atomo64-guest at alioth.debian.org
2008-Dec-18 05:18 UTC
[Secure-testing-commits] r10724 - data/CVE
Author: atomo64-guest Date: 2008-12-18 05:18:03 +0000 (Thu, 18 Dec 2008) New Revision: 10724 Modified: data/CVE/list Log: mediawiki and moodle issues fixed Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-12-17 22:31:51 UTC (rev 10723) +++ data/CVE/list 2008-12-18 05:18:03 UTC (rev 10724) @@ -337,11 +337,10 @@ CVE-2008-5619 [roundcube remote code execution via preg_replace in html2text.php] - roundcube 0.1.1-9 (high; bug #508628) NOTE: According to the bug report, this is being exploited. - [sid] - moodle <unfixed> (bug #508909) + [sid] - moodle 1.8.2.dfsg-2 (bug #508909) NOTE: moodle recently copied roundcube''s html2text due to their copy being non-free CVE-2008-XXXX [other symlink attack vectors in gpsdrive] - gpsdrive <unfixed> (bug #508597) - TODO: request CVE id CVE-2008-5485 RESERVED CVE-2008-5484 @@ -822,16 +821,16 @@ RESERVED CVE-2008-5252 [CSRF vulnerability affecting the Special:Import feature] RESERVED - - mediawiki <unfixed> (bug #508870) + - mediawiki 1:1.13.3-1 (bug #508870) CVE-2008-5251 RESERVED CVE-2008-5250 [local script injection vulnerabilities on MediaWiki installations with uploads enabled] RESERVED - - mediawiki <unfixed> (bug #508869) + - mediawiki 1:1.13.3-1 (bug #508869) CVE-2008-5249 [XSS vulnerability affecting all MediaWiki installations between 1.13.0 and 1.13.2] RESERVED - mediawiki <not-affected> (vulnerable code was introduced in 1.13.0) - TODO: [experimental] - mediawiki <unfixed> (bug #508868) + TODO: [experimental] - mediawiki 1:1.13.3-1 (bug #508868) CVE-2008-5276 (Integer overflow in the ReadRealIndex function in real.c in the Real ...) - vlc <not-affected> (vulnerable code not present) NOTE: affected versions are >= 0.9.x (experimental)