[Secure-testing-commits] r10705 - data/CVE
atomo64-guest at alioth.debian.org
atomo64-guest at alioth.debian.org
Tue Dec 16 16:17:28 UTC 2008
Author: atomo64-guest
Date: 2008-12-16 16:17:27 +0000 (Tue, 16 Dec 2008)
New Revision: 10705
Modified:
data/CVE/list
Log:
moodle's XSS fixed, but affected by roundcube's html2text
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-12-16 05:47:14 UTC (rev 10704)
+++ data/CVE/list 2008-12-16 16:17:27 UTC (rev 10705)
@@ -156,6 +156,8 @@
CVE-2008-XXXX [roundcube remote code execution via preg_replace in html2text.php]
- roundcube 0.1.1-9 (high; bug #508628)
NOTE: According to the bug report, this is being exploited.
+ [sid] - moodle <unfixed> (bug #508909)
+ NOTE: moodle recently copied roundcube's html2text due to their copy being non-free
CVE-2008-XXXX [other symlink attack vectors in gpsdrive]
- gpsdrive <unfixed> (bug #508597)
TODO: request CVE id
@@ -266,7 +268,7 @@
CVE-2008-5433 (Cross-site scripting (XSS) vulnerability in login.php in PunBB 1.3 and ...)
NOT-FOR-US: PunBB
CVE-2008-5432 (Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 ...)
- - moodle <unfixed> (bug #508593)
+ - moodle 1.8.2.dfsg-1 (bug #508593)
CVE-2008-5431 (Teamtek Universal FTP Server 1.0.44 allows remote attackers to cause a ...)
NOT-FOR-US: Teamtek Universal FTP Server
CVE-2008-5430 (Mozilla Thunderbird 2.0.14 does not properly handle (1) ...)
More information about the Secure-testing-commits
mailing list