nion at alioth.debian.org
2008-Dec-21 13:26 UTC
[Secure-testing-commits] r10759 - data/CVE
Author: nion Date: 2008-12-21 13:26:05 +0000 (Sun, 21 Dec 2008) New Revision: 10759 Modified: data/CVE/list Log: NFUs CVE-2008-56[68-70] fixed in textpattern 4.0.6-1 new classpath issue (CVE-2008-5659) CVE-2008-5656 fixed in typo3 4.2.3-1 quassel cveified Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-12-21 12:53:03 UTC (rev 10758) +++ data/CVE/list 2008-12-21 13:26:05 UTC (rev 10759) @@ -3,7 +3,7 @@ CVE-2008-5677 (Unrestricted file upload vulnerability in Kwalbum 2.0.4, 2.0.2, and ...) NOT-FOR-US: Kwalbum CVE-2008-5676 (Multiple unspecified vulnerabilities in the ModSecurity (aka ...) - TODO: check + NOT-FOR-US: ModSecurity CVE-2008-5675 (Unspecified vulnerability in IBM WebSphere Portal 6.0 before 6.0.1.5 ...) NOT-FOR-US: IBM WebSphere Portal CVE-2008-5674 (Multiple array index errors in the HTTP server in Darkwet Network ...) @@ -15,11 +15,11 @@ CVE-2008-5671 (PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 ...) NOT-FOR-US: Joomla CVE-2008-5670 (Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password ...) - TODO: check + - textpattern 4.0.6-1 (low) CVE-2008-5669 (index.php in the comments preview section in Textpattern (aka Txp CMS) ...) - TODO: check + - textpattern 4.0.6-1 (low) CVE-2008-5668 (Multiple cross-site scripting (XSS) vulnerabilities in Textpattern ...) - TODO: check + - textpattern 4.0.6-1 (low) CVE-2008-5667 (The scanning engine in VirusBlokAda VBA32 Personal Antivirus 3.12.8.x ...) NOT-FOR-US: VBA32 Personal Antivirus CVE-2008-5666 (WinFTP FTP Server 2.3.0, when passive (aka PASV) mode is used, allows ...) @@ -31,15 +31,16 @@ CVE-2008-5663 (Multiple unrestricted file upload vulnerabilities in Kusaba 1.0.4 and ...) NOT-FOR-US: Kusaba CVE-2008-5662 (Multiple buffer overflows in Sun Java Wireless Toolkit (WTK) for CLDC ...) - TODO: check + NOT-FOR-US: Sun Java Wireless Toolkit CVE-2008-5661 (The IPv4 Forwarding feature in Sun Solaris 10 and OpenSolaris snv_47 ...) NOT-FOR-US: Sun Solaris CVE-2008-5659 (The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and ...) - TODO: check + - classpath <unfixed> + TODO: report bug CVE-2008-5657 (CRLF injection vulnerability in Quassel Core before 0.3.0.3 allows ...) - TODO: check + - quassel 0.2~rc1-1.1 (bug #506550) CVE-2008-5656 (Cross-site scripting (XSS) vulnerability in the frontend plugin for ...) - TODO: check + - typo3 4.2.3-1 (low) CVE-2008-5655 (Multiple SQL injection vulnerabilities in MyioSoft EasyBookMarker 4.0 ...) NOT-FOR-US: MyioSoft EasyBookMarker CVE-2008-5654 (SQL injection vulnerability in the loginADP function in ajaxp.php in ...) @@ -1160,8 +1161,6 @@ - verlihub <unfixed> (low; bug #506530) TODO: further investigation on this package is needed NOTE: see http://asdfasdf.ethz.ch/~tar/lina/rats/verlihub.rats -CVE-2008-XXXX [Quassel CTCP Handling Arbitrary Message Manipulation Vulnerability] - - quassel 0.2~rc1-1.1 (bug #506550) CVE-2008-5189 (CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows ...) - rails 2.1.0-6 (low) CVE-2008-5188 (The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and ...)