atomo64-guest at alioth.debian.org
2009-Jan-24 19:23 UTC
[Secure-testing-commits] r11036 - data/CVE
Author: atomo64-guest
Date: 2009-01-24 19:23:40 +0000 (Sat, 24 Jan 2009)
New Revision: 11036
Modified:
data/CVE/list
Log:
php5 xss issue require further investigation, NFUs
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-01-24 02:17:22 UTC (rev 11035)
+++ data/CVE/list 2009-01-24 19:23:40 UTC (rev 11036)
@@ -738,7 +738,9 @@
CVE-2008-5815 (SQL injection vulnerability in Acomment.php in phpAlumni allows
remote ...)
NOT-FOR-US: phpAlumni
CVE-2008-5814 (Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7
and ...)
- TODO: check
+ - php5 <unfixed> (low)
+ TODO: check php4
+ NOTE: status is unclear, further investigation is needed
CVE-2008-5813 (SQL injection vulnerability in inc/rubriques.php in SPIP 1.8
before ...)
NOT-FOR-US: SPIP
CVE-2008-5812 (Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b,
1.9 ...)
@@ -4242,7 +4244,7 @@
CVE-2008-4389
RESERVED
CVE-2008-4388 (The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll
in ...)
- TODO: check
+ NOT-FOR-US: LaunchObj ActiveX
CVE-2008-4387 (Unspecified vulnerability in the Simba MDrmSap ActiveX control
in ...)
NOT-FOR-US: ActiveX
CVE-2008-4386
@@ -5509,11 +5511,11 @@
CVE-2008-3867 (SQL injection vulnerability in spaces/emailuser.php in Interact
2.4.1 ...)
NOT-FOR-US: Interact
CVE-2008-3866 (The Trend Micro Personal Firewall service (aka TmPfw.exe) in
Trend ...)
- TODO: check
+ NOT-FOR-US: Trend Micro Personal Firewall
CVE-2008-3865 (Multiple heap-based buffer overflows in the ApiThread function
in the ...)
- TODO: check
+ NOT-FOR-US: Trend Micro Network Security Component
CVE-2008-3864 (The ApiThread function in the firewall service (aka TmPfw.exe)
in ...)
- TODO: check
+ NOT-FOR-US: Trend Micro Network Security Component
CVE-2008-3863 (Stack-based buffer overflow in the read_special_escape function
in ...)
{DSA-1670-1}
- enscript 1.6.4-13 (bug #506261)