joeyh at alioth.debian.org
2008-Dec-22 09:14 UTC
[Secure-testing-commits] r10775 - data/CVE
Author: joeyh
Date: 2008-12-22 09:14:11 +0000 (Mon, 22 Dec 2008)
New Revision: 10775
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-12-22 08:27:32 UTC (rev 10774)
+++ data/CVE/list 2008-12-22 09:14:11 UTC (rev 10775)
@@ -617,6 +617,7 @@
CVE-2008-5433 (Cross-site scripting (XSS) vulnerability in login.php in PunBB
1.3 and ...)
NOT-FOR-US: PunBB
CVE-2008-5432 (Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8,
1.7 ...)
+ {DSA-1691-1}
- moodle 1.8.2.dfsg-1 (bug #508593)
CVE-2008-5431 (Teamtek Universal FTP Server 1.0.44 allows remote attackers to
cause a ...)
NOT-FOR-US: Teamtek Universal FTP Server
@@ -1429,6 +1430,7 @@
CVE-2008-5082
RESERVED
CVE-2008-5081 (The originates_from_local_legacy_unicast_socket function ...)
+ {DSA-1690-1}
- avahi 0.6.23-3 (bug #508700; low)
CVE-2008-5080 (awstats.pl in AWStats 6.8 and earlier does not properly remove
quote ...)
{DSA-1679-1}
@@ -2004,11 +2006,13 @@
CVE-2008-4812 (Array index error in Adobe Reader and Acrobat, and the Explorer
...)
NOT-FOR-US: Adobe Reader Explorer extension
CVE-2008-4811 (The _expand_quoted_text function in
libs/Smarty_Compiler.class.php in ...)
+ {DSA-1691-1}
- smarty <unfixed> (bug #504328)
- moodle 1.8.2-2 (bug #504345)
[etch] - gallery2 <unfixed>
NOTE: This attack vector is *not* fixed in r2797
CVE-2008-4810 (The _expand_quoted_text function in
libs/Smarty_Compiler.class.php in ...)
+ {DSA-1691-1}
- smarty <unfixed> (bug #504328)
- moodle 1.8.2-2 (bug #504345)
[etch] - gallery2 <unfixed>
@@ -2063,6 +2067,7 @@
CVE-2008-4797 (Directory traversal vulnerability in Arihiro Kurata Kantan WEB
Server ...)
NOT-FOR-US: Arihiro Kurata Kantan WEB Server
CVE-2008-4796 (The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy
1.2.3 ...)
+ {DSA-1691-1}
- libphp-snoopy 1.2.4-1 (bug #504168; medium)
- ampache 3.4.1-2 (bug #504169)
- mahara 1.0.5-2 (bug #504170)
@@ -5967,9 +5972,11 @@
[etch] - turba2 <not-affected> (only version 2.2 contains vulnerable
code, etch has 2.1)
[etch] - horde3 <no-dsa> (Minor issue)
CVE-2008-3325 (Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x
before ...)
+ {DSA-1691-1}
- moodle 1.8.1-1 (low)
NOTE: http://moodle.org/mod/forum/discuss.php?d=101405
CVE-2008-3326 (Cross-site scripting (XSS) vulnerability in blog/edit.php in
Moodle ...)
+ {DSA-1691-1}
- moodle 1.8.2-2 (low; bug #492492)
NOTE: http://moodle.org/mod/forum/discuss.php?d=101401
CVE-2008-3327 (Moodle 1.6.5, when display_errors is enabled, allows remote
attackers ...)
@@ -10195,6 +10202,7 @@
- serendipity 1.3-1
NOTE:
http://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.html
CVE-2008-1502 (The _bad_protocol_once function in
phpgwapi/inc/class.kses.inc.php in ...)
+ {DSA-1691-1}
- egroupware 1.4.002.dfsg-2.1 (bug #471839)
- wordpress 2.5.0-1 (bug #504243)
- moodle 1.8.2-1.3 (bug #489533)
@@ -22013,6 +22021,7 @@
CVE-2007-3556 (Liesbeth base CMS stores sensitive information under the web
root with ...)
NOT-FOR-US: Liesbeth
CVE-2007-3555 (Cross-site scripting (XSS) vulnerability in index.php in Moodle
1.7.1 ...)
+ {DSA-1691-1}
- moodle 1.8.2-1 (low; bug #432264)
CVE-2007-3554 (Stack-based buffer overflow in the HPSDDX Class (SDD) ActiveX
control ...)
NOT-FOR-US: HP
@@ -22533,6 +22542,7 @@
- wireshark 0.99.6pre1-1
- ethereal <not-affected> (Vulnerable code not present)
CVE-2007-3372 (The Avahi daemon in Avahi before 0.6.20 allows attackers to
cause a ...)
+ {DSA-1690-1}
- avahi 0.6.20-2 (low)
[etch] - avahi <no-dsa> (Minor issue, only affects local users)
CVE-2007-3371 (PHP remote file inclusion vulnerability in ...)