joeyh at alioth.debian.org
2008-Oct-06 21:14 UTC
[Secure-testing-commits] r10014 - data/CVE
Author: joeyh
Date: 2008-10-06 21:14:14 +0000 (Mon, 06 Oct 2008)
New Revision: 10014
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-10-06 19:01:41 UTC (rev 10013)
+++ data/CVE/list 2008-10-06 21:14:14 UTC (rev 10014)
@@ -1,4 +1,84 @@
-CVE-2008-4408 [XSS in mediawiki]
+CVE-2008-4444
+ RESERVED
+CVE-2008-4443
+ RESERVED
+CVE-2008-4442
+ RESERVED
+CVE-2008-4441
+ RESERVED
+CVE-2008-4439 (PHP remote file inclusion vulnerability in admin/bin/patch.php
in ...)
+ TODO: check
+CVE-2008-4438 (Cross-site scripting (XSS) vulnerability in search.php in
Datafeed ...)
+ TODO: check
+CVE-2008-4437 (Directory traversal vulnerability in importxml.pl in Bugzilla
before ...)
+ TODO: check
+CVE-2008-4436 (SQL injection vulnerability in bblog_plugins/builtin.help.php in
bBlog ...)
+ TODO: check
+CVE-2008-4435 (Multiple cross-site scripting (XSS) vulnerabilities in the
RMSOFT ...)
+ TODO: check
+CVE-2008-4434 (Stack-based buffer overflow in (1) uTorrent 1.7.7 build 8179 and
...)
+ TODO: check
+CVE-2008-4433 (SQL injection vulnerability in search.php in the RMSOFT MiniShop
...)
+ TODO: check
+CVE-2008-4432 (Cross-site scripting (XSS) vulnerability in search.php in the
RMSOFT ...)
+ TODO: check
+CVE-2008-4431 (SQL injection vulnerability in index.php in IceBB 1.0-rc9.3 and
...)
+ TODO: check
+CVE-2008-4430 (The MagnatuneBrowser::listDownloadComplete function in ...)
+ TODO: check
+CVE-2008-4429 (Unspecified vulnerability in SOURCENEXT Virus Security ZERO
9.5.0173 ...)
+ TODO: check
+CVE-2008-4428 (Unrestricted file upload vulnerability in upload.php in
Phlatline''s ...)
+ TODO: check
+CVE-2008-4427 (changepassword.php in Phlatline''s Personal Information
Manager (pPIM) ...)
+ TODO: check
+CVE-2008-4426 (Cross-site scripting (XSS) vulnerability in events.php in
Phlatline''s ...)
+ TODO: check
+CVE-2008-4425 (Directory traversal vulnerability in upload.php in
Phlatline''s ...)
+ TODO: check
+CVE-2008-4424 (Cross-site scripting (XSS) vulnerability in index.php in Domain
Group ...)
+ TODO: check
+CVE-2008-4423 (SQL injection vulnerability in index.php in Ovidentia 6.6.5
allows ...)
+ TODO: check
+CVE-2008-4422
+ RESERVED
+CVE-2008-4421
+ RESERVED
+CVE-2008-4420
+ RESERVED
+CVE-2008-4419
+ RESERVED
+CVE-2008-4418
+ RESERVED
+CVE-2008-4417
+ RESERVED
+CVE-2008-4416
+ RESERVED
+CVE-2008-4415
+ RESERVED
+CVE-2008-4414
+ RESERVED
+CVE-2008-4413
+ RESERVED
+CVE-2008-4412
+ RESERVED
+CVE-2008-4411
+ RESERVED
+CVE-2008-4410 (The vmi_write_ldt_entry function in arch/x86/kernel/vmi_32.c in
the ...)
+ TODO: check
+CVE-2008-4409 (libxml2 2.7.0 and 2.7.1 does not properly handle
"predefined entities ...)
+ TODO: check
+CVE-2008-4406 (A certain Debian patch to the run scripts for sabre (aka xsabre)
...)
