[Secure-testing-commits] r8624 - data/CVE

thijs at alioth.debian.org thijs at alioth.debian.org
Sun Apr 27 09:51:03 UTC 2008


Author: thijs
Date: 2008-04-27 09:51:02 +0000 (Sun, 27 Apr 2008)
New Revision: 8624

Modified:
   data/CVE/list
Log:
update serendipity issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-04-27 09:32:06 UTC (rev 8623)
+++ data/CVE/list	2008-04-27 09:51:02 UTC (rev 8624)
@@ -86,7 +86,7 @@
 CVE-2008-1924 (Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running ...)
 	{DSA-1557-1}
 	- phpmyadmin 4:2.11.5.2-1
-	NOTE: PMASA-2008-3, CVE id requested
+	NOTE: PMASA-2008-3
 	NOTE: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_9/phpMyAdmin/libraries/tbl_replace_fields.inc.php?r1=11211&r2=11210&pathrev=11211
 CVE-2008-1914 (Stack-based buffer overflow in the AntServer module (AntServer.exe) in ...)
 	NOT-FOR-US: BigAnt Messenger
@@ -1251,12 +1251,11 @@
 	- clamav 0.92.1~dfsg2-1
 	[etch] - clamav <not-affected> (Vulnerable code not present)
 CVE-2008-1386 (Multiple cross-site scripting (XSS) vulnerabilities in the installer ...)
-	- serendipity 1.3.1-1
-	NOTE: http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html
+	- serendipity <not-affected> (Vulnerable code not present)
+	NOTE: we do not ship the serendipity installer
 CVE-2008-1385 (Cross-site scripting (XSS) vulnerability in the Top Referrers (aka ...)
-	- serendipity 1.3.1-1
-	NOTE: http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html
-	NOTE: One of these two issues seems very theoretical, other one needs further assessment
+	- serendipity 1.3.1-1 (low)
+	NOTE: etch affected, but only in specific plugin.
 CVE-2008-1384 (Integer overflow in PHP 5.2.5 and earlier allows context-dependent ...)
 	- php5 <unfixed> (unimportant)
 	NOTE: http://securityreason.com/achievement_securityalert/52




More information about the Secure-testing-commits mailing list