nion at alioth.debian.org
2008-Oct-14 22:14 UTC
[Secure-testing-commits] r10088 - data/CVE
Author: nion
Date: 2008-10-14 22:14:04 +0000 (Tue, 14 Oct 2008)
New Revision: 10088
Modified:
data/CVE/list
Log:
new vlc issue in xspf parser
CVE-2008-3661 fixed in drupal5 5.10-2/drupal6 6.4-2
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-10-14 21:14:23 UTC (rev 10087)
+++ data/CVE/list 2008-10-14 22:14:04 UTC (rev 10088)
@@ -1,3 +1,8 @@
+CVE-2008-XXXX [vlc xspf memory corruption]
+ - vlc <unfixed>
+ NOTE: CVE id requested
+ NOTE: http://www.coresecurity.com/content/vlc-xspf-memory-corruption
+ TODO: report bug
CVE-2008-4545 (Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and
7.x ...)
TODO: check
CVE-2008-4544 (Unspecified vulnerability in an unspecified Microsoft API, as
used by ...)
@@ -2215,10 +2220,10 @@
- gallery 1.5.9-1
- gallery2 2.2.6-1
CVE-2008-3661 (Drupal, probably 5.10 and 6.4, does not set the secure flag for
the ...)
- - drupal5 <unfixed> (low; bug #501063)
- - drupal6 <unfixed> (low; bug #501058)
+ - drupal5 5.10-2 (low; bug #501063)
+ - drupal6 6.4-2 (low; bug #501058)
NOTE: drupal upstreams advise the users to set session.cookie_secure in the
php configuration
- NOTE: this should be sufficient but documented in README.Debian to fix this
bug
+ NOTE: to fix this has been documented in README.Debian
CVE-2008-3660 (PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6, when used as a
...)
{DSA-1647-1}
- php5 5.2.6-4 (medium)