joeyh at alioth.debian.org
2009-Jan-06 21:14 UTC
[Secure-testing-commits] r10872 - data/CVE
Author: joeyh Date: 2009-01-06 21:14:12 +0000 (Tue, 06 Jan 2009) New Revision: 10872 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-01-06 15:46:27 UTC (rev 10871) +++ data/CVE/list 2009-01-06 21:14:12 UTC (rev 10872) @@ -1,12 +1,26 @@ +CVE-2008-5847 (Constructr CMS 3.02.5 and earlier stores passwords in cleartext in a ...) + TODO: check +CVE-2008-5846 (Six Apart Movable Type (MT) before 4.23 allows remote authenticated ...) + TODO: check +CVE-2008-5845 (Multiple cross-site scripting (XSS) vulnerabilities in Six Apart ...) + TODO: check +CVE-2008-5844 (PHP 5.2.7 contains an incorrect change to the FILTER_UNSAFE_RAW ...) + TODO: check +CVE-2008-5843 (Multiple untrusted search path vulnerabilities in pdfjam allow local ...) + TODO: check +CVE-2008-5842 (Multiple cross-site scripting (XSS) vulnerabilities in Fujitsu-Siemens ...) + TODO: check +CVE-2004-2761 (The MD5 Message-Digest Algorithm is not collision resistant, which ...) + TODO: check CVE-2008-XXXX [auctex insecure temp file] - auctex 11.83-7.3 (bug #506961) -CVE-2008-5841 +CVE-2008-5841 (Multiple SQL injection vulnerabilities in iGaming 1.5 and earlier ...) NOT-FOR-US: iGaming -CVE-2008-5840 +CVE-2008-5840 (PHP iCalendar 2.24 and earlier allows remote attackers to bypass ...) NOT-FOR-US: PHP iCalendar -CVE-2008-5839 +CVE-2008-5839 (Buffer overflow in Foxmail 6.5 allows remote attackers to execute ...) NOT-FOR-US: Foxmail -CVE-2008-5838 +CVE-2008-5838 (SQL injection vulnerability in search_results.php in E-Php Scripts ...) NOT-FOR-US: E-Php Scripts E-Shop Shopping Cart CVE-2008-5837 RESERVED @@ -565,8 +579,7 @@ RESERVED CVE-2009-0023 RESERVED -CVE-2009-0022 [samba: Potential access to "/" in setups with registry shares enabled] - RESERVED +CVE-2009-0022 (Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows ...) - samba 2:3.2.5-3 [etch] - samba <not-affected> (Only 3.2.x affected) CVE-2009-0021 @@ -2305,7 +2318,7 @@ [etch] - kino <not-affected> (Does not ship ffmpeg) - gstreamer0.10-ffmpeg 0.10.3-2 [etch] - gstreamer0.10-ffmpeg <not-affected> (Vulnerable code not present) -CVE-2008-4865 (Untrusted search path vulnerability in valgrind allows local users to ...) +CVE-2008-4865 (Untrusted search path vulnerability in valgrind before 3.4.0 allows ...) - valgrind 1:3.3.1-3 (unimportant; bug #507312) NOTE: That''s hardly an issue CVE-2008-4864 (Multiple integer overflows in imageop.c in the imageop module in ...) @@ -4076,7 +4089,7 @@ NOT-FOR-US: High Norm Sound Master CVE-2008-4117 (Unspecified vulnerability in a web page in the PRM module in Sun ...) NOT-FOR-US: Sun Management Center (SunMC) -CVE-2008-4116 (Heap-based buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 ...) +CVE-2008-4116 (Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote ...) NOT-FOR-US: Apple CVE-2008-4201 (Heap-based buffer overflow in the decodeMP4file function ...) - faad2 2.6.1-3.1 (bug #499899) @@ -47255,7 +47268,7 @@ NOT-FOR-US: Interspire TrackPoint NX CVE-2006-0209 (SQL injection vulnerability in general_functions.php in TankLogger 2.4 ...) NOT-FOR-US: TankLogger -CVE-2006-0208 (Multiple cross-site scripting (XSS) vulnerabilities in PHP 5.1.1, when ...) +CVE-2006-0208 (Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and ...) - php5 5.1.2-1 - php4 4:4.4.2-1 (bug #354682; low) [sarge] - php4 <no-dsa> (html_errors shouldn''t be used)