atomo64-guest at alioth.debian.org
2008-Dec-16 16:17 UTC
[Secure-testing-commits] r10705 - data/CVE
Author: atomo64-guest Date: 2008-12-16 16:17:27 +0000 (Tue, 16 Dec 2008) New Revision: 10705 Modified: data/CVE/list Log: moodle''s XSS fixed, but affected by roundcube''s html2text Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-12-16 05:47:14 UTC (rev 10704) +++ data/CVE/list 2008-12-16 16:17:27 UTC (rev 10705) @@ -156,6 +156,8 @@ CVE-2008-XXXX [roundcube remote code execution via preg_replace in html2text.php] - roundcube 0.1.1-9 (high; bug #508628) NOTE: According to the bug report, this is being exploited. + [sid] - moodle <unfixed> (bug #508909) + NOTE: moodle recently copied roundcube''s html2text due to their copy being non-free CVE-2008-XXXX [other symlink attack vectors in gpsdrive] - gpsdrive <unfixed> (bug #508597) TODO: request CVE id @@ -266,7 +268,7 @@ CVE-2008-5433 (Cross-site scripting (XSS) vulnerability in login.php in PunBB 1.3 and ...) NOT-FOR-US: PunBB CVE-2008-5432 (Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 ...) - - moodle <unfixed> (bug #508593) + - moodle 1.8.2.dfsg-1 (bug #508593) CVE-2008-5431 (Teamtek Universal FTP Server 1.0.44 allows remote attackers to cause a ...) NOT-FOR-US: Teamtek Universal FTP Server CVE-2008-5430 (Mozilla Thunderbird 2.0.14 does not properly handle (1) ...)