[Secure-testing-commits] r12741 - data/CVE

Thu, 03 Sep 2009 10:10:23 -0700 

Author: nion
Date: 2009-09-03 17:10:12 +0000 (Thu, 03 Sep 2009)
New Revision: 12741

Modified:
   data/CVE/list
Log:
CVE-2009-3025 fixed in pidgin 2.6.1-1
CVE-2009-3024 fixed in libcompress-raw-zlib-perl 2.015-2
note on CVE-2009-3015, non-issue? someone who's into webappsec please check
CVE-2009-2195 fixed in webkit 1.1.12-1, qt4-x11 unfixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2009-09-02 21:14:15 UTC (rev 12740)
+++ data/CVE/list       2009-09-03 17:10:12 UTC (rev 12741)
@@ -67,9 +67,12 @@
 CVE-2009-3027
        RESERVED
 CVE-2009-3025 (Unspecified vulnerability in Pidgin 2.6.0 allows remote 
attackers to ...)
-       TODO: check
+       - pidgin 2.6.1-1 (low)
+       [lenny] - pidgin <not-affected> (Vulnerable code introduced in 2.6.0)
+       [etch] - pidgin <not-affected> (Vulnerable code introduced in 2.6.0)
 CVE-2009-3024 (The verify_hostname_of_cert function in the certificate 
checking ...)
-       TODO: check
+       TODO: next point release [lenny] - libcompress-raw-zlib-perl 
2.012-1lenny1
+       - libcompress-raw-zlib-perl 2.015-2 (bug #532738)
 CVE-2009-3023 (Buffer overflow in the FTP server in Microsoft Internet 
Information ...)
        NOT-FOR-US: Microsoft IIS
 CVE-2009-3022 (Cross-site request forgery (CSRF) vulnerability in bingo!CMS 
1.2 and ...)
@@ -88,6 +91,8 @@
        NOT-FOR-US: Apple Safari
 CVE-2009-3015 (QtWeb 3.0 Builds 001 and 003 does not properly block 
javascript: and ...)
        TODO: check
+       NOTE: I am not sure if this is even a security issue, sure that is 
javascript executed in
+       NOTE: the content of the browser but I'm not sure if anything 
_cross-site_ works as well
 CVE-2009-3014 (Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 
pre; ...)
        TODO: check
 CVE-2009-3013 (Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not 
properly ...)
@@ -2838,7 +2843,8 @@
 CVE-2009-2196 (Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows 
remote ...)
        NOT-FOR-US: Apple Safari
 CVE-2009-2195 (Buffer overflow in WebKit in Apple Safari before 4.0.3 allows 
remote ...)
-       TODO: check
+       - webkit 1.1.12-1 (medium)
+       - qt4-x11 <unfixed> (medium; bug #544903)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=517273
        NOTE: http://trac.webkit.org/changeset/45696
 CVE-2009-2194 (Apple Mac OS X 10.5 before 10.5.8 does not properly share file 
...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to