+ TODO: check
+CVE-2008-4405 (libvirt 0.3.3 relies on files located under subdirectories of
...)
+ TODO: check
+CVE-2008-4404 (The IPv6 Neighbor Discovery Protocol (NDP) implementation on IBM
...)
+ TODO: check
+CVE-2008-4403 (The CGI modules in the server in Trend Micro OfficeScan 8.0 SP1
before ...)
+ TODO: check
+CVE-2008-4402 (Multiple buffer overflows in CGI modules in the server in Trend
Micro ...)
+ TODO: check
+CVE-2008-4408 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1,
1.12.0, ...)
- mediawiki <unfixed> (low; bug #501115)
CVE-2008-XXXX [ibackup: insecure temp files]
- ibackup <removed> (low; bug #496432)
@@ -88,8 +168,8 @@
RESERVED
CVE-2008-4384
RESERVED
-CVE-2008-4383
- RESERVED
+CVE-2008-4383 (Stack-based buffer overflow in the Agranet-Emweb embedded
management ...)
+ TODO: check
CVE-2008-4382 (Konqueror in KDE 3.5.9 allows remote attackers to cause a denial
of ...)
- kdebase <unfixed> (unimportant)
NOTE: browser dos not treated as security issue. This is the same like
CVE-2008-4381
@@ -152,7 +232,7 @@
CVE-2008-XXXX [gdrae: insecure temp file]
- gdrae 0.1-1.1 (low; bug #496378)
[etch] - gdrae <no-dsa> (Minor issue)
-CVE-2008-4407 [sabre: insecure temp file]
+CVE-2008-4407 (XRunSabre in sabre (aka xsabre) 0.2.4b relies on the ability to
create ...)
- sabre 0.2.4b-25 (low; bug #433996)
[etch] - sabre <no-dsa> (Game not qualified as multi-user system, thus
minor issue)
CVE-2008-4366 (Unrestricted file upload vulnerability in the image upload
component ...)
@@ -167,13 +247,11 @@
NOT-FOR-US: DESlock
CVE-2008-4361 (Directory traversal vulnerability in PowerPortal 2.0.13 allows
remote ...)
NOT-FOR-US: PowerPortal
-CVE-2008-4360 [Information disclosure w/ mod_userdir]
- RESERVED
+CVE-2008-4360 (mod_userdir in lighttpd before 1.4.20, when a case-insensitive
...)
- lighttpd 1.4.19-5 (low)
NOTE: http://www.lighttpd.net/security/lighttpd_sa_2008_06.txt
NOTE: CVE id requested
-CVE-2008-4359 [Unexpected behavior of url.redirect / url.rewrite config
options]
- RESERVED
+CVE-2008-4359 (lighttpd before 1.4.20 compares URIs to patterns in the (1) ...)
- lighttpd 1.4.19-5 (low)
NOTE: http://www.lighttpd.net/security/lighttpd_sa_2008_05.txt
CVE-2008-4358 (Unspecified vulnerability in class/theme.class.php in SPAW
Editor PHP ...)
@@ -539,7 +617,8 @@
[etch] - chillispot <no-dsa> (minor issue)
CVE-2008-XXXX [unsafe usage of temp file]
- debtorrent <unfixed> (bug #500180)
-CVE-2008-4189 (Buffer overflow in the printer sharing services in the Samba
code in ...)
+CVE-2008-4189
+ REJECTED
NOT-FOR-US: Xerox
CVE-2008-4188 (Unspecified vulnerability in the TYPO3 Secure Directory
(kw_secdir) ...)
NOT-FOR-US: kw_secdir extension for TYPO3
@@ -1061,7 +1140,7 @@
NOT-FOR-US: The Real Estate Script
CVE-2008-3950 (Off-by-one error in the ...)
TODO: check
-CVE-2008-3949 (Emacs in SUSE Linux imports Python script from the current
working ...)
+CVE-2008-3949 (Emacs 22.1 and 22.2 imports Python script from the current
working ...)
