[Secure-testing-commits] r8624 - data/CVE
thijs at alioth.debian.org
thijs at alioth.debian.org
Sun Apr 27 09:51:03 UTC 2008
Author: thijs
Date: 2008-04-27 09:51:02 +0000 (Sun, 27 Apr 2008)
New Revision: 8624
Modified:
data/CVE/list
Log:
update serendipity issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-04-27 09:32:06 UTC (rev 8623)
+++ data/CVE/list 2008-04-27 09:51:02 UTC (rev 8624)
@@ -86,7 +86,7 @@
CVE-2008-1924 (Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running ...)
{DSA-1557-1}
- phpmyadmin 4:2.11.5.2-1
- NOTE: PMASA-2008-3, CVE id requested
+ NOTE: PMASA-2008-3
NOTE: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_9/phpMyAdmin/libraries/tbl_replace_fields.inc.php?r1=11211&r2=11210&pathrev=11211
CVE-2008-1914 (Stack-based buffer overflow in the AntServer module (AntServer.exe) in ...)
NOT-FOR-US: BigAnt Messenger
@@ -1251,12 +1251,11 @@
- clamav 0.92.1~dfsg2-1
[etch] - clamav <not-affected> (Vulnerable code not present)
CVE-2008-1386 (Multiple cross-site scripting (XSS) vulnerabilities in the installer ...)
- - serendipity 1.3.1-1
- NOTE: http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html
+ - serendipity <not-affected> (Vulnerable code not present)
+ NOTE: we do not ship the serendipity installer
CVE-2008-1385 (Cross-site scripting (XSS) vulnerability in the Top Referrers (aka ...)
- - serendipity 1.3.1-1
- NOTE: http://blog.s9y.org/archives/193-Serendipity-1.3.1-released.html
- NOTE: One of these two issues seems very theoretical, other one needs further assessment
+ - serendipity 1.3.1-1 (low)
+ NOTE: etch affected, but only in specific plugin.
CVE-2008-1384 (Integer overflow in PHP 5.2.5 and earlier allows context-dependent ...)
- php5 <unfixed> (unimportant)
NOTE: http://securityreason.com/achievement_securityalert/52
More information about the Secure-testing-commits
mailing list