nion at alioth.debian.org
2008-Oct-14 11:36 UTC
[Secure-testing-commits] r10081 - data/CVE
Author: nion
Date: 2008-10-14 11:36:42 +0000 (Tue, 14 Oct 2008)
New Revision: 10081
Modified:
data/CVE/list
Log:
CVE-2008-3906, CVE-2008-3422 fixed in mono 1.9.1+dfsg-4
CVE-2008-1633 fixed in mondo 1:2.2.7-1
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-10-14 11:31:12 UTC (rev 10080)
+++ data/CVE/list 2008-10-14 11:36:42 UTC (rev 10081)
@@ -1442,7 +1442,7 @@
[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
[etch] - linux-2.6.24 <not-affected> (Vulnerable code not present)
CVE-2008-3906 (CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier
allows ...)
- - mono <unfixed> (low; bug #498894)
+ - mono 1.9.1+dfsg-4 (low; bug #498894)
CVE-2008-3905 (resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287,
1.8.7 ...)
{DSA-1652-1 DSA-1651-1}
- ruby1.8 1.8.7.72-1 (bug #498978)
@@ -2729,7 +2729,7 @@
CVE-2008-3423 (IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers
to ...)
NOT-FOR-US: IBM WebSphere Portal
CVE-2008-3422 (Multiple cross-site scripting (XSS) vulnerabilities in the
ASP.net ...)
- - mono <unfixed> (low; bug #494406)
+ - mono 1.9.1+dfsg-4 (low; bug #494406)
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=413534
NOTE:
http://n2.nabble.com/-PATCH--HTML-encode-attributes-that-might-need-encoding-td584193.html
CVE-2004-2760 (sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled,
immediately ...)
@@ -6860,7 +6860,7 @@
CVE-2008-1634 (Cross-site scripting (XSS) vulnerability in index.php in JV2
Folder ...)
NOT-FOR-US: JV2 Folder Gallery
CVE-2008-1633 (Unspecified vulnerability in Mondo Rescue before 2.2.5 has
unknown ...)
- - mondo <unfixed> (bug #475221)
+ - mondo 1:2.2.7-1 (bug #475221)
CVE-2008-1632 (Multiple SQL injection vulnerabilities in CuteFlow 2.10.0 allow
remote ...)
- cuteflow <itp> (bug #465372)
CVE-2008-1631 (SQL injection vulnerability in login.php in CuteFlow 1.5.0 and
2.10.0 ...)