thr3ads.net - Secure testing commits - [Secure-testing-commits] r8401

If this information is useful, please help other people find it:
Share via:

thijs at alioth.debian.org

2008-Mar-25 08:32 UTC

[Secure-testing-commits] r8401 - in data: CVE DSA

Author: thijs
Date: 2008-03-25 08:32:07 +0000 (Tue, 25 Mar 2008)
New Revision: 8401

Modified:
   data/CVE/list
   data/DSA/list
Log:
CVE id assigned to serendipity
remove no-dsa annotation for minor issue included in cumulative DSA
correct CVE id typo for old PHP advisory


Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-03-24 21:14:09 UTC (rev 8400)
+++ data/CVE/list	2008-03-25 08:32:07 UTC (rev 8401)
@@ -1,9 +1,6 @@
-CVE-2008-XXXX [Serendipity XSS in trackbacks]
+CVE-2008-1476 [Serendipity XSS in trackbacks]
 	- serendipity 1.3-1
-	[etch] - serendipity 1.0.4-1+etch1
-	NOTE: no CVE id available at time of DSA release
 	NOTE:
http://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.html
-	NOTE: CVE id requested
 CVE-2008-XXXX [multiple security issues in kses as used in egroupware]
 	- egroupware 1.4.002.dfsg-2.1 (bug #471839)
 CVE-2008-XXXX [OTRS osa-2008-01]
@@ -4340,7 +4337,6 @@
 CVE-2007-6205 (Cross-site scripting (XSS) vulnerability in the remote RSS
sidebar ...)
 	{DSA-1528-1}
 	- serendipity 1.2.1-1 (low)
-	[etch] - serendipity <no-dsa> (Can only be exploited in rare conditions)
 CVE-2007-6204 (Multiple stack-based buffer overflows in HP OpenView Network
Node ...)
 	NOT-FOR-US: HP OpenView
 CVE-2007-6203 (Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP
Method ...)

Modified: data/DSA/list
==================================================================---
data/DSA/list	2008-03-24 21:14:09 UTC (rev 8400)
+++ data/DSA/list	2008-03-25 08:32:07 UTC (rev 8401)
@@ -1,5 +1,5 @@
 [24 Mar 2008] DSA-1528-1 serendipity - cross site scripting
-	{CVE-2007-6205 CVE-2008-0124}
+	{CVE-2007-6205 CVE-2008-0124 CVE-2008-1476}
 	[etch] - serendipity 1.0.4-1+etch1
 [24 Mar 2008] DSA-1527-1 debian-goodies - privilege escalation
 	{CVE-2007-3912}
@@ -995,7 +995,7 @@
 	{CVE-2006-6497 CVE-2006-6498 CVE-2006-6499 CVE-2006-6501 CVE-2006-6502
CVE-2006-6503 CVE-2006-6505}
 	[sarge] - mozilla 2:1.7.8-1sarge10
 [07 Mar 2007] DSA-1264-1 php4
-	{CVE-2007-0906 CVE-2007-0907 CVE-2006-0908 CVE-2007-0909 CVE-2007-0910
CVE-2007-0988}
+	{CVE-2007-0906 CVE-2007-0907 CVE-2007-0908 CVE-2007-0909 CVE-2007-0910
CVE-2007-0988}
 	[sarge] - php4 4:4.3.10-19
 [06 Mar 2007] DSA-1263-1 clamav
 	{CVE-2007-0897 CVE-2007-0898 CVE-2007-0899}

Secure testing commits - Mar 2008 - r8401 - in data: CVE DSA

[Secure-testing-commits] r8401 - in data: CVE DSA