Author: fw Date: 2008-12-21 08:02:21 +0000 (Sun, 21 Dec 2008) New Revision: 10753 Modified: data/CVE/list Log: CVE-2008-5620: roundcube CVE-2008-3443: add upstream commits, very low severity Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-12-21 00:23:57 UTC (rev 10752) +++ data/CVE/list 2008-12-21 08:02:21 UTC (rev 10753) @@ -103,7 +103,7 @@ CVE-2008-5623 RESERVED CVE-2008-5620 (RoundCube Webmail (roundcubemail) before 0.2-beta allows remote ...) - TODO: check + - roundcube <unfixed> (low) CVE-2008-5618 (imudp in rsyslog 4.x before 4.1.2, 3.21 before 3.21.9 beta, and 3.20 ...) TODO: check CVE-2008-5615 @@ -5414,8 +5414,9 @@ - iceweasel <unfixed> (unimportant) NOTE: browser dos not treated as security issues CVE-2008-3443 (The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, ...) - - ruby1.8 1.8.7.72-1 (bug #494401) - - ruby1.9 <unfixed> + - ruby1.8 1.8.7.72-1 (low; bug #494401) + - ruby1.9 <unfixed> (low) + NOTE: Upstream commits 18212 (for 1.8) and 18213 (for 1.9). CVE-2008-3442 (WinZip before 11.0 does not properly verify the authenticity of ...) NOT-FOR-US: WinZip CVE-2008-3441 (Nullsoft Winamp before 5.24 does not properly verify the authenticity ...)