joeyh at alioth.debian.org
2008-Dec-04 21:14 UTC
[Secure-testing-commits] r10617 - data/CVE
Author: joeyh
Date: 2008-12-04 21:14:12 +0000 (Thu, 04 Dec 2008)
New Revision: 10617
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-12-04 18:06:47 UTC (rev 10616)
+++ data/CVE/list 2008-12-04 21:14:12 UTC (rev 10617)
@@ -1,6 +1,24 @@
+CVE-2008-5323 (Cross-site scripting (XSS) vulnerability in index.php in Wysi
Wiki Wyg ...)
+ TODO: check
+CVE-2008-5322 (Wysi Wiki Wyg 1.0 allows remote attackers to obtain system
information ...)
+ TODO: check
+CVE-2008-5321 (SQL injection vulnerability in index.php in GesGaleri, a module
for ...)
+ TODO: check
+CVE-2008-5320 (SQL injection vulnerability in usersettings.php in e107 0.7.13
and ...)
+ TODO: check
+CVE-2008-5319 (Unspecified vulnerability in Tikiwiki before 2.2 has unknown
impact ...)
+ TODO: check
+CVE-2008-5318 (Unspecified vulnerability in Tikiwiki before 2.2 has unknown
impact ...)
+ TODO: check
+CVE-2008-5317 (Integer signedness error in the cmsAllocGamma function in ...)
+ TODO: check
+CVE-2008-5316 (Buffer overflow in the ReadEmbeddedTextTag function in
src/cmsio1.c in ...)
+ TODO: check
+CVE-2008-5315 (Directory traversal vulnerability in the web interface in Apple
iPhone ...)
+ TODO: check
CVE-2008-XXXX [multiple insecure tempfiles usage issues in devscripts]
- devscripts <unfixed> (low; bug #507482)
-CVE-2008-5314 [deep recursion in ClamAV''s JPEG reader]
+CVE-2008-5314 (Stack consumption vulnerability in libclamav/special.c in ClamAV
...)
{DSA-1680-1}
- clamav 0.94.dfsg.2-1 (medium; bug #507624)
CVE-2008-5311 (SQL injection vulnerability in image.php in NetArt Media Blog
System ...)
@@ -28,6 +46,7 @@
CVE-2008-5301 (Directory traversal vulnerability in the ManageSieve
implementation in ...)
- dovecot 1:1.0.15-2.3 (bug #506031)
CVE-2008-5300 (Linux kernel 2.6.28 allows local users to cause a denial of
service ...)
+ {DSA-1681-1}
TODO: check
CVE-2008-5296 (Gallery 1.5.x before 1.5.10 and 1.6 before 1.6-RC3, when ...)
TODO: check
@@ -118,8 +137,7 @@
RESERVED
CVE-2008-5249
RESERVED
-CVE-2008-5276 [vlc real demuxer heap overflow]
- RESERVED
+CVE-2008-5276 (Integer overflow in the ReadRealIndex function in real.c in the
Real ...)
- vlc <not-affected> (vulnerable code not present)
NOTE: affected versions are >= 0.9.x (experimental)
CVE-2008-XXXX [multiple vulnerabilities in phpcas]
@@ -282,6 +300,7 @@
- cups 1.3.8-1
[etch] - cupsys <not-affected> (cupsys doesn''t crash, code base
changed, guest username not submitted)
CVE-2008-5182 (The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5
might ...)
+ {DSA-1681-1}
- linux-2.6 <unfixed>
[etch] - linux-2.6.24 <unfixed>
CVE-2008-5181 (Microsoft Communicator allows remote attackers to cause a denial
of ...)
@@ -302,10 +321,10 @@
CVE-2008-XXXX [php5 safe mode bypass via php_value error_log in .htaccess]
- php5 <unfixed> (unimportant)
NOTE: http://securityreason.com/achievement_securityalert/57
-CVE-2008-5312 [multiple insecure temp files issues in mailscanner]
+CVE-2008-5312 (mailscanner 4.55.10 might allow local users to overwrite
arbitrary ...)
- mailscanner <unfixed> (bug #506353)
NOTE: there is no difference apart from the versions to CVE-2008-5313
-CVE-2008-5313 [multiple insecure temp files issues in mailscanner]
+CVE-2008-5313 (mailscanner 4.68.8 might allow local users to overwrite
arbitrary ...)
- mailscanner <unfixed> (bug #506353)
NOTE: there is no difference apart from the versions to CVE-2008-5312
CVE-2008-5175 (Directory traversal vulnerability in the FTP client in AceFTP
Freeware ...)
@@ -417,6 +436,7 @@
CVE-2008-5135 (** DISPUTED ** ...)
- os-prober <unfixed> (unimportant)
CVE-2008-5134 (Buffer overflow in the lbs_process_bss function in ...)
+ {DSA-1681-1}
- linux-2.6 <unfixed>
[etch] - linux-2.6.24 <unfixed>
CVE-2008-5133 (ipnat in IP Filter in Sun Solaris 10 and OpenSolaris before
snv_96, ...)
@@ -531,8 +551,7 @@
RESERVED
CVE-2008-5081
RESERVED
-CVE-2008-5080 [incorrect fix of CVE-2008-3714]
- RESERVED
+CVE-2008-5080 (awstats.pl in AWStats 6.8 and earlier does not properly remove
quote ...)
{DSA-1679-1 CVE-2008-3714}
- awstats <unfixed> (bug #495432; low)
CVE-2008-5079
@@ -733,9 +752,11 @@
CVE-2008-5009 (Race condition in the s_xout kernel module in Sun Solstice X.25
9.2, ...)
