jmm-guest at alioth.debian.org
2008-Nov-11 23:21 UTC
[Secure-testing-commits] r10368 - data/CVE
Author: jmm-guest Date: 2008-11-11 23:21:46 +0000 (Tue, 11 Nov 2008) New Revision: 10368 Modified: data/CVE/list Log: geshi status update Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-11-11 23:19:36 UTC (rev 10367) +++ data/CVE/list 2008-11-11 23:21:46 UTC (rev 10368) @@ -200,10 +200,14 @@ - dovecot <not-affected> (Vulnerable code not present prior to 1.1.4) TODO: check again if >= 1.1.4 gets uploaded CVE-2008-XXXX [GeSHi: Unspecified Code Execution Vulnerability] - - geshi 1.0.8.1-1 (bug #504445) - - dokuwiki 0.0.20080505-3.1 (bug #504682) - - pgfouine 1.0-1.1 (bug #504681) - NOTE: This is SA32559, no CVE yet + - geshi 1.0.8.1-1 (bug #504445) + NOTE: http://comments.gmane.org/gmane.comp.security.oss.general/1152 + [lenny] - geshi <no-dsa> (Should be sanitised from the app using geshi) + [etch] - geshi <no-dsa> (Should be sanitised from the app using geshi) + - dokuwiki 0.0.20080505-3.1 (unimportant; bug #504682) + NOTE: DokuWiki passes a static string to $path parameter + - pgfouine 1.0-1.1 (unimportant; bug #504681) + NOTE: pgfouine too does not override default language files path CVE-2008-6432 REJECTED CVE-2008-4878 (Unrestricted file upload vulnerability in the "Add Image Macro" ...)