stef-guest at alioth.debian.org
2008-Sep-24 21:58 UTC
[Secure-testing-commits] r9878 - data/CVE
Author: stef-guest Date: 2008-09-24 21:58:56 +0000 (Wed, 24 Sep 2008) New Revision: 9878 Modified: data/CVE/list Log: new: phpbb2, php5 already fixed: gallery/gallery2 not affected: bind9, kolab-webadmin Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-09-23 23:11:54 UTC (rev 9877) +++ data/CVE/list 2008-09-24 21:58:56 UTC (rev 9878) @@ -47,11 +47,13 @@ CVE-2008-4166 (Integer overflow in the JavaScript engine in Avant Browser 11.7 Build ...) NOT-FOR-US: Avant Browser CVE-2008-4165 (admin/user/create_user.php in Kolab Groupware Server 1.0.0 places a ...) - TODO: check + NOT-FOR-US: Kolab Groupware Server 1.0.0 + NOTE: Debian has kolabd and kolab-webadmin, but neither has the file create_user.php. + NOTE: But we have only 0.4 (in etch) and 2.1 (in lenny+sid), maybe 1.0 is different. CVE-2008-4164 (cron.php in MemHT Portal 3.9.0 and earlier allows remote attackers to ...) NOT-FOR-US: MemHT Portal CVE-2008-4163 (Unspecified vulnerability in ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, and ...) - TODO: check + - bind9 <not-affected> (windows specific issue) CVE-2008-4162 (Open redirect vulnerability in admin/auth.php in NooMS 1.1 allows ...) NOT-FOR-US: NooMS CVE-2008-4161 (SQL injection vulnerability in search_inv.php in Assetman 2.5b allows ...) @@ -117,9 +119,10 @@ CVE-2008-4131 (Multiple unspecified vulnerabilities in Sun Solaris 8 through 10 allow ...) TODO: check CVE-2008-4130 (Cross-site scripting (XSS) vulnerability in Gallery 2.x before 2.2.6 ...) - TODO: check + - gallery2 2.2.6-1 CVE-2008-4129 (Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ...) - TODO: check + - gallery 1.5.9-1 (medium) + - gallery2 2.2.6-1 (medium) CVE-2008-4128 (Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP ...) NOT-FOR-US: Cisco CVE-2008-4127 (Mshtml.dll in Microsoft Internet Explorer 7 Gold 7.0.5730 and 8 Beta ...) @@ -127,7 +130,8 @@ CVE-2008-4126 (PyDNS (aka python-dns) before 2.3.1-5 in Debian GNU/Linux does not use ...) - python-dns 2.3.1-5 (bug #490217) CVE-2008-4125 (The search function in phpBB 2.x provides a search_id value that leaks ...) - TODO: check + - phpbb2 <unfixed> (bug #500086) + TODO: check phpbb3 CVE-2008-4124 RESERVED CVE-2008-4123 @@ -172,17 +176,17 @@ CVE-2008-4110 (Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in ...) NOT-FOR-US: Microsoft CVE-2008-4107 (The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce ...) - TODO: check + - php5 <unfixed> (bug filed) CVE-2008-4106 (WordPress before 2.6.2 does not properly handle MySQL warnings about ...) TODO: check CVE-2008-4105 (JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that ...) - TODO: check + - joomla <itp> (bug #326398) CVE-2008-4104 (Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 ...) - TODO: check + - joomla <itp> (bug #326398) CVE-2008-4103 (The mailto (aka com_mailto) component in Joomla! 1.5 before 1.5.7 ...) - TODO: check + - joomla <itp> (bug #326398) CVE-2008-4102 (Joomla! 1.5 before 1.5.7 initializes PHP''s PRNG with a weak seed, ...) - TODO: check + - joomla <itp> (bug #326398) CVE-2008-4101 (Vim 3.0 through 7.x before 7.2.010 does not properly escape ...) TODO: check CVE-2008-4098 (MySQL before 5.0.67 allows local users to bypass certain privilege ...) @@ -1267,7 +1271,8 @@ RESERVED - squirrelmail <unfixed> (bug #499942) CVE-2008-3662 (Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure ...) - TODO: check + - gallery 1.5.9-1 + - gallery2 2.2.6-1 CVE-2008-3661 (Drupal, probably 5.10 and 6.4, does not set the secure flag for the ...) TODO: check CVE-2008-3660 (PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6, when used as a ...)