joeyh at alioth.debian.org
2008-Nov-30 09:14 UTC
[Secure-testing-commits] r10553 - data/CVE
Author: joeyh
Date: 2008-11-30 09:14:13 +0000 (Sun, 30 Nov 2008)
New Revision: 10553
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-11-30 08:52:48 UTC (rev 10552)
+++ data/CVE/list 2008-11-30 09:14:13 UTC (rev 10553)
@@ -272,13 +272,14 @@
- mailscanner 4.57.6-1
NOTE: script should only be used when the private Trend Micro antivirus is
installed
CVE-2008-5139 (updatejail in jailer 0.4 allows local users to overwrite
arbitrary ...)
+ {DSA-1674-1}
- jailer 0.4-10 (bug #410548; low)
CVE-2008-5138 (passwdehd in libpam-mount 0.43 allows local users to overwrite
...)
- libpam-mount 1.2+gitaa4791f-1 (low)
[lenny] - libpam-mount 0.44-1+lenny2
CVE-2008-5137 (tkman in tkman 2.2 allows local users to overwrite arbitrary
files via ...)
- tkman <unfixed> (low; bug #506496)
- [etch] - tkman <no-dsa> (Minor issue)
+ [etch] - tkman <no-dsa> (Minor issue)
CVE-2008-5136 (tkusr in tkusr 0.82 allows local users to overwrite arbitrary
files ...)
[etch] - tkusr <no-dsa> (Minor issue)
- tkusr <removed> (low)
@@ -491,13 +492,13 @@
NOTE: this is SA32658
CVE-2008-XXXX [typo3: XSS vulnerability in Typo3 backendmodul
"fileadmin"]
- typo3-src 4.2.3-1 (bug #505324)
- [etch] - typo3-src <not-affected> (Only Typo3 4.2.2 is affected)
+ [etch] - typo3-src <not-affected> (Only Typo3 4.2.2 is affected)
CVE-2008-XXXX [typo3: XSS vulnerability in Typo3 sysext "felogin"]
- typo3-src 4.2.3-1 (bug #505325)
- [etch] - typo3-src <not-affected> (Typo3 versions below 4.2.x are
not affected)
+ [etch] - typo3-src <not-affected> (Typo3 versions below 4.2.x are not
affected)
CVE-2008-XXXX [typo3: passwords are not changeable bug in the backend]
- typo3-src 4.2.3-1 (bug #505326)
- [etch] - typo3-src <not-affected> (Typo3 versions below 4.2.x are
not affected)
+ [etch] - typo3-src <not-affected> (Typo3 versions below 4.2.x are not
affected)
CVE-2008-XXXX [websvn Cross Site Scripting and Directory Traversal]
- websvn 2.0-4 (bug #503330)
NOTE: http://www.gulftech.org/?node=research&article_id=00132-10202008
@@ -867,9 +868,9 @@
- python2.4 2.4.5-6 (bug #504620)
CVE-2008-4863 (Untrusted search path vulnerability in BPY_interface in Blender
2.46 ...)
- blender 2.46+dfsg-5 (bug #503632; low)
- [etch] - blender <no-dsa> (Minor issue)
- TODO: [etch] - blender 2.42a-8
- NOTE: Scheduled for r6
+ [etch] - blender <no-dsa> (Minor issue)
+ TODO: [etch] - blender 2.42a-8
+ NOTE: Scheduled for r6
CVE-2008-4862
RESERVED
CVE-2008-4861
@@ -1162,7 +1163,7 @@
NOT-FOR-US: ZZ_Templater module in TinyCMS
CVE-2006-7234 (Untrusted search path vulnerability in Lynx before 2.8.6rel.4
allows ...)
- lynx-cur 2.8.7dev4-1 (low)
- - lynx <not-affected> (Doesn''t include the current
directory in the search path)
+ - lynx <not-affected> (Doesn''t include the current directory in
the search path)
CVE-2008-4748 (Format string vulnerability in the URI handler in KVirc 3.4.0,
when ...)
- kvirc 2:3.4.0-3 (bug #503401)
CVE-2008-XXXX [balazar3: insecure temp file handling]
@@ -1284,12 +1285,15 @@
CVE-2008-4688 (core/string_api.php in Mantis before 1.1.3 does not check the
...)
- mantis 1.1.2+dfsg-9 (low; bug #503588)
CVE-2008-4685 (Use-after-free vulnerability in the dissect_q931_cause_ie
function in ...)
+ {DSA-1673-1}
- wireshark <unfixed> (low; bug #503589)
[lenny] - wireshark 1.0.2-3+lenny2
CVE-2008-4684 (packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly
...)
+ {DSA-1673-1}
- wireshark <unfixed> (low; bug #503589)
[lenny] - wireshark 1.0.2-3+lenny2
CVE-2008-4683 (The dissect_btacl function in packet-bthci_acl.c in the
Bluetooth ACL ...)
+ {DSA-1673-1}
- wireshark <unfixed> (low; bug #503589)
[lenny] - wireshark 1.0.2-3+lenny2
CVE-2008-4682 (wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers
to ...)
@@ -1829,7 +1833,7 @@
CVE-2008-4437 (Directory traversal vulnerability in importxml.pl in Bugzilla
before ...)
