jmm-guest at alioth.debian.org
2008-Nov-18 09:06 UTC
[Secure-testing-commits] r10412 - data/CVE
Author: jmm-guest Date: 2008-11-18 09:06:49 +0000 (Tue, 18 Nov 2008) New Revision: 10412 Modified: data/CVE/list Log: - new kernel issue - trac fixed - typo3 issue only a third party extension Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-11-18 09:02:07 UTC (rev 10411) +++ data/CVE/list 2008-11-18 09:06:49 UTC (rev 10412) @@ -7,10 +7,7 @@ CVE-2008-5097 (SQL injection vulnerability in index.php in MyFWB 1.0 allows remote ...) NOT-FOR-US: MyFWB CVE-2008-5096 (Unspecified vulnerability in the TYPO3 File List (file_list) extension ...) - - typo3-src-4.2 <unfixed> (bug #506079; medium) - - typo3-src-4.0 <unfixed> (bug #506080; medium) - NOTE: upstream is not going to fix the bug, - NOTE: they recommend to remove the extension until it is not fixed. + NOT-FOR-US: Typo3 third party extension "file_list" CVE-2008-5095 (Cross-site scripting (XSS) vulnerability in the Novell User ...) NOT-FOR-US: Novell User Application CVE-2008-5094 (Heap-based buffer overflow in the NDS Service in Novell eDirectory ...) @@ -138,8 +135,9 @@ - websvn 2.0-4 (bug #503330) NOTE: http://www.gulftech.org/?node=research&article_id=00132-10202008 CVE-2008-5033 (The chip_command function in drivers/media/video/tvaudio.c in the ...) - - linux-2.6 2.6.26-10 - - linux-2.6.24 <unfixed> + - linux-2.6 2.6.26-11 + [etch] - linux-2.6.24 <not-affected> (Vulnerable code not present; different ioctls3B) + [etch] - linux-2.6 <not-affected> (Vulnerable code not present; different ioctls) CVE-2008-5031 (Multiple integer overflows in Python 2.5.2 allow context-dependent ...) - python2.5 2.5.2-11.1 TODO: check python2.4 @@ -196,7 +194,7 @@ - linux-2.6 2.6.26-11 - linux-2.6.24 <unfixed> CVE-2008-XXXX [Trac Multiple Vulnerabilities] - - trac <unfixed> (bug #505197) + - trac 0.11.1-2.1 (bug #505197) CVE-2008-5008 (Buffer overflow in src/src_sinc.c in Secret Rabbit Code (aka SRC or ...) - libsamplerate 0.1.4-1 CVE-2008-5006 (smtp.c in the c-client library in University of Washington IMAP ...)