nion at alioth.debian.org
2008-Aug-17 12:06 UTC
[Secure-testing-commits] r9597 - in data: CVE DTSA
Author: nion
Date: 2008-08-17 12:06:17 +0000 (Sun, 17 Aug 2008)
New Revision: 9597
Modified:
data/CVE/list
data/DTSA/list
Log:
releasing DTSA-156-1 (drupal5)
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-08-17 03:07:03 UTC (rev 9596)
+++ data/CVE/list 2008-08-17 12:06:17 UTC (rev 9597)
@@ -5,6 +5,8 @@
NOTE: CVE id requested
CVE-2008-XXXX [drupal XSS]
- drupal5 5.10-1 (low; bug #495122)
+ [lenny] - drupal5 5.9-1~lenny1
+ NOTE: this is temporary workaround because of the missing CVE id, this is
DTSA-156-1
TODO: check drupal4.7, request CVE id
NOTE: CVE id requested by oss people
CVE-2008-3666 (Unspecified vulnerability in Sun Solaris 10 and OpenSolaris
before ...)
@@ -42,10 +44,10 @@
CVE-2008-3653 (Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware
before ...)
- tikiwiki <removed>
CVE-2008-3652 (src/racoon/handler.c in racoon in ipsec-tools does not remove an
...)
- - ipsec-tools <unfixed> (bug #495214)
-CVE-2008-3651 (Memory leak in racoon/proposal.c in the racoon daemon in
ipsec-tools ...)
- ipsec-tools 1:0.7.1-1 (low)
NOTE: attacker needs to be authenticated, see
https://bugzilla.redhat.com/show_bug.cgi?id=456660
+CVE-2008-3651 (Memory leak in racoon/proposal.c in the racoon daemon in
ipsec-tools ...)
+ - ipsec-tools <unfixed> (bug #495214)
CVE-2008-3650 (Multiple unspecified vulnerabilities in Horde Groupware Webmail
before ...)
- horde3 3.2.1+debian0-1 (low; bug #495332)
NOTE: this should be a dup of CVE-2008-3330, maybe it''ll get a CVE id
split
@@ -385,7 +387,7 @@
NOTE: gaim is now a transitional package depending on pidgin with its own
source package
NOTE: http://developer.pidgin.im/ticket/6500
CVE-2008-3546 (Stack-based buffer overflow in the (1) diff_addremove and (2)
...)
- {DTSA-153-1 DTSA-153-2}
+ {DTSA-153-1}
- git-core 1:1.5.6.5 (medium; bug #494097)
CVE-2008-3484 (SQL injection vulnerability in eStoreAff 0.1 allows remote
attackers ...)
NOT-FOR-US: eStoreAff
@@ -1000,7 +1002,6 @@
CVE-2008-3330 (Cross-site scripting (XSS) vulnerability in ...)
- horde3 3.2.1+debian0-1 (low; bug #492578)
- turba 2.2.1-1 (low)
- NOTE: CVE id requested
CVE-2008-3325 (Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x
before ...)
- moodle 1.8.1-1 (low)
NOTE: http://moodle.org/mod/forum/discuss.php?d=101405
Modified: data/DTSA/list
==================================================================---
data/DTSA/list 2008-08-17 03:07:03 UTC (rev 9596)
+++ data/DTSA/list 2008-08-17 12:06:17 UTC (rev 9597)
@@ -457,3 +457,5 @@
{CVE-2008-3546}
[lenny] - git-core 1.5.6.3-1+lenny2
NOTE: DTSA-153-1 was incomplete
+[August 17th, 2008] DTSA-156-1 drupal5 - multiple vulnerabilities
+ [lenny] - drupal5 5.9-1~lenny1