{DTSA-170-1}
- bugzilla 3.0.5.0-1 (low; bug #502019)
- [etch] - bugzilla <no-dsa> (Minor issue)
+ [etch] - bugzilla <no-dsa> (Minor issue)
CVE-2008-4436 (SQL injection vulnerability in bblog_plugins/builtin.help.php in
bBlog ...)
NOT-FOR-US: bBlog
CVE-2008-4435 (Multiple cross-site scripting (XSS) vulnerabilities in the
RMSOFT ...)
@@ -3153,7 +3157,7 @@
- wireshark 1.0.3-1 (bug #497878)
[etch] - wireshark <not-affected> (Only >= 0.99.6)
CVE-2008-3933 (Wireshark (formerly Ethereal) 0.10.14 through 1.0.2 allows
attackers ...)
- {DTSA-167-1}
+ {DSA-1673-1 DTSA-167-1}
- wireshark 1.0.3-1 (low; bug #497878)
CVE-2008-3932 (Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allows
attackers to ...)
{DTSA-167-1}
@@ -3372,7 +3376,7 @@
CVE-2008-3825 (pam_krb5 2.2.14 in Red Hat Enterprise Linux (RHEL) 5 and
earlier, when ...)
NOT-FOR-US: Different code base than Debian''s libpam-krb5
CVE-2008-3824 (Cross-site scripting (XSS) vulnerability in (1) ...)
- {DTSA-165-1}
+ {DSA-1642-1 DTSA-165-1}
- horde3 3.2.2+debian0-1 (low; bug #499579)
CVE-2008-3823 (Cross-site scripting (XSS) vulnerability in
MIME/MIME/Contents.php in ...)
{DSA-1642-1 DTSA-165-1}
@@ -5133,6 +5137,7 @@
- drupal5 <not-affected> (Vulnerable code not present, introduced in
6.0)
- drupal-4.7 <not-affected> (Vulnerable code not present, introduced in
6.0)
CVE-2008-3145 (The fragment_add_work function in epan/reassemble.c in Wireshark
...)
+ {DSA-1673-1}
- wireshark 1.0.2-1 (low)
NOTE: http://www.wireshark.org/security/wnpa-sec-2008-04.html
CVE-2008-3115 (Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and
...)
@@ -5734,9 +5739,11 @@
NOTE: gaim is now a transitional package depending on pidgin with its own
source package
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=453764
CVE-2008-3137 (The GSM SMS dissector in Wireshark (formerly Ethereal) 0.99.2
through ...)
+ {DSA-1673-1}
- wireshark 1.0.1-1 (low; bug #488834)
NOTE: http://www.wireshark.org/security/wnpa-sec-2008-03.html
CVE-2008-3138 (The (1) PANA and (2) KISMET dissectors in Wireshark (formerly
...)
+ {DSA-1673-1}
- wireshark 1.0.1-1 (low; bug #488834)
NOTE: http://www.wireshark.org/security/wnpa-sec-2008-03.html
CVE-2008-3139 (The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8
through ...)
@@ -5748,6 +5755,7 @@
[etch] - wireshark <not-affected> (Only affects 1.0.0)
NOTE: http://www.wireshark.org/security/wnpa-sec-2008-03.html
CVE-2008-3141 (Unspecified vulnerability in the RMI dissector in Wireshark
(formerly ...)
+ {DSA-1673-1}
- wireshark 1.0.1-1 (low; bug #488834)
NOTE: http://www.wireshark.org/security/wnpa-sec-2008-03.html
CVE-2008-2952 (liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers
to ...)
@@ -8996,7 +9004,7 @@
CVE-2008-1447 (The DNS protocol, as implemented in (1) BIND 8 and 9 before
9.5.0-P1, ...)
{DSA-1623-1 DSA-1619-1 DSA-1617-1 DSA-1603-1 DTSA-147-1}
- bind9 1:9.5.0.dfsg-5 (high)
- NOTE: glibc stub resolver relies on source port randomisation in kernel
+ NOTE: glibc stub resolver relies on source port randomisation in kernel
- dnsmasq 2.43-1 (medium; bug #490123)
- pdnsd 1.2.6-par-11 (bug #502275)
- python-dns 2.3.1-5 (low; bug #490217)
@@ -14325,14 +14333,14 @@
NOTE: we ship the iwl code in
/debian/patches/features/all/v7-iwlwifi-add-iwlwifi-wireless-drivers.patch
CVE-2007-5937 (Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and
TeXlive ...)
- texlive-bin 2007-13
- [etch] - texlive-bin <no-dsa> (Minor issue)
+ [etch] - texlive-bin <no-dsa> (Minor issue)
CVE-2007-5936 (dvips in teTeX and TeXlive 2007 and earlier allows local users
to ...)
- texlive-bin 2007-13
- [etch] - texlive-bin <no-dsa> (Minor issue)
+ [etch] - texlive-bin <no-dsa> (Minor issue)
CVE-2007-5935 (Stack-based buffer overflow in hpc.c in dvips in teTeX and
TeXlive ...)
{DTSA-97-1}
- texlive-bin 2007.dfsg.1-1
- [etch] - texlive-bin <no-dsa> (Minor issue)
+ [etch] - texlive-bin <no-dsa> (Minor issue)
CVE-2007-5934 (The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a
request ...)
NOT-FOR-US: php PEAR MDB2
CVE-2007-5933 (Pioneers (formerly gnocatan) before 0.11.3 allows remote
attackers to ...)