nion at alioth.debian.org
2009-Jan-07 18:34 UTC
[Secure-testing-commits] r10879 - data/CVE
Author: nion
Date: 2009-01-07 18:33:59 +0000 (Wed, 07 Jan 2009)
New Revision: 10879
Modified:
data/CVE/list
Log:
NFU
CVE-2008-584{5,6} fixed in movabletype-opensource 4.2.3-1
CVE-2008-5843 doesn''t affect pdfjam in Debian
CVE-2008-5687 fixed in mediawiki 1:1.13.3-1
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-01-07 16:43:32 UTC (rev 10878)
+++ data/CVE/list 2009-01-07 18:33:59 UTC (rev 10879)
@@ -1,15 +1,18 @@
CVE-2008-5847 (Constructr CMS 3.02.5 and earlier stores passwords in cleartext
in a ...)
- TODO: check
+ NOT-FOR-US: Constructr CMS
CVE-2008-5846 (Six Apart Movable Type (MT) before 4.23 allows remote
authenticated ...)
- TODO: check
+ - movabletype-opensource 4.2.3-1 (low)
CVE-2008-5845 (Multiple cross-site scripting (XSS) vulnerabilities in Six Apart
...)
- TODO: check
+ - movabletype-opensource 4.2.3-1 (low)
CVE-2008-5844 (PHP 5.2.7 contains an incorrect change to the FILTER_UNSAFE_RAW
...)
- TODO: check
+ - php5 <not-affected> (vulnerable code introduced in 5.2.7, we have
5.2.6 and 5.2.8 was released in the meantime)
+ [etch] - php4 <not-affected> (vulnerable code introduced in php5 5.2.7)
CVE-2008-5843 (Multiple untrusted search path vulnerabilities in pdfjam allow
local ...)
- TODO: check
+ - pdfjam <not-affected> (the debian package sets pdflatex and thus
dirname can''t result in returning .)
+ NOTE: it is also not possible to include a crafted sed or pdflatex executable
in the pdflatex call
+ NOTE: as our version uses random names, see #510584
CVE-2008-5842 (Multiple cross-site scripting (XSS) vulnerabilities in
Fujitsu-Siemens ...)
- TODO: check
+ NOT-FOR-US: Fujitsu-Siemens WebTransactions
CVE-2004-2761 (The MD5 Message-Digest Algorithm is not collision resistant,
which ...)
TODO: check
CVE-2008-XXXX [auctex insecure temp file]
@@ -343,7 +346,8 @@
- mediawiki <unfixed> (unimportant)
NOTE: Installation path disclosure not treated as a security issue
CVE-2008-5687 (MediaWiki 1.11 through 1.13.3 does not properly protect against
the ...)
- TODO: check
+ - mediawiki 1:1.13.3-1 (low)
+ NOTE: the CVE id description is wrong, this is fixed in 1.13.3, notified mitre
CVE-2008-5686 (IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006,
when its ...)
NOT-FOR-US: IBM Tivoli Provisioning Manager
CVE-2008-5685 (Sun ScApp firmware 5.18.x, 5.19.x, and 5.20.0 through 5.20.10 on
Sun ...)