[Secure-testing-commits] r10753 - data/CVE
fw at alioth.debian.org
fw at alioth.debian.org
Sun Dec 21 08:02:22 UTC 2008
Author: fw
Date: 2008-12-21 08:02:21 +0000 (Sun, 21 Dec 2008)
New Revision: 10753
Modified:
data/CVE/list
Log:
CVE-2008-5620: roundcube
CVE-2008-3443: add upstream commits, very low severity
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-12-21 00:23:57 UTC (rev 10752)
+++ data/CVE/list 2008-12-21 08:02:21 UTC (rev 10753)
@@ -103,7 +103,7 @@
CVE-2008-5623
RESERVED
CVE-2008-5620 (RoundCube Webmail (roundcubemail) before 0.2-beta allows remote ...)
- TODO: check
+ - roundcube <unfixed> (low)
CVE-2008-5618 (imudp in rsyslog 4.x before 4.1.2, 3.21 before 3.21.9 beta, and 3.20 ...)
TODO: check
CVE-2008-5615
@@ -5414,8 +5414,9 @@
- iceweasel <unfixed> (unimportant)
NOTE: browser dos not treated as security issues
CVE-2008-3443 (The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, ...)
- - ruby1.8 1.8.7.72-1 (bug #494401)
- - ruby1.9 <unfixed>
+ - ruby1.8 1.8.7.72-1 (low; bug #494401)
+ - ruby1.9 <unfixed> (low)
+ NOTE: Upstream commits 18212 (for 1.8) and 18213 (for 1.9).
CVE-2008-3442 (WinZip before 11.0 does not properly verify the authenticity of ...)
NOT-FOR-US: WinZip
CVE-2008-3441 (Nullsoft Winamp before 5.24 does not properly verify the authenticity ...)
More information about the Secure-testing-commits
mailing list