Author: nion Date: 2008-07-06 09:34:51 +0000 (Sun, 06 Jul 2008) New Revision: 9245 Modified: data/CVE/list Log: update description for python-werkzeug CVE-2008-2430 fixed in vlc 0.8.6.h-1 Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-07-05 21:38:08 UTC (rev 9244) +++ data/CVE/list 2008-07-06 09:34:51 UTC (rev 9245) @@ -26,10 +26,9 @@ - linuxdcpp 1.0.1-2 (low; bug #488630) CVE-2008-2958 [possible symlink attack in checkinstall] - checkinstall 1.6.1-7 (low; bug #488140) -CVE-2008-XXXX [unspecified python-werkzeug issue] +CVE-2008-XXXX [werkzeug hashes its secret instead of using hmac] - python-werkzeug 0.3.1-1 (unknown) NOTE: http://lucumr.pocoo.org/cogitations/2008/06/24/werkzeug-031-released/ - NOTE: contacted upstream for exploit vector CVE-2008-XXXX [sudo does not flush stdin on timeout] - sudo 1.6.9p12-1 [etch] - sudo <not-affected> (Issue was introduced in 1.6.9) @@ -907,7 +906,7 @@ RESERVED CVE-2008-2430 [vlc heap overflow in wav decoding] RESERVED - - vlc <unfixed> (medium; bug #489004) + - vlc 0.8.6.h-1 (medium; bug #489004) CVE-2008-2429 RESERVED CVE-2008-2428 (Multiple SQL injection vulnerabilities in TorrentTrader 1.08 Classic ...)