thr3ads.net - Secure testing commits - [Secure-testing-commits] r9095

If this information is useful, please help other people find it:
Share via:

nion at alioth.debian.org

2008-Jun-17 20:24 UTC

[Secure-testing-commits] r9095 - data/CVE

Author: nion
Date: 2008-06-17 20:24:43 +0000 (Tue, 17 Jun 2008)
New Revision: 9095

Modified:
   data/CVE/list
Log:
new issue: nasm off-by-one (CVE-2008-2719)
cveified gallery2 issues


Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-06-17 19:53:04 UTC (rev 9094)
+++ data/CVE/list	2008-06-17 20:24:43 UTC (rev 9095)
@@ -1,3 +1,7 @@
+CVE-2008-2719 [nasm off-by-one in ppscan function]
+	- nasm <unfixed> (low; bug #486715)
+	[etch] - nasm <not-affected> (vulnerable code not present)
+	NOTE: http://www.openwall.com/lists/oss-security/2008/06/11/4
 CVE-2008-2712 [multiple vulnerabilities in several vimscripts]
 	- vim <unfixed> (medium; bug #486502)
 	NOTE: a bunch of these are probably low but because of the filetype.vim issue
@@ -8,17 +12,27 @@
 	NOTE:
http://dev.robotbattle.com/cgi-bin/viewvc.cgi/exiv2/trunk/src/nikonmn.cpp?r1=1473&r2=1499
 CVE-2008-2713 [ClamaV DoS]
 	- clamav 0.93.1.dfsg-1 (low)
-	NOTE: CVE id requested
 CVE-2008-2711 [fetchmail DoS in -vv mode]
 	- fetchmail <unfixed> (unimportant)
 	NOTE: http://www.openwall.com/lists/oss-security/2008/06/13/1
 	NOTE: -vv is only used for debugging purposes so this does not
 	NOTE: prevent a victim from getting mails. -vv is not used in non-interactive
 	NOTE: use.
-CVE-2008-XXXX [gallery multiple security issues]
+CVE-2008-2720 [gallery2 XSS via host and path attributes]
 	- gallery2 2.2.5-1 (low; bug #485947)
 	- gallery <not-affected> (Vulnerable code not present, different
codebase)
-	NOTE: CVE id request was already on oss-security
+CVE-2008-2721 [gallery2 attackers can optain hidden albums]
+	- gallery2 2.2.5-1 (low; bug #485947)
+	- gallery <not-affected> (Vulnerable code not present, different
codebase)
+CVE-2008-2722 [gallery2 permission bypass for sub-albums]
+	- gallery2 2.2.5-1 (low; bug #485947)
+	- gallery <not-affected> (Vulnerable code not present, different
codebase)
+CVE-2008-2723 [gallery2 path disclosure]
+	- gallery2 2.2.5-1 (low; bug #485947)
+	- gallery <not-affected> (Vulnerable code not present, different
codebase)
+CVE-2008-2724 [gallery2 access restriction bypass]
+	- gallery2 2.2.5-1 (low; bug #485947)
+	- gallery <not-affected> (Vulnerable code not present, different
codebase)
 CVE-2008-2717 [typo3 code execution & xss]
 	- typo3-src 4.1.7-1 (bug #485814)
 CVE-2008-2685 (SQL injection vulnerability in article.asp in Battle Blog 1.25
Build 4 ...)

Secure testing commits - Jun 2008 - r9095 - data/CVE

[Secure-testing-commits] r9095 - data/CVE