Secure testing commits - Oct 2008 - r9996 - data/CVE

Author: joeyh
Date: 2008-10-04 21:14:16 +0000 (Sat, 04 Oct 2008)
New Revision: 9996

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-10-04 21:03:59 UTC (rev 9995)
+++ data/CVE/list	2008-10-04 21:14:16 UTC (rev 9996)
@@ -295,7 +295,7 @@
 CVE-2008-4297 (Mercurial before 1.0.2 does not enforce the allowpull permission
...)
 	- mercurial 1.0.1-5.1 (low; bug #500781)
 	NOTE: the package doesnt install this script by default but ships it with the
examples
-        [etch] - mercurial <no-dsa> (Only shipped in examples)
+	[etch] - mercurial <no-dsa> (Only shipped in examples)
 CVE-2008-4296 (The Cisco Linksys WRT350N with firmware 1.0.3.7 has
&quot;admin&quot; as its ...)
 	NOT-FOR-US: Cisco Linksys WRT350N
 CVE-2008-4295 (Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125
devices ...)
@@ -711,7 +711,7 @@
 	NOT-FOR-US: Microsoft Windows
 CVE-2008-4113 (The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in
the ...)
 	- linux-2.6 2.6.26-5
-        [etch] - linux-2.6 <not-affected> (Vulnerable code not present)
+	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
 	[etch] - linux-2.6.24 <unfixed>
 CVE-2008-4112
 	REJECTED
@@ -775,11 +775,11 @@
 	- movabletype-opensource 4.2~rc5-1 (low; bug #499252)
 CVE-2008-4078 (SQL injection vulnerability in the AR/AP transaction report in
(1) ...)
 	- sql-ledger <unfixed> (unimportant)
-        NOTE: Only supported behind an authenticated HTTP zone
-        TODO: File bug
+	NOTE: Only supported behind an authenticated HTTP zone
+	TODO: File bug
 CVE-2008-4077 (The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2)
...)
 	- sql-ledger <unfixed> (unimportant)
-        NOTE: Only supported behind an authenticated HTTP zone
+	NOTE: Only supported behind an authenticated HTTP zone
 CVE-2008-4076 (Cross-site scripting (XSS) vulnerability in (1) Tor World Tor
Board ...)
 	NOT-FOR-US: Tor World Software
 CVE-2008-4075 (Directory traversal vulnerability in index.php in D-iscussion
Board ...)
@@ -1131,7 +1131,7 @@
 	NOT-FOR-US: Ovidentia
 CVE-2008-3916 (Heap-based buffer overflow in the strip_escapes function in
signal.c ...)
 	- ed 0.7-2 (low)
-        [etch] - ed <no-dsa> (Minor issue)
+	[etch] - ed <no-dsa> (Minor issue)
 CVE-2008-3915 (Buffer overflow in nfsd in the Linux kernel before 2.6.26.4,
when ...)
 	{DSA-1636-1}
 	- linux-2.6 2.6.26-5
@@ -1561,7 +1561,7 @@
 	[etch] - lmbench <no-dsa> (Non-free not supported)
 CVE-2008-XXXX [newsgate: insecure temp files]
 	- newsgate <removed> (low; bug #496437)
-        [etch] - newsgate <no-dsa> (Non-free not supported)
+	[etch] - newsgate <no-dsa> (Non-free not supported)
 CVE-2008-XXXX [myspell: insecure temp files]
 	- myspell 1:3.0+pre3.1-21 (low; bug #496392)
 	[etch] - myspell <no-dsa> (Minor issue)
@@ -1574,7 +1574,7 @@
 	[etch] - samba <not-affected> (Only affects Samba 3.2.x)
 CVE-2008-XXXX [insecure temp file in nvi]
 	- nvi 1.81.6-4 (low; bug #496462)
-        [etch] - nvi <no-dsa> (Minor issue, only exploitable in postinst)
+	[etch] - nvi <no-dsa> (Minor issue, only exploitable in postinst)
 CVE-2008-XXXX [rkhunter: insecure temp file]
 	- rkhunter 1.3.2-6 (low; bug #496375)
 	[etch] - rkhunter <no-dsa> (Minor issue, only in debug mode)
@@ -2154,7 +2154,7 @@
 CVE-2008-3535 (Off-by-one error in the iov_iter_advance function in
mm/filemap.c in ...)
 	{DSA-1636-1}
 	- linux-2.6 2.6.26-2
-        [etch] - linux-2.6 <not-affected> (Vulnerable code not present)
+	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
 	- linux-2.6.24 2.6.24-6~etchnhalf.5
 	NOTE: 94ad374a0751f40d25e22e036c37f7263569d24c
 	NOTE: Fixed in 2.6.25.14 and 2.6.26.1
@@ -2162,7 +2162,7 @@
 	{DSA-1636-1}
 	- linux-2.6.24 2.6.24-6~etchnhalf.5
 	- linux-2.6 2.6.26-2
-        [etch] - linux-2.6 <not-affected> (Vulnerable code not present)
+	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
 	NOTE: 14fcc23fdc78e9d32372553ccf21758a9bd56fa1
 	NOTE: Fixed in 2.6.25.14 and 2.6.26.1
 CVE-2008-3533 (Format string vulnerability in the window_error function in ...)
@@ -2616,7 +2616,7 @@
 	- mantis 1.1.2+dfsg-2
 CVE-2008-3329 (Unspecified vulnerability in Links before 2.1, when
&quot;only proxies&quot; is ...)
 	- links2 2.1pre37-1.1 (low; bug #492744)
-        [etch] - links2 <no-dsa> (Minor information leak)
+	[etch] - links2 <no-dsa> (Minor information leak)
 CVE-2008-3328 (Cross-site scripting (XSS) vulnerability in the wiki engine in
Trac ...)
 	- trac 0.11-1
 CVE-2008-3324 (The PartyGaming PartyPoker client program 121/120 does not
properly ...)
@@ -2833,7 +2833,7 @@
 CVE-2008-3230 (The ffmpeg lavf demuxer allows user-assisted attackers to cause
a ...)
 	- ffmpeg-debian <unfixed> (unimportant; bug #498764)
 	- ffmpeg <removed>
-        NOTE: Only a NULL pointer deference, hardly security relevant
+	NOTE: Only a NULL pointer deference, hardly security relevant
 CVE-2008-3228 (Joomla! before 1.5.4 does not configure .htaccess to apply
certain ...)
 	- joomla <itp> (bug #326398)
 CVE-2008-3227 (Unspecified vulnerability in Joomla! before 1.5.4 has unknown
impact ...)