- emacs22 <unfixed> (low; bug #499568)
- emacs21 <not-affected> (doesn''t provide the python
functionality)
- xemacs21 <not-affected> (doesn''t provide the python
functionality)
@@ -1362,10 +1441,9 @@
- iceape 1.1.12-1
CVE-2008-3834
RESERVED
-CVE-2008-3833
- RESERVED
-CVE-2008-3832 [utrace local DoS]
- RESERVED
+CVE-2008-3833 (The generic_file_splice_write function in fs/splice.c in the
Linux ...)
+ TODO: check
+CVE-2008-3832 (A certain Fedora patch for the utrace subsystem in the Linux
kernel ...)
- linux-2.6 <not-affected> (Fedora-specific patch)
CVE-2008-3831
RESERVED
@@ -1381,8 +1459,8 @@
NOTE: http://www.ocert.org/advisories/ocert-2008-013.html
CVE-2008-3826
RESERVED
-CVE-2008-3825
- RESERVED
+CVE-2008-3825 (pam_krb5 2.2.14 in Red Hat Enterprise Linux (RHEL) 5 and
earlier, when ...)
+ TODO: check
CVE-2008-3824 (Cross-site scripting (XSS) vulnerability in (1) ...)
{DTSA-165-1}
- horde3 <unfixed>
@@ -1608,7 +1686,7 @@
CVE-2008-XXXX [fwbuilder: insecure temp file]
- fwbuilder 2.1.19-5 (low; bug #496406)
[etch] - fwbuilder <no-dsa> (Minor issue)
-CVE-2008-4440 [feta: insecure temp file in to-upgrade plugin]
+CVE-2008-4440 (The to-upgrade plugin in feta 1.4.16 allows local users to
overwrite ...)
{DSA-1643-1}
- feta 1.4.16+nmu1 (low; bug #496397)
CVE-2008-XXXX [postfix: insecure temp file]
@@ -2091,7 +2169,7 @@
CVE-2008-3568 (Absolute path traversal vulnerability in ...)
- fckeditor <not-affected> (Vulnerable code not present)
NOTE: unak specific change, see fckeditor/unak_changes.txt in source
-CVE-2008-3567 (Unspecified vulnerability in the NowPlaying functionality in
NullSoft ...)
+CVE-2008-3567 (Cross-zone scripting vulnerability in the NowPlaying
functionality in ...)
NOT-FOR-US: NullSoft Winamp
CVE-2008-3566 (Cross-site scripting (XSS) vulnerability in ZoneO-soft freeForum
1.7 ...)
NOT-FOR-US: ZoneO-soft freeForum
@@ -4597,8 +4675,8 @@
NOT-FOR-US: cPanel
CVE-2008-2477 (SQL injection vulnerability in index.php in MxBB (aka MX-System)
...)
NOT-FOR-US: MxBB (MX-System)
-CVE-2008-2476
- RESERVED
+CVE-2008-2476 (The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1)
...)
+ TODO: check
CVE-2008-2475
RESERVED
CVE-2008-2474 (Buffer overflow in x87 before 3.5.5 in ABB Process Communication
Unit ...)
@@ -4671,8 +4749,8 @@
NOT-FOR-US: Cisco Secure ACS
CVE-2008-2440
RESERVED
-CVE-2008-2439
- RESERVED
+CVE-2008-2439 (Directory traversal vulnerability in the UpdateAgent function in
...)
+ TODO: check
CVE-2008-2438
RESERVED
CVE-2008-2437 (Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro
...)
@@ -5119,8 +5197,7 @@
RESERVED
CVE-2008-2237
RESERVED
-CVE-2008-2236
- RESERVED
+CVE-2008-2236 (Cross-site scripting (XSS) vulnerability in blosxom.cgi in
Blosxom ...)
- blosxom 2.1.2-1 (low; bug #500873)
[etch] - blosxom 2.0-14+etch1 (low; bug #500873)
CVE-2008-2235 (OpenSC before 0.11.5 uses weak permissions (ADMIN file control
...)