thr3ads.net - Secure testing commits - [Secure-testing-commits] r9052

If this information is useful, please help other people find it:
Share via:
nion at alioth.debian.org
2008-Jun-12 13:12 UTC
[Secure-testing-commits] r9052 - data/CVE

Author: nion
Date: 2008-06-12 13:12:08 +0000 (Thu, 12 Jun 2008)
New Revision: 9052

Modified:
   data/CVE/list
Log:
NFUs
CVE-2008-2358 fixed in linux-2.6 2.6.25-4


Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-06-12 11:00:44 UTC (rev 9051)
+++ data/CVE/list	2008-06-12 13:12:08 UTC (rev 9052)
@@ -218,35 +218,35 @@
 CVE-2008-2576
 	RESERVED
 CVE-2008-2574 (Unrestricted file upload vulnerability in
admin/Editor/imgupload.php ...)
-	TODO: check
+	NOT-FOR-US: FlashBlog
 CVE-2008-2573 (Stack-based buffer overflow in SFTP in freeSSHd 1.2.1 allows
remote ...)
-	TODO: check
+	NOT-FOR-US: freeSSHd
 CVE-2008-2572 (SQL injection vulnerability in php/leer_comentarios.php in
FlashBlog ...)
-	TODO: check
+	NOT-FOR-US: FlashBlog
 CVE-2008-2571 (Cross-site request forgery (CSRF) vulnerability in LimeSurvey
...)
-	TODO: check
+	NOT-FOR-US: LimeSurvey
 CVE-2008-2570 (Multiple unspecified vulnerabilities in LimeSurvey (formerly
...)
-	TODO: check
+	NOT-FOR-US: LimeSurvey
 CVE-2008-2569 (SQL injection vulnerability in the EasyBook (com_easybook)
component ...)
-	TODO: check
+	NOT-FOR-US: com_easybook component for Joomla!
 CVE-2008-2568 (SQL injection vulnerability in the Simple Shop Galore
(com_simpleshop) ...)
-	TODO: check
+	NOT-FOR-US: com_simpleshop component for Joomla!
 CVE-2008-2567 (Cross-site scripting (XSS) vulnerability in Fenriru Sleipnir
2.7.1 ...)
-	TODO: check
+	NOT-FOR-US: Fenriru Sleipnir
 CVE-2008-2566 (Multiple cross-site scripting (XSS) vulnerabilities in PHP
Address ...)
-	TODO: check
+	NOT-FOR-US: PHP Address Book
 CVE-2008-2565 (Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5
and ...)
-	TODO: check
+	NOT-FOR-US: PHP Address Book
 CVE-2008-2564 (SQL injection vulnerability in the JotLoader (com_jotloader)
component ...)
-	TODO: check
+	NOT-FOR-US: com_jotloader component for Joomla!
 CVE-2008-2563 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
-	TODO: check
+	NOT-FOR-US: SamTodo
 CVE-2008-2562 (SQL injection vulnerability in edCss.php in PowerPhlogger 2.2.5
and ...)
-	TODO: check
+	NOT-FOR-US: PowerPhlogger
 CVE-2008-2561 (Multiple cross-site scripting (XSS) vulnerabilities in 427BB
2.3.1 ...)
-	TODO: check
+	NOT-FOR-US: 427BB
 CVE-2008-2560 (SQL injection vulnerability in showpost.php in 427BB 2.3.1
allows ...)
-	TODO: check
+	NOT-FOR-US: 427BB
 CVE-2008-2654 [off-by-one in webhttpd.c]
 	RESERVED
 	- motion 3.2.9-3 (low; bug #484572)
@@ -286,7 +286,7 @@
 CVE-2008-2546
 	REJECTED
 CVE-2008-2545 (Skype 3.6.0.248, and other versions before 3.8.0.139, uses a
...)
-	TODO: check
+	NOT-FOR-US: Skype
 CVE-2008-2544
 	RESERVED
 CVE-2008-2543 (The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9
and ...)
@@ -608,9 +608,9 @@
 CVE-2008-2390 (Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe
(1) ...)
 	NOT-FOR-US: HP Software Update
 CVE-2008-2389 (opensuse-updater in openSUSE 10.2 allows local users to access
...)
-	TODO: check
+	NOT-FOR-US: opensuse-updater
 CVE-2008-2388 (Multiple off-by-one errors in opensuse-updater in openSUSE 10.2
have ...)
-	TODO: check
+	NOT-FOR-US: opensuse-updater
 CVE-2008-2387
 	RESERVED
 CVE-2008-2386
@@ -681,7 +681,8 @@
 	NOT-FOR-US: system-config-network Fedora
 CVE-2008-2358 (The Datagram Congestion Control Protocol (DCCP) subsystem in the
Linux ...)
 	{DSA-1592-1}
-	TODO: check
+	- linux-2.6 2.6.25-4
+	NOTE: this version casts sizeof to int. This is a module, not a compiled in
feature in Debian
 CVE-2008-2357 (Stack-based buffer overflow in the split_redraw function in
split.c in ...)
 	{DSA-1587-1}
 	- mtr 0.73-1
Secure testing commits - Jun 2008 - r9052 - data/CVE

[Secure-testing-commits] r9052 - data/CVE
