Author: nion
Date: 2009-03-15 13:27:54 +0000 (Sun, 15 Mar 2009)
New Revision: 11403
Modified:
data/CVE/list
Log:
- NFU
- CVE-2009-0848 doesn't affect gtk2 in Debian
- CVE-2008-6428 fixed in kaya 0.4.2-1
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-03-14 21:14:14 UTC (rev 11402)
+++ data/CVE/list 2009-03-15 13:27:54 UTC (rev 11403)
@@ -47,7 +47,7 @@
CVE-2009-0849 (Stack-based buffer overflow in the DtbClsLogin function in
NovaStor ...)
NOT-FOR-US: NovaNET
CVE-2009-0848 (Untrusted search path vulnerability in GTK2 in OpenSUSE 11.0
and 11.1 ...)
- TODO: check
+ - gtk+2.0 <not-affected> (suse specific patch)
CVE-2009-0847
RESERVED
CVE-2009-0846
@@ -77,7 +77,7 @@
CVE-2008-6449 (Cross-site request forgery (CSRF) vulnerability in multiple
Century ...)
NOT-FOR-US: Century Systems routers
CVE-2008-6448 (Cross-site scripting (XSS) vulnerability in install.cgi in
SKYARC ...)
- TODO: check
+ NOT-FOR-US: SKYARC System MTCMS WYSIWYG Editor
CVE-2008-6447 (Buffer overflow in emmailstore.dll 6.5.0.3 in the QuikSoft
EasyMail ...)
NOT-FOR-US: QuikSoft EasyMail
CVE-2008-6446 (Static code injection vulnerability in the Guestbook component
in CMS ...)
@@ -115,8 +115,8 @@
CVE-2008-6429 (SQL injection vulnerability in the PrayerCenter
(com_prayercenter) ...)
NOT-FOR-US: Joomla
CVE-2008-6428 (The CGI framework in Kaya 0.4.0 allows remote attackers to
inject ...)
- TODO: check
- NOTE: asked maintainer about it
+ - kaya 0.4.2-1 (low)
+ NOTE: the fix checks with a regex for malicious characters in the HTTP
header, see CGI.k changes
CVE-2008-6427 (SQL injection vulnerability in index.php in Hivemaker
Professional ...)
NOT-FOR-US: Hivemaker Professional
CVE-2008-6425 (SQL injection vulnerability in news.php in ComicShout 2.8
allows ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
