thijs at alioth.debian.org
2008-Aug-21 07:22 UTC
[Secure-testing-commits] r9615 - data/CVE
Author: thijs Date: 2008-08-21 07:22:50 +0000 (Thu, 21 Aug 2008) New Revision: 9615 Modified: data/CVE/list Log: update horde issues: CVE-2008-3650: is not in horde3, and the turba2 versions are not affected CVE-2008-3330: package is named ''turba2'', not ''turba'' CVE-2008-2783: no-one has yet reproduced this issue, marked as non-issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-08-20 21:14:09 UTC (rev 9614) +++ data/CVE/list 2008-08-21 07:22:50 UTC (rev 9615) @@ -63,7 +63,11 @@ - ipsec-tools 1:0.7.1-1 (low) CVE-2008-3650 (Multiple unspecified vulnerabilities in Horde Groupware Webmail before ...) - horde3 3.2.1+debian0-1 (low; bug #495332) - NOTE: this should be a dup of CVE-2008-3330, maybe it''ll get a CVE id split + - turba2 2.2.1-1 + [etch] - turba2 <not-affected> (Vulnerable code not present) + NOTE: this is actually two issues: + NOTE: - one a dup of CVE-2008-3330 in horde3 + NOTE: - another an issue in turba2 CVE-2008-3649 (SQL injection vulnerability in categorydetail.php in Article Friendly ...) NOT-FOR-US: Article Friendly Standard CVE-2008-3648 (nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote ...) @@ -1016,8 +1020,8 @@ NOT-FOR-US: zypper CVE-2008-3330 (Cross-site scripting (XSS) vulnerability in ...) - horde3 3.2.1+debian0-1 (low; bug #492578) - - turba 2.2.1-1 (low) - [etch] - turba <not-affected> (only version 2.2 contains vulnerable code, etch has 2.1) + - turba2 2.2.1-1 (low) + [etch] - turba2 <not-affected> (only version 2.2 contains vulnerable code, etch has 2.1) CVE-2008-3325 (Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before ...) - moodle 1.8.1-1 (low) NOTE: http://moodle.org/mod/forum/discuss.php?d=101405 @@ -2037,10 +2041,8 @@ CVE-2008-2784 (The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT ...) NOT-FOR-US: spamdyke CVE-2008-2783 (Multiple cross-site scripting (XSS) vulnerabilities in Horde ...) - - kronolith2 <unfixed> - - horde3 <unfixed> - NOTE: marked as unfixed for now - NOTE: poked maintainer, for details + - kronolith2 <not-affected> (unimportant; Nonreproducable ''issue'') + - horde3 <not-affected> (unimportant; Nonreproducable ''issue'') NOTE: not reproducible, redhat also seems to have problems reproducing this https://bugzilla.redhat.com/show_bug.cgi?id=452209 CVE-2008-2782 (Multiple directory traversal vulnerabilities in OtomiGenX 2.2 allow ...) NOT-FOR-US: OtomiGenX