[Secure-testing-commits] r7025 - data/CVE
stef-guest at alioth.debian.org
stef-guest at alioth.debian.org
Sat Oct 20 08:33:32 UTC 2007
Author: stef-guest
Date: 2007-10-20 08:33:31 +0000 (Sat, 20 Oct 2007)
New Revision: 7025
Modified:
data/CVE/list
Log:
fixed: loop-aes-utils, ruby
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-10-20 08:29:33 UTC (rev 7024)
+++ data/CVE/list 2007-10-20 08:33:31 UTC (rev 7025)
@@ -678,7 +678,7 @@
CVE-2007-5387 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: Pindorama
CVE-2007-5386 (Cross-site scripting (XSS) vulnerability in scripts/setup.php in ...)
- - phpmyadmin 2.11.1.2-1 (unimportant; bug #446451)
+ - phpmyadmin 4:2.11.1.2-1 (unimportant; bug #446451)
CVE-2007-5385 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
NOT-FOR-US: Thomson/Alcatel SpeedTouch 7G router
CVE-2007-5384 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
@@ -1250,6 +1250,7 @@
CVE-2007-5191 (mount and umount in util-linux call the setuid and setgid functions in ...)
{DTSA-64-1}
- util-linux 2.13-8 (low)
+ - loop-aes-utils 2.13-2 (low)
CVE-2007-5190
RESERVED
CVE-2007-5189 (Multiple SQL injection vulnerabilities in mes_add.php in x-script ...)
@@ -1312,8 +1313,8 @@
CVE-2007-5163 (** DISPUTED ** ...)
NOT-FOR-US: nexty
CVE-2007-5162 (The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) ...)
- - ruby1.9 <not-affected> (Vulnerable code no longer present)
- - ruby1.8 <unfixed> (low; bug #444929)
+ - ruby1.9 1.9.0+20071016-1 (low)
+ - ruby1.8 1.8.6.111-1 (low; bug #444929)
NOTE: fix for 1.8 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13504
CVE-2007-5161 (Cross-zone scripting vulnerability in the internal browser in ...)
NOT-FOR-US: Feedreader 3
@@ -3274,7 +3275,7 @@
CVE-2007-4307 (Multiple cross-site scripting (XSS) vulnerabilities in Storesprite 7 ...)
NOT-FOR-US: Storesprite
CVE-2007-4306 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
- - phpmyadmin (unimportant)
+ - phpmyadmin <unfixed> (unimportant)
[sarge] - phpmyadmin <not-affected>
NOTE: It seems that this requires knowledge of a unguessable session token.
NOTE: Confirmed by upstream. Sarge is not affected at all.
More information about the Secure-testing-commits
mailing list