[Secure-testing-commits] r9597 - in data: CVE DTSA

nion at alioth.debian.org nion at alioth.debian.org
Sun Aug 17 12:06:18 UTC 2008 

Author: nion
Date: 2008-08-17 12:06:17 +0000 (Sun, 17 Aug 2008)
New Revision: 9597

Modified:
   data/CVE/list
   data/DTSA/list
Log:
releasing DTSA-156-1 (drupal5)

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-08-17 03:07:03 UTC (rev 9596)
+++ data/CVE/list	2008-08-17 12:06:17 UTC (rev 9597)
@@ -5,6 +5,8 @@
 	NOTE: CVE id requested
 CVE-2008-XXXX [drupal XSS]
 	- drupal5 5.10-1 (low; bug #495122)
+	[lenny] - drupal5 5.9-1~lenny1
+	NOTE: this is temporary workaround because of the missing CVE id, this is DTSA-156-1
 	TODO: check drupal4.7, request CVE id
 	NOTE: CVE id requested by oss people
 CVE-2008-3666 (Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before ...)
@@ -42,10 +44,10 @@
 CVE-2008-3653 (Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware before ...)
 	- tikiwiki <removed>
 CVE-2008-3652 (src/racoon/handler.c in racoon in ipsec-tools does not remove an ...)
-	- ipsec-tools <unfixed> (bug #495214)
-CVE-2008-3651 (Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools ...)
 	- ipsec-tools 1:0.7.1-1 (low)
 	NOTE: attacker needs to be authenticated, see https://bugzilla.redhat.com/show_bug.cgi?id=456660
+CVE-2008-3651 (Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools ...)
+	- ipsec-tools <unfixed> (bug #495214)
 CVE-2008-3650 (Multiple unspecified vulnerabilities in Horde Groupware Webmail before ...)
 	- horde3 3.2.1+debian0-1 (low; bug #495332)
 	NOTE: this should be a dup of CVE-2008-3330, maybe it'll get a CVE id split
@@ -385,7 +387,7 @@
 	NOTE: gaim is now a transitional package depending on pidgin with its own source package
 	NOTE: http://developer.pidgin.im/ticket/6500
 CVE-2008-3546 (Stack-based buffer overflow in the (1) diff_addremove and (2) ...)
-	{DTSA-153-1 DTSA-153-2}
+	{DTSA-153-1}
 	- git-core 1:1.5.6.5 (medium; bug #494097)
 CVE-2008-3484 (SQL injection vulnerability in eStoreAff 0.1 allows remote attackers ...)
 	NOT-FOR-US: eStoreAff
@@ -1000,7 +1002,6 @@
 CVE-2008-3330 (Cross-site scripting (XSS) vulnerability in ...)
 	- horde3 3.2.1+debian0-1 (low; bug #492578)
 	- turba 2.2.1-1 (low)
-	NOTE: CVE id requested
 CVE-2008-3325 (Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before ...)
 	- moodle 1.8.1-1 (low)
 	NOTE: http://moodle.org/mod/forum/discuss.php?d=101405

Modified: data/DTSA/list
===================================================================
--- data/DTSA/list	2008-08-17 03:07:03 UTC (rev 9596)
+++ data/DTSA/list	2008-08-17 12:06:17 UTC (rev 9597)
@@ -457,3 +457,5 @@
 	{CVE-2008-3546}
 	[lenny] - git-core 1.5.6.3-1+lenny2
 	NOTE: DTSA-153-1 was incomplete
+[August 17th, 2008] DTSA-156-1 drupal5 - multiple vulnerabilities
+	[lenny] - drupal5 5.9-1~lenny1

More information about the Secure-testing-commits mailing list