nion at alioth.debian.org
2008-Oct-27 08:48 UTC
[Secure-testing-commits] r10175 - data/CVE
Author: nion
Date: 2008-10-27 08:48:00 +0000 (Mon, 27 Oct 2008)
New Revision: 10175
Modified:
data/CVE/list
Log:
CVE-2008-4677 non-issue
only one issue of SA-2008-067 affects drupal5
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-10-27 08:47:00 UTC (rev 10174)
+++ data/CVE/list 2008-10-27 08:48:00 UTC (rev 10175)
@@ -34,6 +34,7 @@
CVE-2008-4724 (Multiple cross-site scripting (XSS) vulnerabilities in Google
Chrome ...)
{CVE-2008-4723}
TODO: check if Webkit is affected
+ NOTE: not reproducible using iceweasel 3.0.1
CVE-2008-4723 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla
Firefox ...)
{CVE-2008-4724}
TODO: check
@@ -129,14 +130,14 @@
CVE-2008-4678 (The HTTP_Request_Parser method in the HTTP Transport component
in IBM ...)
NOT-FOR-US: IBM Websphere
CVE-2008-4677 (autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other
versions ...)
- TODO: check
+ - vim <unfixed> (unimportant)
+ NOTE: documented in netrw documentation
CVE-2008-XXXX [local file inclusion in drupal]
- drupal6 <unfixed> (low; bug #503222)
- drupal5 5.10-3 (low; bug #503217)
CVE-2008-XXXX [XSS in book module in drupal]
- drupal6 <unfixed> (low; bug #503222)
- - drupal5 5.10-3 (low; bug #503217)
- TODO: check if druapal5 really has this vulnerability, the code looks
different
+ - drupal5 <not-affected> (vulnerable code not present)
CVE-2008-4676 (Unspecified vulnerability in Citrix XenApp (formerly
Presentation ...)
NOT-FOR-US: Citrix XenApp
CVE-2008-4675 (SQL injection vulnerability in index.php in PHPcounter 1.3.2 and
...)