thijs at alioth.debian.org
2008-Apr-27 09:51 UTC
[Secure-testing-commits] r8624 - data/CVE
Author: thijs
Date: 2008-04-27 09:51:02 +0000 (Sun, 27 Apr 2008)
New Revision: 8624
Modified:
data/CVE/list
Log:
update serendipity issues
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-04-27 09:32:06 UTC (rev 8623)
+++ data/CVE/list 2008-04-27 09:51:02 UTC (rev 8624)
@@ -86,7 +86,7 @@
CVE-2008-1924 (Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when
running ...)
{DSA-1557-1}
- phpmyadmin 4:2.11.5.2-1
- NOTE: PMASA-2008-3, CVE id requested
+ NOTE: PMASA-2008-3
NOTE:
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_9/phpMyAdmin/libraries/tbl_replace_fields.inc.php?r1=11211&r2=11210&pathrev=11211
CVE-2008-1914 (Stack-based buffer overflow in the AntServer module
(AntServer.exe) in ...)
NOT-FOR-US: BigAnt Messenger
@@ -1251,12 +1251,11 @@
- clamav 0.92.1~dfsg2-1
[etch] - clamav <not-affected> (Vulnerable code not present)
CVE-2008-1386 (Multiple cross-site scripting (XSS) vulnerabilities in the
installer ...)
- - serendipity 1.3.1-1
- NOTE: http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html
+ - serendipity <not-affected> (Vulnerable code not present)
+ NOTE: we do not ship the serendipity installer
CVE-2008-1385 (Cross-site scripting (XSS) vulnerability in the Top Referrers
(aka ...)
- - serendipity 1.3.1-1
- NOTE: http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html
- NOTE: One of these two issues seems very theoretical, other one needs further
assessment
+ - serendipity 1.3.1-1 (low)
+ NOTE: etch affected, but only in specific plugin.
CVE-2008-1384 (Integer overflow in PHP 5.2.5 and earlier allows
context-dependent ...)
- php5 <unfixed> (unimportant)
NOTE: http://securityreason.com/achievement_securityalert/52