atomo64-guest at alioth.debian.org
2009-Jan-22 01:00 UTC
[Secure-testing-commits] r11014 - data/CVE
Author: atomo64-guest Date: 2009-01-22 01:00:42 +0000 (Thu, 22 Jan 2009) New Revision: 11014 Modified: data/CVE/list Log: websvn issues update Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-01-22 00:19:54 UTC (rev 11013) +++ data/CVE/list 2009-01-22 01:00:42 UTC (rev 11014) @@ -3,7 +3,8 @@ CVE-2009-0241 (Stack-based buffer overflow in the process_path function in ...) TODO: check CVE-2009-0240 (listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN ...) - TODO: check + - websvn <unfixed> (bug #512191) + [etch] - websvn <not-affected> (authenthication doesn''t exist in that version) CVE-2009-0239 RESERVED CVE-2009-0238 @@ -137,11 +138,8 @@ CVE-2009-0174 (Stack-based buffer overflow in VUPlayer 2.49 allows remote attackers ...) TODO: check CVE-2008-5920 (The create_anchors function in utils.inc in WebSVN 1.x allows remote ...) - TODO: check -CVE-2008-5919 (Directory traversal vulnerability in rss.php in WebSVN 2.0 and ...) - TODO: check -CVE-2008-5918 (Cross-site scripting (XSS) vulnerability in the ...) - TODO: check + - websvn <not-affected> + [etch] - websvn 1.61-21 (bug #503330) CVE-2008-5917 (Cross-site scripting (XSS) vulnerability in the XSS filter ...) TODO: check CVE-2008-5916 (gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x ...) @@ -2646,11 +2644,12 @@ CVE-2008-XXXX [typo3: passwords are not changeable bug in the backend] - typo3-src 4.2.3-1 (bug #505326) [etch] - typo3-src <not-affected> (Typo3 versions below 4.2.x are not affected) -CVE-2008-XXXX [websvn Cross Site Scripting and Directory Traversal] +CVE-2008-5919 [websvn Cross Site Scripting and Directory Traversal] - websvn 2.0-4 (bug #503330) - [etch] - websvn 1.61-21 - NOTE: Fixed in etch r6 point update - NOTE: http://www.gulftech.org/?node=research&article_id=00132-10202008 + [etch] - websvn <not-affected> (vulnerable code not present) +CVE-2008-5918 [websvn Cross Site Scripting and Directory Traversal] + - websvn 2.0-4 (bug #503330) + [etch] - websvn <not-affected> (vulnerable code not present) CVE-2008-5033 (The chip_command function in drivers/media/video/tvaudio.c in the ...) - linux-2.6 2.6.26-11 [etch] - linux-2.6.24 <not-affected> (Vulnerable code not present; different ioctls3B)