[Secure-testing-commits] r11298 - data/CVE

Sun, 01 Mar 2009 09:36:15 -0800 

Author: fw
Date: 2009-03-01 17:36:09 +0000 (Sun, 01 Mar 2009)
New Revision: 11298

Modified:
   data/CVE/list
Log:
NFUs
CVE-2009-0737: mediawiki CVE assigned
CVE-2009-0676: linux-2.6 et al.


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2009-03-01 17:03:19 UTC (rev 11297)
+++ data/CVE/list       2009-03-01 17:36:09 UTC (rev 11298)
@@ -15,9 +15,7 @@
 CVE-2009-0739 (SQL injection vulnerability in login.php in MyNews 0.10 allows 
remote ...)
        NOT-FOR-US: MyNews
 CVE-2009-0738 (SQL injection vulnerability in login.php in Auth Php 1.0 allows 
remote ...)
-       TODO: check
-CVE-2009-0737 (Multiple cross-site scripting (XSS) vulnerabilities in the 
web-based ...)
-       TODO: check
+       NOT-FOR-US: Auth Php
 CVE-2009-0736 (Cross-site scripting (XSS) vulnerability in Pebble before 2.3.2 
allows ...)
        NOT-FOR-US: Pebble
 CVE-2009-0735 (Directory traversal vulnerability in 
lib/classes/message_class.php in ...)
@@ -139,7 +137,12 @@
 CVE-2009-0677 (avatarlist.php in the Your Account module, reached through ...)
        NOT-FOR-US: RavenNuke
 CVE-2009-0676 (The sock_getsockopt function in net/core/sock.c in the Linux 
kernel ...)
-       TODO: check
+       - linux-2.6 <unfixed> (low)
+       - linux-2.6.24 <unfixed> (low)
+       NOTE: Original fix was incomplete/risky, see:
+       NOTE: <http://marc.info/?l=linux-kernel&m=123540732700371&w=2>
+       NOTE: Reproducer in <https://bugzilla.redhat.com/show_bug.cgi?id=486305>
+       NOTE: lacks initialzer for len.  Leak confirmed with fixed reproducer.
 CVE-2009-0675 (The skfp_ioctl function in drivers/net/skfp/skfddi.c in the 
Linux ...)
        TODO: check
 CVE-2009-0674 (images/captcha.php in Raven Web Services RavenNuke 2.30, when 
...)
@@ -833,10 +836,9 @@
 CVE-2009-XXXX [konqueror: potential exploits via application launchers]
        - kdebase <unfixed> (low; bug #515106)
        NOTE: need to submit a request for CVE id
-CVE-2009-XXXX [mediawiki XSS in installer scripts]
+CVE-2009-0737 (Multiple cross-site scripting (XSS) vulnerabilities in the 
web-based ...)
        - mediawiki <unfixed> (low; bug #514547)
        [lenny] - mediawiki 1:1.12.0-2lenny3
-       NOTE: CVE id was requested on oss-sec
 CVE-2009-0524
        RESERVED
 CVE-2009-0523


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to