Author: nion Date: 2008-03-31 11:57:00 +0000 (Mon, 31 Mar 2008) New Revision: 8454 Modified: data/CVE/list Log: CVE-2008-1501 does not affectect ircd-ircu in debian Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-03-31 11:29:05 UTC (rev 8453) +++ data/CVE/list 2008-03-31 11:57:00 UTC (rev 8454) @@ -45,7 +45,7 @@ RESERVED CVE-2008-1514 (ptrace in Linux kernel 2.6.9 on Fedora 7 and 8 allows local users to ...) TODO: check - NOTE: s390 specific issue, counterpart for x86 not reproducable with 2.6.24 here + NOTE: s390 specific issue, counterpart for x86 not reproducible with 2.6.24 here CVE-2008-1513 (SQL injection vulnerability in index.php in Danneo CMS 0.5.1 and ...) NOT-FOR-US: Danneo CMS CVE-2008-1512 (Directory traversal vulnerability in admin/admin_xs.php in phpBB ...) @@ -69,7 +69,9 @@ CVE-2008-1503 (Cross-site scripting (XSS) vulnerability in the web management ...) NOT-FOR-US: F5 BIG-IP CVE-2008-1501 (The send_user_mode function in s_user.c in (1) Undernet ircu ...) - TODO: check + - ircd-ircu <not-affected> (Vulnerable code not present) + NOTE: vulnerable code introduced later than 2.0.12.10, see: http://hg.quakenet.org/snircd/rev/1ee48bee2f20 + NOTE: no other possible NULL ptr dereferences of p found and PoC not reproducible CVE-2008-1500 (Cross-site scripting (XSS) vulnerability in index.php in TinyPortal ...) TODO: check CVE-2008-1499 (Cross-site scripting (XSS) vulnerability in frontend/x/manpage.html in ...)