[Secure-testing-commits] r9615 - data/CVE
thijs at alioth.debian.org
thijs at alioth.debian.org
Thu Aug 21 07:22:51 UTC 2008
Author: thijs
Date: 2008-08-21 07:22:50 +0000 (Thu, 21 Aug 2008)
New Revision: 9615
Modified:
data/CVE/list
Log:
update horde issues:
CVE-2008-3650: is not in horde3, and the turba2 versions are not affected
CVE-2008-3330: package is named 'turba2', not 'turba'
CVE-2008-2783: no-one has yet reproduced this issue, marked as non-issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-08-20 21:14:09 UTC (rev 9614)
+++ data/CVE/list 2008-08-21 07:22:50 UTC (rev 9615)
@@ -63,7 +63,11 @@
- ipsec-tools 1:0.7.1-1 (low)
CVE-2008-3650 (Multiple unspecified vulnerabilities in Horde Groupware Webmail before ...)
- horde3 3.2.1+debian0-1 (low; bug #495332)
- NOTE: this should be a dup of CVE-2008-3330, maybe it'll get a CVE id split
+ - turba2 2.2.1-1
+ [etch] - turba2 <not-affected> (Vulnerable code not present)
+ NOTE: this is actually two issues:
+ NOTE: - one a dup of CVE-2008-3330 in horde3
+ NOTE: - another an issue in turba2
CVE-2008-3649 (SQL injection vulnerability in categorydetail.php in Article Friendly ...)
NOT-FOR-US: Article Friendly Standard
CVE-2008-3648 (nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote ...)
@@ -1016,8 +1020,8 @@
NOT-FOR-US: zypper
CVE-2008-3330 (Cross-site scripting (XSS) vulnerability in ...)
- horde3 3.2.1+debian0-1 (low; bug #492578)
- - turba 2.2.1-1 (low)
- [etch] - turba <not-affected> (only version 2.2 contains vulnerable code, etch has 2.1)
+ - turba2 2.2.1-1 (low)
+ [etch] - turba2 <not-affected> (only version 2.2 contains vulnerable code, etch has 2.1)
CVE-2008-3325 (Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before ...)
- moodle 1.8.1-1 (low)
NOTE: http://moodle.org/mod/forum/discuss.php?d=101405
@@ -2037,10 +2041,8 @@
CVE-2008-2784 (The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT ...)
NOT-FOR-US: spamdyke
CVE-2008-2783 (Multiple cross-site scripting (XSS) vulnerabilities in Horde ...)
- - kronolith2 <unfixed>
- - horde3 <unfixed>
- NOTE: marked as unfixed for now
- NOTE: poked maintainer, for details
+ - kronolith2 <not-affected> (unimportant; Nonreproducable 'issue')
+ - horde3 <not-affected> (unimportant; Nonreproducable 'issue')
NOTE: not reproducible, redhat also seems to have problems reproducing this https://bugzilla.redhat.com/show_bug.cgi?id=452209
CVE-2008-2782 (Multiple directory traversal vulnerabilities in OtomiGenX 2.2 allow ...)
NOT-FOR-US: OtomiGenX
More information about the Secure-testing-commits
mailing list