[Secure-testing-commits] r8067 - data/CVE

nion at alioth.debian.org nion at alioth.debian.org
Fri Feb 1 17:19:22 UTC 2008 

Author: nion
Date: 2008-02-01 17:19:22 +0000 (Fri, 01 Feb 2008)
New Revision: 8067

Modified:
   data/CVE/list
Log:
NFUs
new issue: phpbb2 (CVE-2008-0471)
firebird2.0 cveified


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-02-01 10:11:53 UTC (rev 8066)
+++ data/CVE/list	2008-02-01 17:19:22 UTC (rev 8067)
@@ -61,21 +61,21 @@
 CVE-2008-0472 (Cross-site request forgery (CSRF) vulnerability in modcp.php in ...)
 	NOT-FOR-US: Woltlab Burning Board
 CVE-2008-0471 (Cross-site request forgery (CSRF) vulnerability in privmsg.php in ...)
-	TODO: check
+	- phpbb2 <unfixed> (low; bug #463589)
 CVE-2008-0470 (A certain ActiveX control in Comodo AntiVirus 2.0 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Comodo AntiVirus
 CVE-2008-0469 (SQL injection vulnerability in index.php in Tiger Php News System ...)
-	TODO: check
+	NOT-FOR-US: Tiger Php News System
 CVE-2008-0468 (SQL injection vulnerability in category.php in Flinx 1.3 and earlier ...)
-	TODO: check
+	NOT-FOR-US: Flinx
 CVE-2008-0467 (Buffer overflow in Firebird before 2.1.0 RC1 might allow remote ...)
 	TODO: check
 CVE-2008-0466 (Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor ...)
-	TODO: check
+	NOT-FOR-US: Web Wiz Rich Text Editor
 CVE-2008-0465 (Directory traversal vulnerability in optimizer.php in Seagull 0.6.3 ...)
-	TODO: check
+	NOT-FOR-US: Seagull
 CVE-2008-0464 (Directory traversal vulnerability in archiv.cgi in absofort aconon ...)
-	TODO: check
+	NOT-FOR-US: aconon Mail Enterprise SQL
 CVE-2008-0463 (Cross-site scripting (XSS) vulnerability in the Workflow 4.7.x before ...)
 	TODO: check
 CVE-2008-0462 (Cross-site scripting (XSS) vulnerability in the Archive 5.x before ...)
@@ -240,7 +240,10 @@
 CVE-2008-0388 (SQL injection vulnerability in the WP-Forum 1.7.4 plugin for WordPress ...)
 	NOT-FOR-US: WP-Forum plugin for WordPress
 CVE-2008-0387 (Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before ...)
-	TODO: check
+	- firebird2.0 2.0.3.12981.ds1-4 (bug #460048)
+	[lenny] - firebird2.0 2.0.3.12981.ds1-1+lenny1
+	- firebird2 <removed>
+	NOTE: firebird2 in etch is vulnerable
 CVE-2008-0386 [arbitrary code execution in xdg-utils via crafted path name]
 	RESERVED
 	- xdg-utils <not-affected> (Ships a patch that modifies the vulnerable code and uses sed secure)
@@ -311,11 +314,6 @@
 	NOT-FOR-US: IBM Lotus Sametime
 CVE-2008-0353 (SQL injection vulnerability in visualizza_tabelle.php in php-residence ...)
 	NOT-FOR-US: php-residence
-CVE-2008-XXXX [firebird DoS]
-	- firebird2.0 2.0.3.12981.ds1-4 (bug #460048)
-	[lenny] - firebird2.0 2.0.3.12981.ds1-1+lenny1
-	- firebird2 <removed>
-	NOTE: firebird2 in etch is vulnerable
 CVE-2008-XXXX [apt-cacher arbitrary command execution]
 	- apt-cacher 1.6.1
 	[etch] - apt-cacher <not-affected> (vulnerable code introduced in 1.6.0)

More information about the Secure-testing-commits mailing list