thijs at alioth.debian.org
2008-Dec-01 15:14 UTC
[Secure-testing-commits] r10564 - data/CVE
Author: thijs Date: 2008-12-01 15:14:05 +0000 (Mon, 01 Dec 2008) New Revision: 10564 Modified: data/CVE/list Log: chm2pdf cves assigned Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-12-01 14:58:39 UTC (rev 10563) +++ data/CVE/list 2008-12-01 15:14:05 UTC (rev 10564) @@ -1640,8 +1640,10 @@ NOT-FOR-US: EC-CUBE CVE-2008-4534 (SQL injection vulnerability in EC-CUBE Ver2 2.1.2a and earlier, and ...) NOT-FOR-US: EC-CUBE -CVE-2008-XXXX [chm2pdf: insecure temp file usage] +CVE-2008-5299 [chm2pdf: insecure temp file usage: DoS by precreating directories] - chm2pdf 0.9.1-1.1 (low; bug #501959) +CVE-2008-5298 [chm2pdf: insecure temp file usage: symlink attack] + - chm2pdf 0.9.1-1.1 (low; bug #501959) CVE-2008-4533 (Cross-site scripting (XSS) vulnerability in Kantan WEB Server 1.8 and ...) NOT-FOR-US: Kantan WEB Server CVE-2008-4532 (Cross-site scripting (XSS) vulnerability in index.php in MaxiScript ...)