joeyh at alioth.debian.org
2008-Oct-13 21:14 UTC
[Secure-testing-commits] r10074 - data/CVE
Author: joeyh
Date: 2008-10-13 21:14:18 +0000 (Mon, 13 Oct 2008)
New Revision: 10074
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-10-13 20:34:55 UTC (rev 10073)
+++ data/CVE/list 2008-10-13 21:14:18 UTC (rev 10074)
@@ -1,3 +1,13 @@
+CVE-2008-4538
+ RESERVED
+CVE-2008-4537 (Cross-site scripting (XSS) vulnerability in EC-CUBE Ver1 1.4.6
and ...)
+ TODO: check
+CVE-2008-4536 (Cross-site scripting (XSS) vulnerability in EC-CUBE Ver1 1.4.6
and ...)
+ TODO: check
+CVE-2008-4535 (Cross-site scripting (XSS) vulnerability in EC-CUBE Ver2 2.1.2a
and ...)
+ TODO: check
+CVE-2008-4534 (SQL injection vulnerability in EC-CUBE Ver2 2.1.2a and earlier,
and ...)
+ TODO: check
CVE-2008-XXXX [chm2pdf: insecure temp file usage]
- chm2pdf <unfixed> (low; bug #501959)
CVE-2008-4533 (Cross-site scripting (XSS) vulnerability in Kantan WEB Server
1.8 and ...)
@@ -545,6 +555,7 @@
CVE-2008-4303
RESERVED
CVE-2008-4302 (fs/splice.c in the splice subsystem in the Linux kernel before
...)
+ {DSA-1653-1}
- linux-2.6 2.6.22-4 (low)
CVE-2008-4301 (** DISPUTED ** ...)
NOT-FOR-US: Microsoft
@@ -727,6 +738,7 @@
CVE-2008-4211 (Integer signedness error in QuickLook in Mac OS X 10.5.5 allows
remote ...)
NOT-FOR-US: QuickLook Mac OS X
CVE-2008-4210 (fs/open.c in the Linux kernel before 2.6.22 does not properly
strip ...)
+ {DSA-1653-1}
- linux-2.6 2.6.22-1
NOTE: easily exploitable but of limited use as the attacker already needs
access to a
NOTE: directory that is setgid to the group he wants to get privileges for
@@ -1441,6 +1453,7 @@
CVE-2007-6717 (Buffer overflow in tftp in bos.net.tcp.client in IBM AIX 5.2.0
and ...)
NOT-FOR-US: IBM AIX
CVE-2007-6716 (fs/direct-io.c in the dio subsystem in the Linux kernel before
2.6.23 ...)
+ {DSA-1653-1}
- linux-2.6 2.6.23-1
CVE-2008-3962 (The from_format function in ssmtp.c in ssmtp 2.61 and 2.62, in
certain ...)
- ssmtp 2.62-1.1 (low; bug #498366)
@@ -1663,6 +1676,7 @@
CVE-2008-3834 (The dbus_signature_validate function in the D-bus library
(libdbus) ...)
- dbus <unfixed> (bug #501443)
CVE-2008-3833 (The generic_file_splice_write function in fs/splice.c in the
Linux ...)
+ {DSA-1653-1}
TODO: check
CVE-2008-3832 (A certain Fedora patch for the utrace subsystem in the Linux
kernel ...)
- linux-2.6 <not-affected> (Fedora-specific patch)
@@ -2492,6 +2506,7 @@
- linux-2.6.24 2.6.24-6~etchnhalf.5
[etch] - linux-2.6 <not-affected>
CVE-2008-3525 (The sbni_ioctl function in drivers/net/wan/sbni.c in the wan
subsystem ...)
+ {DSA-1653-1}
- linux-2.6 2.6.26-7
- linux-2.6.24 <unfixed>
CVE-2008-3524 (rc.sysinit in initscripts before 8.76.3-1 in Fedora 9 allows
local ...)
@@ -3028,7 +3043,7 @@
CVE-2008-3277
RESERVED
CVE-2008-3276 (Integer overflow in the dccp_setsockopt_change function in ...)
- {DSA-1636-1}
+ {DSA-1653-1 DSA-1636-1}
- linux-2.6 2.6.26-4
- linux-2.6.24 2.6.24-6~etchnhalf.5
[etch] - linux-2.6 <unfixed>
@@ -7128,6 +7143,7 @@
[sarge] - otrs <not-affected> (Vulnerable code not present)
NOTE: http://packages.qa.debian.org/o/otrs2/news/20080320T211729Z.html
CVE-2008-1514 (arch/s390/kernel/ptrace.c in Linux kernel 2.6.9, and other
versions ...)
+ {DSA-1653-1}
- linux-2.6 2.6.26-8
NOTE: s390 specific issue, counterpart for x86 not reproducible with 2.6.24
here
CVE-2008-1513 (SQL injection vulnerability in index.php in Danneo CMS 0.5.1 and
...)