[Secure-testing-commits] r10759 - data/CVE

nion at alioth.debian.org nion at alioth.debian.org
Sun Dec 21 13:26:06 UTC 2008


Author: nion
Date: 2008-12-21 13:26:05 +0000 (Sun, 21 Dec 2008)
New Revision: 10759

Modified:
   data/CVE/list
Log:
NFUs
CVE-2008-56[68-70] fixed in textpattern 4.0.6-1
new classpath issue (CVE-2008-5659)
CVE-2008-5656 fixed in typo3 4.2.3-1
quassel cveified


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-12-21 12:53:03 UTC (rev 10758)
+++ data/CVE/list	2008-12-21 13:26:05 UTC (rev 10759)
@@ -3,7 +3,7 @@
 CVE-2008-5677 (Unrestricted file upload vulnerability in Kwalbum 2.0.4, 2.0.2, and ...)
 	NOT-FOR-US: Kwalbum
 CVE-2008-5676 (Multiple unspecified vulnerabilities in the ModSecurity (aka ...)
-	TODO: check
+	NOT-FOR-US: ModSecurity
 CVE-2008-5675 (Unspecified vulnerability in IBM WebSphere Portal 6.0 before 6.0.1.5 ...)
 	NOT-FOR-US: IBM WebSphere Portal
 CVE-2008-5674 (Multiple array index errors in the HTTP server in Darkwet Network ...)
@@ -15,11 +15,11 @@
 CVE-2008-5671 (PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 ...)
 	NOT-FOR-US: Joomla
 CVE-2008-5670 (Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password ...)
-	TODO: check
+	- textpattern 4.0.6-1 (low)
 CVE-2008-5669 (index.php in the comments preview section in Textpattern (aka Txp CMS) ...)
-	TODO: check
+	- textpattern 4.0.6-1 (low)
 CVE-2008-5668 (Multiple cross-site scripting (XSS) vulnerabilities in Textpattern ...)
-	TODO: check
+	- textpattern 4.0.6-1 (low)
 CVE-2008-5667 (The scanning engine in VirusBlokAda VBA32 Personal Antivirus 3.12.8.x ...)
 	NOT-FOR-US: VBA32 Personal Antivirus
 CVE-2008-5666 (WinFTP FTP Server 2.3.0, when passive (aka PASV) mode is used, allows ...)
@@ -31,15 +31,16 @@
 CVE-2008-5663 (Multiple unrestricted file upload vulnerabilities in Kusaba 1.0.4 and ...)
 	NOT-FOR-US: Kusaba
 CVE-2008-5662 (Multiple buffer overflows in Sun Java Wireless Toolkit (WTK) for CLDC ...)
-	TODO: check
+	NOT-FOR-US: Sun Java Wireless Toolkit
 CVE-2008-5661 (The IPv4 Forwarding feature in Sun Solaris 10 and OpenSolaris snv_47 ...)
 	NOT-FOR-US: Sun Solaris
 CVE-2008-5659 (The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and ...)
-	TODO: check
+	- classpath <unfixed>
+	TODO: report bug
 CVE-2008-5657 (CRLF injection vulnerability in Quassel Core before 0.3.0.3 allows ...)
-	TODO: check
+	- quassel 0.2~rc1-1.1 (bug #506550)
 CVE-2008-5656 (Cross-site scripting (XSS) vulnerability in the frontend plugin for ...)
-	TODO: check
+	- typo3 4.2.3-1 (low)
 CVE-2008-5655 (Multiple SQL injection vulnerabilities in MyioSoft EasyBookMarker 4.0 ...)
 	NOT-FOR-US: MyioSoft EasyBookMarker
 CVE-2008-5654 (SQL injection vulnerability in the loginADP function in ajaxp.php in ...)
@@ -1160,8 +1161,6 @@
 	- verlihub <unfixed> (low; bug #506530)
 	TODO: further investigation on this package is needed
 	NOTE: see http://asdfasdf.ethz.ch/~tar/lina/rats/verlihub.rats
-CVE-2008-XXXX [Quassel CTCP Handling Arbitrary Message Manipulation Vulnerability]
-	- quassel 0.2~rc1-1.1 (bug #506550)
 CVE-2008-5189 (CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows ...)
 	- rails 2.1.0-6 (low)
 CVE-2008-5188 (The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and ...)




More information about the Secure-testing-commits mailing list