white at alioth.debian.org
2008-Nov-30 08:47 UTC
[Secure-testing-commits] r10551 - in data: . CVE
Author: white Date: 2008-11-30 08:47:08 +0000 (Sun, 30 Nov 2008) New Revision: 10551 Modified: data/CVE/list data/spu-candidates.txt Log: Mark horde3 XSS with no-dsa; use no-das as well and document dup Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-11-30 08:34:35 UTC (rev 10550) +++ data/CVE/list 2008-11-30 08:47:08 UTC (rev 10551) @@ -3908,6 +3908,7 @@ - horde3 3.2.1+debian0-1 (low; bug #495332) - turba2 2.2.1-1 [etch] - turba2 <not-affected> (Vulnerable code not present) + [etch] - horde3 <no-dsa> (Minor issue, dup of CVE-2008-3330) NOTE: this is actually two issues: NOTE: - one a dup of CVE-2008-3330 in horde3 NOTE: - another an issue in turba2 @@ -4923,7 +4924,7 @@ - horde3 3.2.1+debian0-1 (low; bug #492578) - turba2 2.2.1-1 (low) [etch] - turba2 <not-affected> (only version 2.2 contains vulnerable code, etch has 2.1) - TODO: <confirm> tag + [etch] - horde3 <no-dsa> (Minor issue) CVE-2008-3325 (Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before ...) - moodle 1.8.1-1 (low) NOTE: http://moodle.org/mod/forum/discuss.php?d=101405 Modified: data/spu-candidates.txt ==================================================================--- data/spu-candidates.txt 2008-11-30 08:34:35 UTC (rev 10550) +++ data/spu-candidates.txt 2008-11-30 08:47:08 UTC (rev 10551) @@ -201,6 +201,11 @@ -- +horde3 (CVE-2008-3330) +#495332 + +-- + hplip (CVE-2008-2940/CVE-2008-2941) #499842 notified maintainer