NOT-FOR-US: Sun Solstice X.25
CVE-2008-5025 (Stack-based buffer overflow in the hfs_cat_find_brec function in
...)
+ {DSA-1681-1}
- linux-2.6 2.6.26-11
- linux-2.6.24 <unfixed>
CVE-2008-5029 (The __scm_destroy function in net/core/scm.c in the Linux kernel
...)
+ {DSA-1681-1}
- linux-2.6 2.6.26-11
- linux-2.6.24 <unfixed>
CVE-2008-XXXX [Trac Multiple Vulnerabilities]
@@ -799,9 +820,11 @@
- aegis 4.24-3.1 (low; bug #496400)
[etch] - aegis <no-dsa> (Minor issue)
CVE-2008-4934 (The hfsplus_block_allocate function in fs/hfsplus/bitmap.c in
the ...)
+ {DSA-1681-1}
- linux-2.6 2.6.26-11
- linux-2.6.24 <unfixed>
CVE-2008-4933 (Buffer overflow in the hfsplus_find_cat function in ...)
+ {DSA-1681-1}
- linux-2.6 2.6.26-11
- linux-2.6.24 <unfixed>
CVE-2008-4932 (webmail/modules/filesystem/edit.php in U-Mail Webmail server
4.91 ...)
@@ -1568,6 +1591,7 @@
CVE-2008-4619 (The RPC subsystem in Sun Solaris 9 allows remote attackers to
cause a ...)
NOT-FOR-US: Sun Solaris
CVE-2008-4618 (The Stream Control Transmission Protocol (sctp) implementation
in the ...)
+ {DSA-1681-1}
- linux-2.6 2.6.26-10
- linux-2.6.24 <unfixed>
NOTE: ba0166708ef4da7eeb61dd92bbba4d5a749d6561
@@ -1678,6 +1702,7 @@
- dovecot 1:1.0.15-2.2 (low; bug #502967)
[etch] - dovecot <no-dsa> (Minor issue)
CVE-2008-4576 (sctp in Linux kernel before 2.6.25.18 allows remote attackers to
cause ...)
+ {DSA-1681-1}
- linux-2.6 2.6.26-9
- linux-2.6.24 <unfixed>
CVE-2008-4575 (Buffer overflow in the DoCommand function in jhead before 2.84
might ...)
@@ -1722,6 +1747,7 @@
- graphviz 2.20.2-3 (low)
[etch] - graphviz <no-dsa> (Minor issue)
CVE-2008-4554 (The do_splice_from function in fs/splice.c in the Linux kernel
before ...)
+ {DSA-1681-1}
- linux-2.6 2.6.26-9
- linux-2.6.24 <unfixed>
CVE-2008-4553 (qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows
local ...)
@@ -2119,7 +2145,7 @@
NOT-FOR-US: ActiveX
CVE-2008-4386
RESERVED
-CVE-2008-4385 (Husdawg, LLC Systems Requirements Lab 3 allows remote attackers
to ...)
+CVE-2008-4385 (Husdawg, LLC Systems Requirements Lab 3, as used by Instant
Expert ...)
NOT-FOR-US: LLC Systems Requirements Lab
CVE-2008-4384 (Multiple stack-based buffer overflows in MGI Software LPViewer
ActiveX ...)
NOT-FOR-US: LPViewer ActiveX
@@ -3496,7 +3522,7 @@
- condor <itp> (bug #233482)
CVE-2008-3828 (Stack-based buffer overflow in the condor_ schedd daemon in
Condor ...)
- condor <itp> (bug #233482)
-CVE-2008-3827 (Multiple integer underflows in MPlayer 1.0_rc2 and earlier allow
...)
+CVE-2008-3827 (Multiple integer underflows in the Real demuxer (demux_real.c)
in ...)
{DSA-1644-1 DTSA-168-1}
- mplayer 1.0~rc2-18 (medium; bug #500683)
NOTE: http://www.ocert.org/advisories/ocert-2008-013.html
@@ -4307,6 +4333,7 @@
{DSA-1654-1}
- libxml2 2.6.32.dfsg-4 (bug #498768)
CVE-2008-3528 (The error-reporting functionality in (1) fs/ext2/dir.c, (2) ...)
+ {DSA-1681-1}
- linux-2.6 2.6.26-11 (unimportant)
- linux-2.6.24 <unfixed> (unimportant)
NOTE: cdbf6dba28e8e6268c8420857696309470009fd9 (ext3)
@@ -5419,12 +5446,12 @@
NOT-FOR-US: V-webmail
CVE-2008-3060 (V-webmail 1.5.0 allows remote attackers to obtain sensitive ...)
NOT-FOR-US: V-webmail
-CVE-2008-3059
- RESERVED
-CVE-2008-3058
- RESERVED
-CVE-2008-3057
- RESERVED
+CVE-2008-3059 (member/settings_account.php in Octeth Oempro 3.5.5.1, and
possibly ...)
+ TODO: check
+CVE-2008-3058 (Multiple SQL injection vulnerabilities in Octeth Oempro 3.5.5.1,
and ...)
+ TODO: check
+CVE-2008-3057 (Octeth Oempro 3.5.5.1, and possibly other versions before 4,
does not ...)
+ TODO: check
CVE-2008-3056 (SQL injection vulnerability in the Codeon Petition (cd_petition)
...)
NOT-FOR-US: cd_petition extension for TYPO3
CVE-2008-3055 (SQL injection vulnerability in the Support view (ext_tbl)
extension ...)