Secure testing commits - Oct 2009 - r12942 - data/CVE

Author: derevko-guest
Date: 2009-10-06 11:07:29 +0000 (Tue, 06 Oct 2009)
New Revision: 12942

Modified:
   data/CVE/list
Log:
- CVE-2008-6838, CVE-2008-6837 fixed in zoph 0.8.0.1-1
- backuppc patch is incomplete


Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-10-05 22:12:43 UTC (rev 12941)
+++ data/CVE/list	2009-10-06 11:07:29 UTC (rev 12942)
@@ -2027,7 +2027,7 @@
 CVE-2009-2881 (Multiple SQL injection vulnerabilities in Basilic 1.5.13 allow
remote ...)
 	NOT-FOR-US: Basilic
 CVE-2009-3369 (CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are
in ...)
-	- backuppc 3.1.0-7 (low; bug #542218)
+	- backuppc <unfixed> (low; bug #542218)
 	[etch] - backuppc <no-dsa> (Requires access)
 	[lenny] - backuppc <no-dsa> (Requires access)
 CVE-2009-XXXX [burn: Insecure escaping of file names]
@@ -4163,10 +4163,10 @@
 CVE-2008-6839 (Multiple cross-site scripting (XSS) vulnerabilities in TGS
Content ...)
 	NOT-FOR-US: TGS Content Management
 CVE-2008-6838 (Cross-site scripting (XSS) vulnerability in search.php in Zoph
0.7.2.1 ...)
-	- zoph <unfixed> (low; bug #535188)
+	- zoph 0.8.0.1-1 (low; bug #535188)
 	NOTE: it seems a duplicate of CVE-2008-3258 
 CVE-2008-6837 (SQL injection vulnerability in Zoph 0.7.2.1 allows remote
attackers to ...)
-	- zoph <unfixed> (bug #535188)
+	- zoph 0.8.0.1-1 (bug #535188)
 	NOTE: the details are unknown
 CVE-2009-2343 (Cross-site scripting (XSS) vulnerability in people.php in Zoph
before ...)
 	- zoph <unfixed> (low; bug #535188)