jmm-guest at alioth.debian.org
2008-Nov-13 10:28 UTC
[Secure-testing-commits] r10383 - data/CVE
Author: jmm-guest Date: 2008-11-13 10:28:38 +0000 (Thu, 13 Nov 2008) New Revision: 10383 Modified: data/CVE/list Log: - three new typo3 issues (fixed in unstable) - new websvn issues (fixed in unstable) - clamav CVEfied - python2.5 fixed in unstable - PHP randomness issues need to be revisited for Etch Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-11-12 22:33:30 UTC (rev 10382) +++ data/CVE/list 2008-11-13 10:28:38 UTC (rev 10383) @@ -1,3 +1,12 @@ +CVE-2008-XXXX [typo3: XSS vulnerability in Typo3 backendmodul "fileadmin"] + - typo3-src 4.2.3-1 (bug #505324) +CVE-2008-XXXX [typo3: XSS vulnerability in Typo3 sysext "felogin"] + - typo3-src 4.2.3-1 (bug #505325) +CVE-2008-XXXX [typo3: passwords are not changeable bug in the backend] + - typo3-src 4.2.3-1 (bug #505326) +CVE-2008-XXXX [websvn Cross Site Scripting and Directory Traversal] + - websvn 2.0-4 (bug #503330) + NOTE: http://www.gulftech.org/?node=research&article_id=00132-10202008 CVE-2008-5034 (** DISPUTED ** ...) TODO: check CVE-2008-5033 (The chip_command function in drivers/media/video/tvaudio.c in the ...) @@ -84,8 +93,8 @@ - initramfs-tools <unfixed> (unimportant; bug #496386) CVE-2008-4992 (The SPARC hypervisor in Sun System Firmware 6.6.3 through 6.6.5 and ...) NOT-FOR-US: Sun System Firmware -CVE-2008-XXXX [ClamAV get_unicode_name() off-by-one buffer overflow] - - clamav 0.94.dfsg.1-1~volatile1 (bug #505134) +CVE-2008-5050 [ClamAV get_unicode_name() off-by-one buffer overflow] + - clamav 0.94.dfsg.1-1 (bug #505134) CVE-2008-4991 (SQL injection vulnerability in LOCKON CO.,LTD. EC-CUBE 2.3.0 and ...) NOT-FOR-US: LOCKON CO.,LTD. EC-CUBE CVE-2008-XXXX [yzis insecure temp file] @@ -310,7 +319,7 @@ CVE-2008-4865 (Untrusted search path vulnerability in valgrind allows local users to ...) TODO: check CVE-2008-4864 (Multiple integer overflows in imageop.c in the imageop module in ...) - - python2.5 <unfixed> (bug #504619) + - python2.5 2.5.2-12 (bug #504619) - python2.4 <unfixed> (bug #504620) CVE-2008-4863 (Untrusted search path vulnerability in BPY_interface in Blender 2.46 ...) - blender 2.46+dfsg-5 (bug #503632) @@ -6868,13 +6877,9 @@ NOTE: totally different approach to fix the bug, see Kurts comments in the bug report CVE-2008-2108 (The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, ...) - php5 5.2.2-1 (low) - [etch] - php4 <not-affected> (Vulnerable code not present) - [etch] - php5 <not-affected> (Vulnerable code not present) NOTE: http://www.sektioneins.de/advisories/SE-2008-02.txt CVE-2008-2107 (The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, ...) - php5 5.2.2-1 (low) - [etch] - php4 <not-affected> (Vulnerable code not present) - [etch] - php5 <not-affected> (Vulnerable code not present) NOTE: closely related to CVE-2008-2108 CVE-2008-2106 (Call of Duty 4 (CoD4) 1.5 and earlier allows remote authenticated ...) NOT-FOR-US: Call of Duty