jmm-guest at alioth.debian.org
2008-Oct-13 15:57 UTC
[Secure-testing-commits] r10072 - data/CVE
Author: jmm-guest Date: 2008-10-13 15:57:41 +0000 (Mon, 13 Oct 2008) New Revision: 10072 Modified: data/CVE/list Log: - mediawiki fixed - wims fixed - jasper fixed - pidgin fixed - remaining plone issues are against "best practices" and won''t be fixed by upstream Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-10-13 15:50:08 UTC (rev 10071) +++ data/CVE/list 2008-10-13 15:57:41 UTC (rev 10072) @@ -256,7 +256,7 @@ CVE-2008-4402 (Multiple buffer overflows in CGI modules in the server in Trend Micro ...) NOT-FOR-US: Trend Micro OfficeScan CVE-2008-4408 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0, ...) - - mediawiki <unfixed> (low; bug #501115) + - mediawiki 1:1.13.2-1 (low; bug #501115) CVE-2008-4475 (ibackup 2.27 allows local users to overwrite arbitrary files via a ...) - ibackup <removed> (low; bug #496432) [etch] - ibackup <no-dsa> (Minor issues) @@ -306,7 +306,7 @@ - konwert 1.8-11.2 (low; bug #496379) [etch] - konwert <no-dsa> (Minor issue) CVE-2008-XXXX [wims: insecure temp file] - - wims <unfixed> (low; bug #496387) + - wims 3.62-13.1 (low; bug #496387) [etch] - wims <no-dsa> (Minor issue) CVE-2008-4474 (freeradius-dialupadmin in freeradius 2.0.4 allows local users to ...) - freeradius 2.0.4+dfsg-6 (low; bug #496389) @@ -2499,17 +2499,17 @@ CVE-2008-3523 RESERVED CVE-2008-3522 (Buffer overflow in the jas_stream_printf function in ...) - - jasper <unfixed> (medium; bug #501021) + - jasper 1.900.1-5.1 (medium; bug #501021) CVE-2008-3521 (The jas_stream_tmpfile function in libjasper/base/jas_stream.c in ...) - - jasper <unfixed> (unimportant; bug #501021) + - jasper 1.900.1-5.1 (unimportant; bug #501021) NOTE: file is opened with O_EXCL even if tmpnam is used in this case CVE-2008-3520 (Multiple integer overflows in JasPer 1.900.1 might allow ...) - - jasper <unfixed> (medium; bug #501021) + - jasper 1.900.1-5.1 (medium; bug #501021) CVE-2008-3519 (The default configuration of the JBossAs component in Red Hat JBoss ...) - jbossas4 <not-affected> (configuration not yet included in Debian package) CVE-2008-3518 RESERVED -CVE-2008-3517 [rejected] +CVE-2008-3517 RESERVED CVE-2008-3516 (Multiple cross-site scripting (XSS) vulnerabilities in files generated ...) NOT-FOR-US: Adobe Presenter @@ -4046,7 +4046,7 @@ NOTE: gaim is now a transitional package depending on pidgin with its own source package NOTE: jabber servers should not forward malformed XML CVE-2008-2957 (The UPnP functionality in Pidgin 2.0.0, and possibly other versions, ...) - - pidgin <unfixed> (low; bug #488632) + - pidgin 2.4.3-4 (low; bug #488632) - gaim 1:2.0.0+fake.1 NOTE: gaim is now a transitional package depending on pidgin with its own source package NOTE: probably only a bandwidth issue @@ -7390,13 +7390,16 @@ NOT-FOR-US: Check Point VPN CVE-2008-1396 (Plone CMS 3.x uses invariant data (a client username and a server ...) - plone3 <unfixed> (low; bug #473571) + [lenny] - plone3 <no-dsa> (Only an issue if not following best practices, see bug #473571) CVE-2008-1395 (Plone CMS does not record users'' authentication states, and implements ...) - plone3 <unfixed> (low; bug #473571) + [lenny] - plone3 <no-dsa> (Only an issue if not following best practices, see bug #473571) CVE-2008-1394 (Plone CMS before 3 places a base64 encoded form of the username and ...) - zope-cmfplone <removed> NOTE: doesn''t apply to v3 CVE-2008-1393 (Plone CMS 3.0.5, and probably other 3.x versions, places a base64 ...) - plone3 <unfixed> (low; bug #473571) + [lenny] - plone3 <no-dsa> (Only an issue if not following best practices, see bug #473571) CVE-2008-1392 (The default configuration of VMware Workstation 6.0.2, VMware Player ...) - vmware-package <unfixed> (low; bug #486177) [etch] - vmware-package <no-dsa> (Contrib not supported)