thr3ads.net - Secure testing commits - [Secure-testing-commits] r9856

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2008-Sep-20 21:14 UTC
[Secure-testing-commits] r9856 - data/CVE

Author: joeyh
Date: 2008-09-20 21:14:11 +0000 (Sat, 20 Sep 2008)
New Revision: 9856

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-09-20 13:21:38 UTC (rev 9855)
+++ data/CVE/list	2008-09-20 21:14:11 UTC (rev 9856)
@@ -200,6 +200,7 @@
 	- python-dns 2.3.1-5 (low; bug #490217)
 CVE-2008-4096 [phpmyadmin code execution PMASA-2008-7]
 	RESERVED
+	{DSA-1641-1}
 	- phpmyadmin 4:2.11.8.1-2 (medium)
 CVE-2008-XXXX [unsafe use of tempfile in ssmclient]
 	- smsclient <unfixed> (unimportant; bug #498901)
@@ -462,6 +463,7 @@
 CVE-2008-3904 (src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop ...)
 	- gpicview 0.1.9-2 (low; bug #498022)
 CVE-2008-3909 (The administration application in Django 0.91, 0.95, and 0.96
stores ...)
+	{DSA-1640-1}
 	- python-django 1.0-1
 	NOTE: http://www.djangoproject.com/weblog/2008/sep/02/security/
 CVE-2008-3910 (dns2tcp before 0.4.1 does not properly handle negative values in
a ...)
@@ -655,7 +657,7 @@
 	{DTSA-165-1}
 	- horde3 <unfixed>
 CVE-2008-3823 (Cross-site scripting (XSS) vulnerability in
MIME/MIME/Contents.php in ...)
-	{DTSA-165-1}
+	{DSA-1642-1 DTSA-165-1}
 	- horde3 <unfixed>
 CVE-2008-3822
 	RESERVED
@@ -1566,6 +1568,7 @@
 CVE-2008-3458 (Vtiger CRM before 5.0.4 stores sensitive information under the
web ...)
 	NOT-FOR-US: Vtiger CRM
 CVE-2008-3457 (Cross-site scripting (XSS) vulnerability in setup.php in
phpMyAdmin ...)
+	{DSA-1641-1}
 	- phpmyadmin 4:2.11.8~rc1-1 (unimportant)
 	NOTE: if an attacker can write arbitrary content to config/config.php you have
way more problems than this XSS
 CVE-2008-3455 (PHP remote file inclusion vulnerability in include/admin.php in
...)
@@ -1645,6 +1648,7 @@
 	- virtualbox-ose <not-affected> (affects only windows host systems)
 	NOTE: CORE-2008-0716
 CVE-2008-3456 (phpMyAdmin before 2.11.8 does not sufficiently prevent its pages
from ...)
+	{DSA-1641-1}
 	- phpmyadmin 4:2.11.8~rc1-1 (low)
 	NOTE: exploitation circumstances are rare or require other vulnerabilities to
be present already. may fix combined with another issue but doesn''t
warrant DSA on its own
 CVE-2008-3547 [openttd remote buffer overflow]
@@ -2166,6 +2170,7 @@
 	- phpbb3 3.0.2-1 (low)
 	- phpbb2 <not-affected> (Vulnerable code not present)
 CVE-2008-3197 (Cross-site request forgery (CSRF) vulnerability in phpMyAdmin
before ...)
+	{DSA-1641-1}
 	- phpmyadmin 4:2.11.7.1-1 (low)
 	NOTE: this only allows via csrf to create an empty database.
 	NOTE: this would take a lot of work to get it only to the
''annoying'' level, let alone a DoS
@@ -12193,6 +12198,7 @@
 CVE-2007-5713 (Off-by-one error in the GeoIP module in the AMX Mod X 1.76d
plugin for ...)
 	NOT-FOR-US: Half-Life Server
 CVE-2007-5712 (The internationalization (i18n) framework in Django 0.91, 0.95,
...)
+	{DSA-1640-1}
 	- python-django 0.96-1.1 (low; bug #448838)
 CVE-2007-5711 (Massive Entertainment World in Conflict 1.001 and earlier allows
...)
 	NOT-FOR-US: Conflict
Secure testing commits - Sep 2008 - r9856 - data/CVE

[Secure-testing-commits] r9856 - data/CVE
