes data to a log file without sanitizing ...)
More information about the Secure-testing-commits
mailing list