stef-guest at alioth.debian.org
2008-Feb-02 10:37 UTC
[Secure-testing-commits] r8070 - data/CVE
Author: stef-guest Date: 2008-02-02 10:37:32 +0000 (Sat, 02 Feb 2008) New Revision: 8070 Modified: data/CVE/list Log: deluge-torrent fixed, new apache issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-02-02 00:15:45 UTC (rev 8069) +++ data/CVE/list 2008-02-02 10:37:32 UTC (rev 8070) @@ -1,5 +1,5 @@ CVE-2008-XXXX [deluge-torrent unspecified remote issue] - - deluge-torrent <unfixed> (unknown; bug #463357) + - deluge-torrent 0.5.8.3-1 (unknown; bug #463357) CVE-2008-0501 (Directory traversal vulnerability in phpMyClub 0.0.1 allows remote ...) NOT-FOR-US: phpMyClub CVE-2008-0500 (Multiple unspecified vulnerabilities in Mambo LaiThai 4.5.5 have ...) @@ -92,9 +92,23 @@ CVE-2008-0457 RESERVED CVE-2008-0456 (CRLF injection vulnerability in the mod_negotiation module in the ...) - TODO: check + - apache <unfixed> (low) + - apache2 <unfixed> (low) + [etch] - apache <no-dsa> (minor issue) + [etch] - apache2 <no-dsa> (minor issue) + [sarge] - apache <no-dsa> (minor issue) + [sarge] - apache2 <no-dsa> (minor issue) + NOTE: This is only relevant if an attacker can upload files with arbitrary names + NOTE: but not with arbitrary contents. CVE-2008-0455 (Cross-site scripting (XSS) vulnerability in the mod_negotiation module ...) - TODO: check + - apache <unfixed> (low) + - apache2 <unfixed> (low) + [etch] - apache <no-dsa> (minor issue) + [etch] - apache2 <no-dsa> (minor issue) + [sarge] - apache <no-dsa> (minor issue) + [sarge] - apache2 <no-dsa> (minor issue) + NOTE: This is only relevant if an attacker can upload files with arbitrary names + NOTE: but not with arbitrary contents. CVE-2008-0454 (Cross-zone scripting vulnerability in the Internet Explorer web ...) NOT-FOR-US: Skype CVE-2008-0453 (SQL injection vulnerability in list.php in Easysitenetwork Recipe ...)