Secure testing commits - Oct 2008 - r10112 - data/CVE

Author: joeyh
Date: 2008-10-17 21:14:12 +0000 (Fri, 17 Oct 2008)
New Revision: 10112

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-10-17 17:51:10 UTC (rev 10111)
+++ data/CVE/list	2008-10-17 21:14:12 UTC (rev 10112)
@@ -1,3 +1,9 @@
+CVE-2008-4592 (Directory traversal vulnerability in index.php in Sports Clubs
Web ...)
+	TODO: check
+CVE-2008-4591 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	TODO: check
+CVE-2008-4590 (Multiple SQL injection vulnerabilities in Stash 1.0.3 allow
remote ...)
+	TODO: check
 CVE-2008-4589 (Heap-based buffer overflow in the tvtumin.sys kernel driver in
Lenovo ...)
 	NOT-FOR-US: Lenovo Rescue and Recovery
 CVE-2008-4588 (Stack-based buffer overflow in the FTP server in Etype Eserv
3.x, ...)
@@ -1444,7 +1450,7 @@
 	- opensc 0.11.4-5
 CVE-2008-3971 (Heap-based buffer overflow in the open_man_file function in ...)
 	- gmanedit 0.4.1-1.1 (low; bug #497835)
-        [etch] - gmanedit <no-dsa> (Minor issue)
+	[etch] - gmanedit <no-dsa> (Minor issue)
 CVE-2008-3970 (pam_mount 0.10 through 0.45, when luserconf is enabled, does not
...)
 	{DTSA-169-1}
 	- libpam-mount 0.48-1 (low; bug #499841)
@@ -1486,8 +1492,8 @@
 	- emacs22 22.2+2-4 (low; bug #499568)
 	- emacs21 <not-affected> (doesn''t provide the python
functionality)
 	- xemacs21 <not-affected> (doesn''t provide the python
functionality)
-        NOTE: This can happen with any Python script, just because Emacs
autoloads one
-        NOTE: doesn''t make it much worse
+	NOTE: This can happen with any Python script, just because Emacs autoloads one
+	NOTE: doesn''t make it much worse
 CVE-2008-3948 (SQL injection vulnerability in admin/users/self-2.php in XRMS
allows ...)
 	NOT-FOR-US: XRMS
 CVE-2008-3947 (DCL (aka the CLI) in OpenVMS Alpha 8.3 allows local users to
gain ...)
@@ -1558,7 +1564,7 @@
 	- linux-2.6 2.6.26-5
 	- linux-2.6.24 2.6.24-6~etchnhalf.5
 	[etch] - linux-2.6 <not-affected> (Vulnerable code was introduced in
2.6.19)
-        NOTE: 91b80969ba466ba4b915a4a1d03add8c297add3f
+	NOTE: 91b80969ba466ba4b915a4a1d03add8c297add3f
 CVE-2008-3911 (The proc_do_xprt function in net/sunrpc/sysctl.c in the Linux
kernel ...)
 	- linux-2.6 2.6.26-5
 	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
@@ -1579,7 +1585,7 @@
 	{DSA-1653-1}
 	- linux-2.6 2.6.23-1
 	- linux-2.6.24 <not-affected> (Vulnerable code not present)
-        NOTE: 848c4dd5153c7a0de55470ce99a8e13a63b4703f
+	NOTE: 848c4dd5153c7a0de55470ce99a8e13a63b4703f
 CVE-2008-3962 (The from_format function in ssmtp.c in ssmtp 2.61 and 2.62, in
certain ...)
 	- ssmtp 2.62-1.1 (low; bug #498366)
 	[etch] - ssmtp <no-dsa> (Minor issue, only affects rare corner cases)