Author: nion Date: 2009-04-06 16:12:03 +0000 (Mon, 06 Apr 2009) New Revision: 11567 Modified: data/CVE/list Log: spip made it back into debian with a lot of fixed issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-04-06 16:07:20 UTC (rev 11566) +++ data/CVE/list 2009-04-06 16:12:03 UTC (rev 11567) @@ -4411,9 +4411,9 @@ TODO: check php4 NOTE: there''s not enough information available, no known bug, no known fix CVE-2008-5813 (SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before ...) - NOT-FOR-US: SPIP + - spip 2.0.6-1 CVE-2008-5812 (Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 ...) - NOT-FOR-US: SPIP + - spip 2.0.6-1 CVE-2008-5811 (SQL injection vulnerability in the PaxGallery (com_paxgallery) ...) NOT-FOR-US: joomla CVE-2008-5810 (WBPublish (aka WBPublish.exe) in Fujitsu-Siemens WebTransactions 7.0, ...) @@ -24721,7 +24721,7 @@ CVE-2007-4526 (The Client Login Extension (CLE) in Novell Identity Manager before ...) NOT-FOR-US: Novell Identity Manager CVE-2007-4525 (** DISPUTED ** ...) - NOT-FOR-US: SPIP (was in unstable some time, but not in any supported release) + - spip 2.0.6-1 CVE-2007-4524 (PHP remote file inclusion vulnerability in adisplay.php in PhPress ...) NOT-FOR-US: PhPress CVE-2007-4523 (Multiple cross-site scripting (XSS) vulnerabilities in Ripe Website ...) @@ -48153,7 +48153,7 @@ CVE-2006-1703 (PHP remote file inclusion vulnerability in lire.php in Sire 2.0 nws ...) NOT-FOR-US: Sire 2.0 nws CVE-2006-1702 (PHP remote file inclusion vulnerability in spip_login.php3 in SPIP ...) - NOT-FOR-US: SPIP + - spip 2.0.6-1 CVE-2006-1701 (Cross-site scripting (XSS) vulnerability in the Pages module in ...) NOT-FOR-US: Shadowed Portal CVE-2006-1700 (Buy.php in Aweb Scripts Seller uses predictable cookies for ...) @@ -49155,7 +49155,7 @@ CVE-2006-1296 (Untrusted search path vulnerability in Beagle 0.2.2.1 might allow ...) - beagle 0.2.3-1 (bug #357392; low) CVE-2006-1295 (Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP ...) - NOT-FOR-US: SPIP + - spip 2.0.6-1 CVE-2006-1294 (PHP remote file include vulnerability in PageController.php in ...) NOT-FOR-US: KnowledgebasePublisher CVE-2006-1293 (Cross-site scripting (XSS) vulnerability in index.php in Contrexx CMS ...) @@ -50986,16 +50986,16 @@ CVE-2006-0520 (SQL injection vulnerability index.php in Dragoran Portal module 1.3 ...) NOT-FOR-US: Invision Power Board CVE-2006-0519 (SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows ...) - - spip <removed> (medium; bug #351336) + - spip 2.0.6-1 (medium; bug #351336) CVE-2006-0518 (Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e ...) - - spip <removed> (medium; bug #351335) + - spip 2.0.6-1 (medium; bug #351335) CVE-2006-0517 (Multiple SQL injection vulnerabilities in ...) - - spip <removed> (medium; bug #351334) + - spip 2.0.6-1 (medium; bug #351334) CVE-2006-0625 (Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and ...) - - spip <removed> (medium; bug #352076) + - spip 2.0.6-1 (medium; bug #352076) NOTE: http://www.securityfocus.com/bid/16556 CVE-2006-0626 (SQL injection vulnerability in spip_acces_doc.php3 in SPIP 1.8.2g and ...) - - spip <removed> (medium; bug #352077) + - spip 2.0.6-1 (medium; bug #352077) NOTE: http://www.securityfocus.com/bid/16551 CVE-2006-0516 (Unspecified vulnerability in the kernel processing in Solaris 10 64 ...) NOT-FOR-US: Solaris