[Secure-testing-commits] r10759 - data/CVE
nion at alioth.debian.org
nion at alioth.debian.org
Sun Dec 21 13:26:06 UTC 2008
Author: nion
Date: 2008-12-21 13:26:05 +0000 (Sun, 21 Dec 2008)
New Revision: 10759
Modified:
data/CVE/list
Log:
NFUs
CVE-2008-56[68-70] fixed in textpattern 4.0.6-1
new classpath issue (CVE-2008-5659)
CVE-2008-5656 fixed in typo3 4.2.3-1
quassel cveified
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-12-21 12:53:03 UTC (rev 10758)
+++ data/CVE/list 2008-12-21 13:26:05 UTC (rev 10759)
@@ -3,7 +3,7 @@
CVE-2008-5677 (Unrestricted file upload vulnerability in Kwalbum 2.0.4, 2.0.2, and ...)
NOT-FOR-US: Kwalbum
CVE-2008-5676 (Multiple unspecified vulnerabilities in the ModSecurity (aka ...)
- TODO: check
+ NOT-FOR-US: ModSecurity
CVE-2008-5675 (Unspecified vulnerability in IBM WebSphere Portal 6.0 before 6.0.1.5 ...)
NOT-FOR-US: IBM WebSphere Portal
CVE-2008-5674 (Multiple array index errors in the HTTP server in Darkwet Network ...)
@@ -15,11 +15,11 @@
CVE-2008-5671 (PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 ...)
NOT-FOR-US: Joomla
CVE-2008-5670 (Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password ...)
- TODO: check
+ - textpattern 4.0.6-1 (low)
CVE-2008-5669 (index.php in the comments preview section in Textpattern (aka Txp CMS) ...)
- TODO: check
+ - textpattern 4.0.6-1 (low)
CVE-2008-5668 (Multiple cross-site scripting (XSS) vulnerabilities in Textpattern ...)
- TODO: check
+ - textpattern 4.0.6-1 (low)
CVE-2008-5667 (The scanning engine in VirusBlokAda VBA32 Personal Antivirus 3.12.8.x ...)
NOT-FOR-US: VBA32 Personal Antivirus
CVE-2008-5666 (WinFTP FTP Server 2.3.0, when passive (aka PASV) mode is used, allows ...)
@@ -31,15 +31,16 @@
CVE-2008-5663 (Multiple unrestricted file upload vulnerabilities in Kusaba 1.0.4 and ...)
NOT-FOR-US: Kusaba
CVE-2008-5662 (Multiple buffer overflows in Sun Java Wireless Toolkit (WTK) for CLDC ...)
- TODO: check
+ NOT-FOR-US: Sun Java Wireless Toolkit
CVE-2008-5661 (The IPv4 Forwarding feature in Sun Solaris 10 and OpenSolaris snv_47 ...)
NOT-FOR-US: Sun Solaris
CVE-2008-5659 (The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and ...)
- TODO: check
+ - classpath <unfixed>
+ TODO: report bug
CVE-2008-5657 (CRLF injection vulnerability in Quassel Core before 0.3.0.3 allows ...)
- TODO: check
+ - quassel 0.2~rc1-1.1 (bug #506550)
CVE-2008-5656 (Cross-site scripting (XSS) vulnerability in the frontend plugin for ...)
- TODO: check
+ - typo3 4.2.3-1 (low)
CVE-2008-5655 (Multiple SQL injection vulnerabilities in MyioSoft EasyBookMarker 4.0 ...)
NOT-FOR-US: MyioSoft EasyBookMarker
CVE-2008-5654 (SQL injection vulnerability in the loginADP function in ajaxp.php in ...)
@@ -1160,8 +1161,6 @@
- verlihub <unfixed> (low; bug #506530)
TODO: further investigation on this package is needed
NOTE: see http://asdfasdf.ethz.ch/~tar/lina/rats/verlihub.rats
-CVE-2008-XXXX [Quassel CTCP Handling Arbitrary Message Manipulation Vulnerability]
- - quassel 0.2~rc1-1.1 (bug #506550)
CVE-2008-5189 (CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows ...)
- rails 2.1.0-6 (low)
CVE-2008-5188 (The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and ...)
More information about the Secure-testing-commits
mailing list