thr3ads.net - Secure testing commits - [Secure-testing-commits] r7941

If this information is useful, please help other people find it:
Share via:
nion at alioth.debian.org
2008-Jan-16 13:00 UTC
[Secure-testing-commits] r7941 - in data: CVE DTSA

Author: nion
Date: 2008-01-16 13:00:27 +0000 (Wed, 16 Jan 2008)
New Revision: 7941

Modified:
   data/CVE/list
   data/DTSA/list
Log:
CVE-2008-0238 also fixed in testing-security, i extracted the patch from a diff
between 1.1.9 and 1.1.9.1

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-01-16 12:50:31 UTC (rev 7940)
+++ data/CVE/list	2008-01-16 13:00:27 UTC (rev 7941)
@@ -58,51 +58,52 @@
 CVE-2008-0262 (SQL injection vulnerability in includes/articleblock.php in
Agares ...)
 	NOT-FOR-US: Agares PhpAutoVideo
 CVE-2008-0261 (Unspecified vulnerability in the search component and module in
Mambo ...)
-	TODO: check
+	NOT-FOR-US: Mambo
+	NOTE: Mambo is in experimental
 CVE-2008-0260 (minimal Gallery 0.8 allows remote attackers to obtain
configuration ...)
-	TODO: check
+	NOT-FOR-US: minimal Gallery
 CVE-2008-0259 (Multiple directory traversal vulnerabilities in
_mg/php/mg_thumbs.php ...)
-	TODO: check
+	NOT-FOR-US: minimal Gallery
 CVE-2008-0258 (Cross-site scripting (XSS) vulnerability in index.php in PHP
Running ...)
-	TODO: check
+	NOT-FOR-US: PHP Running Management
 CVE-2008-0257 (Cross-site scripting (XSS) vulnerability in search.pl in Dansie
Search ...)
-	TODO: check
+	NOT-FOR-US: Dansie Search
 CVE-2008-0256 (Multiple SQL injection vulnerabilities in Matteo Binda ASP Photo
...)
-	TODO: check
+	NOT-FOR-US: Matteo Binda ASP Photo Gallery
 CVE-2008-0255 (SQL injection vulnerability in archive.php in iGaming 1.5, and
1.3.1 ...)
-	TODO: check
+	NOT-FOR-US: iGaming
 CVE-2008-0254 (SQL injection vulnerability in activate.php in TutorialCMS (aka
...)
-	TODO: check
+	NOT-FOR-US: TutorialCMS
 CVE-2008-0253 (SQL injection vulnerability in full_text.php in Binn SBuilder
allows ...)
-	TODO: check
+	NOT-FOR-US: Binn SBuilder
 CVE-2008-0252 (Directory traversal vulnerability in the _get_file_path function
in ...)
-	TODO: check
+	- python-cherrypy <unfixed> (low; bug #461069)
 CVE-2008-0251 (Unrestricted file upload vulnerability in PhotoPost vBGallery
before ...)
-	TODO: check
+	NOT-FOR-US: PhotoPost vBGallery
 CVE-2008-0250 (Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows
...)
-	TODO: check
+	NOT-FOR-US: Microsoft Visual InterDev
 CVE-2008-0249 (PHP Webquest 2.6 allows remote attackers to retrieve database
...)
-	TODO: check
+	NOT-FOR-US: PHP Webquest
 CVE-2008-0248 (Buffer overflow in an ActiveX control in ccpm_0237.dll for
StreamAudio ...)
-	TODO: check
+	NOT-FOR-US: StreamAudio ChainCast ProxyManager
 CVE-2008-0247 (Heap-based buffer overflow in IBM Tivoli Storage Manager (TSM)
Express ...)
-	TODO: check
+	NOT-FOR-US: IBM Tivoli Storage Manager
 CVE-2008-0246 (admin.php in UploadScript 1.0 does not check for the original
password ...)
-	TODO: check
+	NOT-FOR-US: UploadScript
 CVE-2008-0245 (admin.php in UploadImage 1.0 does not check for the original
password ...)
-	TODO: check
+	NOT-FOR-US: UploadImage
 CVE-2008-0244 (SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers
to ...)
-	TODO: check
+	NOT-FOR-US: SAP MaxDB
 CVE-2008-0243 (Unspecified vulnerability in Lotus Domino 7.0.2 before Fix Pack
3 ...)
-	TODO: check
+	NOT-FOR-US: Lotus Domino
 CVE-2008-0242 (Unspecified vulnerability in libdevinfo in Sun Solaris 10 allows
local ...)
-	TODO: check
+	NOT-FOR-US: Sun Solari
 CVE-2008-0241 (Open redirect vulnerability in /idm/user/login.jsp in Sun Java
System ...)
-	TODO: check
+	NOT-FOR-US: Sun Java System Identity Manager
 CVE-2008-0240 (/idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1
...)
-	TODO: check
+	NOT-FOR-US: Sun Java System Identity Manager
 CVE-2008-0239 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java
System ...)
-	TODO: check
+	NOT-FOR-US: Sun Java System Identity Manager
 CVE-2008-0238 (Multiple heap-based buffer overflows in the rmff_dump_cont
function in ...)
 	TODO: check
 CVE-2008-XXXX [insecure use of RandomPool]

Modified: data/DTSA/list
==================================================================---
data/DTSA/list	2008-01-16 12:50:31 UTC (rev 7940)
+++ data/DTSA/list	2008-01-16 13:00:27 UTC (rev 7941)
@@ -314,5 +314,5 @@
 [January 12th, 2008] DTSA-108-1 vlc - multiple vulnerabilities
 	[lenny] - vlc 0.8.6.c-4.1~lenny1
 [January 14th, 2008] DTSA-109-1 xine-lib - heap-based buffer overflow
-	{CVE-2008-0225}
+	{CVE-2008-0225 CVE-2008-0238}
 	[lenny] - xine-lib 1.1.8-3+lenny1
Secure testing commits - Jan 2008 - r7941 - in data: CVE DTSA

[Secure-testing-commits] r7941 - in data: CVE DTSA
