jmm-guest at alioth.debian.org
2009-Jan-23 11:16 UTC
[Secure-testing-commits] r11028 - data/CVE
Author: jmm-guest Date: 2009-01-23 11:16:07 +0000 (Fri, 23 Jan 2009) New Revision: 11028 Modified: data/CVE/list Log: - typo3 CVEfied - fix incorrect use of not-affected in websvn commit, the fixed version for unstable also implicitly applies for etch Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-01-23 03:10:29 UTC (rev 11027) +++ data/CVE/list 2009-01-23 11:16:07 UTC (rev 11028) @@ -58,10 +58,14 @@ NOT-FOR-US: Cant Find A Gaming CMS CVE-2008-5921 (SQL injection vulnerability in albums.php in Umer Inc Songs Portal ...) NOT-FOR-US: Umer Inc Songs Portal -CVE-2009-XXXX [multiple security issues in typo3-src] - - typo3-src 4.2.4-1 (medium) - NOTE: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/ - NOTE: CVE ids requested on oss-sec +CVE-2009-0255 [typo3: install tool] + - typo3-src 4.2.4-1 +CVE-2009-0256 [typo3: session fixation] + - typo3-src 4.2.4-1 +CVE-2009-0257 [typo3: XSS] + - typo3-src 4.2.4-1 +CVE-2009-0258 [typo3: serch index] + - typo3-src 4.2.4-1 CVE-2009-0242 (Ganglia 3.1.1 allows remote attackers to cause a denial of service via ...) - ganglia-monitor-core <unfixed> (low; bug #512637) CVE-2009-0241 (Stack-based buffer overflow in the process_path function in ...) @@ -202,8 +206,7 @@ CVE-2009-0174 (Stack-based buffer overflow in VUPlayer 2.49 allows remote attackers ...) NOT-FOR-US: VUPlayer CVE-2008-5920 (The create_anchors function in utils.inc in WebSVN 1.x allows remote ...) - - websvn <not-affected> - [etch] - websvn 1.61-21 (bug #503330) + - websvn 1.61-21 (bug #503330) CVE-2008-5917 (Cross-site scripting (XSS) vulnerability in the XSS filter ...) - horde3 <unfixed> (bug #512592) CVE-2008-5916 (gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x ...) @@ -1765,7 +1768,7 @@ CVE-2008-5381 (Buffer overflow in the URL processing in ffdshow (aka ffdshow-tryout) ...) NOT-FOR-US: ffdshow CVE-2008-5380 (gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to overwrite ...) - - gpsdrive <not-affected> (geo-nearest not shipped, geo-code already fixed) + - gpsdrive 2.10~pre4-6.dfsg-2 (low) [etch] - gpsdrive <no-dsa> (Minor issue) CVE-2008-5379 (netdisco-mibs-installer 1.0 allows local users to overwrite arbitrary ...) - netdisco-mibs-installer (low; bug #508940)