Author: jmm-guest
Date: 2009-04-01 21:23:59 +0000 (Wed, 01 Apr 2009)
New Revision: 11530
Modified:
data/CVE/list
Log:
- checked another legacy Mozilla issue with upstream
- two screen issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-04-01 21:14:11 UTC (rev 11529)
+++ data/CVE/list 2009-04-01 21:23:59 UTC (rev 11530)
@@ -1,7 +1,7 @@
CVE-2009-1215 (Race condition in GNU screen 4.0.3 allows local users to create
or ...)
- TODO: check
+ - screen <unfixed> (bug #521123)
CVE-2009-1214 (GNU screen 4.0.3 creates the /tmp/screen-exchange temporary
file with ...)
- TODO: check
+ - screen <unfixed> (bug #521123)
CVE-2009-1213 (Cross-site request forgery (CSRF) vulnerability in
attachment.cgi in ...)
TODO: check
CVE-2009-1212 (Multiple insecure method vulnerabilities in PRECIS~2.DLL in the
...)
@@ -3524,10 +3524,7 @@
CVE-2009-0254 (Stack-based buffer overflow in easyHDR PRO 1.60.2 allows
user-assisted ...)
NOT-FOR-US: easyHDR PRO
CVE-2009-0253 (Mozilla Firefox 3.0.5 allows remote attackers to trick a user
into ...)
- - iceweasel <unfixed> (low; bug #513004)
- TODO: check if xulrunner etc are also affected by this
- NOTE: the attack basically works but the URL bar still shows the
correct location after
- NOTE: clicking the link, still there is the risk to miss this
+ NOTE: Mozilla #474967, upstream disputes this being a bug
CVE-2009-0252 (Multiple SQL injection vulnerabilities in default.asp in
Enthrallweb ...)
NOT-FOR-US: Enthrallweb eReservations
CVE-2009-0251 (Static code injection vulnerability in admin.php in Ryneezy
phoSheezy ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
