[Secure-testing-commits] r10724 - data/CVE
atomo64-guest at alioth.debian.org
atomo64-guest at alioth.debian.org
Thu Dec 18 05:18:09 UTC 2008
Author: atomo64-guest
Date: 2008-12-18 05:18:03 +0000 (Thu, 18 Dec 2008)
New Revision: 10724
Modified:
data/CVE/list
Log:
mediawiki and moodle issues fixed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-12-17 22:31:51 UTC (rev 10723)
+++ data/CVE/list 2008-12-18 05:18:03 UTC (rev 10724)
@@ -337,11 +337,10 @@
CVE-2008-5619 [roundcube remote code execution via preg_replace in html2text.php]
- roundcube 0.1.1-9 (high; bug #508628)
NOTE: According to the bug report, this is being exploited.
- [sid] - moodle <unfixed> (bug #508909)
+ [sid] - moodle 1.8.2.dfsg-2 (bug #508909)
NOTE: moodle recently copied roundcube's html2text due to their copy being non-free
CVE-2008-XXXX [other symlink attack vectors in gpsdrive]
- gpsdrive <unfixed> (bug #508597)
- TODO: request CVE id
CVE-2008-5485
RESERVED
CVE-2008-5484
@@ -822,16 +821,16 @@
RESERVED
CVE-2008-5252 [CSRF vulnerability affecting the Special:Import feature]
RESERVED
- - mediawiki <unfixed> (bug #508870)
+ - mediawiki 1:1.13.3-1 (bug #508870)
CVE-2008-5251
RESERVED
CVE-2008-5250 [local script injection vulnerabilities on MediaWiki installations with uploads enabled]
RESERVED
- - mediawiki <unfixed> (bug #508869)
+ - mediawiki 1:1.13.3-1 (bug #508869)
CVE-2008-5249 [XSS vulnerability affecting all MediaWiki installations between 1.13.0 and 1.13.2]
RESERVED
- mediawiki <not-affected> (vulnerable code was introduced in 1.13.0)
- TODO: [experimental] - mediawiki <unfixed> (bug #508868)
+ TODO: [experimental] - mediawiki 1:1.13.3-1 (bug #508868)
CVE-2008-5276 (Integer overflow in the ReadRealIndex function in real.c in the Real ...)
- vlc <not-affected> (vulnerable code not present)
NOTE: affected versions are >= 0.9.x (experimental)
More information about the Secure-testing-commits
mailing list