joeyh at alioth.debian.org
2008-Dec-20 09:14 UTC
[Secure-testing-commits] r10737 - data/CVE
Author: joeyh
Date: 2008-12-20 09:14:12 +0000 (Sat, 20 Dec 2008)
New Revision: 10737
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-12-20 01:25:43 UTC (rev 10736)
+++ data/CVE/list 2008-12-20 09:14:12 UTC (rev 10737)
@@ -756,18 +756,18 @@
TODO: check
CVE-2008-5361 (The ActionScript 2 virtual machine in Adobe Flash Player 10.x
before ...)
TODO: check
-CVE-2008-5617 [RSyslog "AllowedSender" Security Bypass Vulnerability]
+CVE-2008-5617 (The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1
does ...)
- rsyslog 3.18.6-1 (bug #508027)
CVE-2008-XXXX [phpPgAdmin: Local File Inclusion Vulnerability]
- phppgadmin <unfixed> (bug #508026)
NOTE: register_globals=on is required
NOTE: http://www.milw0rm.com/exploits/7363
-CVE-2008-5624 [php apache/2 SAPI php_getuid() overload]
+CVE-2008-5624 (PHP 5 before 5.2.7 does not properly initialize the page_uid and
...)
- php5 <unfixed> (bug #508021)
NOTE: Fixed in php 5.2.7, not yet in the archive
NOTE: http://securityreason.com/achievement_securityalert/59
TODO: check php4
-CVE-2008-5660 [Format string vulnerability in vinagre]
+CVE-2008-5660 (Format string vulnerability in the vinagre_utils_show_error
function ...)
- vinagre 0.5.1-2
CVE-2008-5360 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10
and ...)
TODO: check
@@ -845,7 +845,7 @@
NOT-FOR-US: IBM
CVE-2007-6719 (SQL injection vulnerability in Wiz-Ad 1.3 allows remote
attackers to ...)
NOT-FOR-US: Wiz-Ad
-CVE-2008-5658 [php5/ext/zip: ZipArchive::extractTo() Directory Traversal
Vulnerability]
+CVE-2008-5658 (Directory traversal vulnerability in the ZipArchive::extractTo
...)
- php5 <unfixed> (bug #507857)
- php4 <unfixed>
CVE-2008-5323 (Cross-site scripting (XSS) vulnerability in index.php in Wysi
Wiki Wyg ...)
@@ -1182,7 +1182,7 @@
CVE-2008-5187 (The load function in the XPM loader for imlib2 1.4.2, and
possibly ...)
{DSA-1672-1}
- imlib2 1.4.0-1.2 (bug #505714)
-CVE-2008-5625 [php5 safe mode bypass via php_value error_log in .htaccess]
+CVE-2008-5625 (PHP 5 before 5.2.7 does not enforce the error_log safe_mode ...)
- php5 <unfixed> (unimportant)
NOTE: http://securityreason.com/achievement_securityalert/57
CVE-2008-5312 (mailscanner 4.55.10 might allow local users to overwrite
arbitrary ...)