stef-guest at alioth.debian.org
2007-Oct-20 08:33 UTC
[Secure-testing-commits] r7025 - data/CVE
Author: stef-guest
Date: 2007-10-20 08:33:31 +0000 (Sat, 20 Oct 2007)
New Revision: 7025
Modified:
data/CVE/list
Log:
fixed: loop-aes-utils, ruby
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-10-20 08:29:33 UTC (rev 7024)
+++ data/CVE/list 2007-10-20 08:33:31 UTC (rev 7025)
@@ -678,7 +678,7 @@
CVE-2007-5387 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: Pindorama
CVE-2007-5386 (Cross-site scripting (XSS) vulnerability in scripts/setup.php in
...)
- - phpmyadmin 2.11.1.2-1 (unimportant; bug #446451)
+ - phpmyadmin 4:2.11.1.2-1 (unimportant; bug #446451)
CVE-2007-5385 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
NOT-FOR-US: Thomson/Alcatel SpeedTouch 7G router
CVE-2007-5384 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
@@ -1250,6 +1250,7 @@
CVE-2007-5191 (mount and umount in util-linux call the setuid and setgid
functions in ...)
{DTSA-64-1}
- util-linux 2.13-8 (low)
+ - loop-aes-utils 2.13-2 (low)
CVE-2007-5190
RESERVED
CVE-2007-5189 (Multiple SQL injection vulnerabilities in mes_add.php in
x-script ...)
@@ -1312,8 +1313,8 @@
CVE-2007-5163 (** DISPUTED ** ...)
NOT-FOR-US: nexty
CVE-2007-5162 (The connect method in lib/net/http.rb in the (1) Net::HTTP and
(2) ...)
- - ruby1.9 <not-affected> (Vulnerable code no longer present)
- - ruby1.8 <unfixed> (low; bug #444929)
+ - ruby1.9 1.9.0+20071016-1 (low)
+ - ruby1.8 1.8.6.111-1 (low; bug #444929)
NOTE: fix for 1.8
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13504
CVE-2007-5161 (Cross-zone scripting vulnerability in the internal browser in
...)
NOT-FOR-US: Feedreader 3
@@ -3274,7 +3275,7 @@
CVE-2007-4307 (Multiple cross-site scripting (XSS) vulnerabilities in
Storesprite 7 ...)
NOT-FOR-US: Storesprite
CVE-2007-4306 (Multiple cross-site scripting (XSS) vulnerabilities in
phpMyAdmin ...)
- - phpmyadmin (unimportant)
+ - phpmyadmin <unfixed> (unimportant)
[sarge] - phpmyadmin <not-affected>
NOTE: It seems that this requires knowledge of a unguessable session token.
NOTE: Confirmed by upstream. Sarge is not affected at all.