white at alioth.debian.org
2008-Sep-29 10:58 UTC
[Secure-testing-commits] r9898 - data/CVE
Author: white Date: 2008-09-29 10:58:07 +0000 (Mon, 29 Sep 2008) New Revision: 9898 Modified: data/CVE/list Log: Add ftpd issue; Add imp4 to CVE id and report bug and patches to BTS Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-09-29 09:53:47 UTC (rev 9897) +++ data/CVE/list 2008-09-29 10:58:07 UTC (rev 9898) @@ -1,3 +1,7 @@ +CVE-2008-XXXX [Cross-site request forgery] + - ftpd-ssl <unfixed> (bug #500518) + - ftpd <unfixed> (bug #500278) + NOTE: CVE id requested CVE-2008-XXXX [possible script injection via /etc/wordpress/wp-config.php] - wordpress <unfixed> (bug #500295; unimportant) NOTE: bigger problems, if attacker has access to /etch/wordpress/* @@ -30,7 +34,8 @@ CVE-2008-4183 (IntegraMOD 1.4.x stores sensitive information under the web root with ...) NOT-FOR-US: IntegraMOD CVE-2008-4182 (Cross-site scripting (XSS) vulnerability in imp/test.php in Horde ...) - - turba2 <unfixed> (bug #500114) + - turba2 <unfixed> (bug #500114; low) + - imp4 <unfixed> (bug #500553; low) CVE-2008-4181 (Directory traversal vulnerability in includes/xml.php in the Netenberg ...) NOT-FOR-US: Netenberg Fantastico De Luxe module for cPanel CVE-2008-4180 (Unspecified vulnerability in db.php in NooMS 1.1 allows remote ...)