[Secure-testing-commits] r8136 - data/CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Mon Feb 11 17:47:03 UTC 2008
Author: jmm-guest
Date: 2008-02-11 17:47:02 +0000 (Mon, 11 Feb 2008)
New Revision: 8136
Modified:
data/CVE/list
Log:
sun-java6 not in etch
add cherrypy3, affected as well
mozilla dupe, poked mitre
convert old xoops itps to NFU, the wnpp bug was closed (and this shouldn't enter the archive anyway)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-02-11 17:36:38 UTC (rev 8135)
+++ data/CVE/list 2008-02-11 17:47:02 UTC (rev 8136)
@@ -31,7 +31,6 @@
CVE-2008-0628 (The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 ...)
- sun-java6 6-04-1
- sun-java5 <not-affected> (referring to sun this vulnerability is not present in java5)
- [etch] - sun-java6 <no-dsa> (non-free not supported)
CVE-2008-0627
REJECTED
CVE-2008-0626
@@ -944,6 +943,7 @@
CVE-2008-0252 (Directory traversal vulnerability in the _get_file_path function in ...)
{DSA-1481-1}
- python-cherrypy 2.2.1-3.1 (low; bug #461069)
+ - cherrypy3 3.0.2-2
CVE-2008-0251 (Unrestricted file upload vulnerability in PhotoPost vBGallery before ...)
NOT-FOR-US: PhotoPost vBGallery
CVE-2008-0250 (Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows ...)
@@ -974,7 +974,7 @@
CVE-2008-0238 (Multiple heap-based buffer overflows in the rmff_dump_cont function in ...)
NOTE: Dupe of CVE-2008-0225
CVE-2008-0299 (common.py in Paramiko 1.7.1 and earlier, when using threads or forked ...)
- - paramiko 1.6.4-1.1 (medium; bug #460706)
+ - paramiko 1.6.4-1.1 (low; bug #460706)
NOTE: http://www.lag.net/pipermail/paramiko/2008-January/000599.html
CVE-2008-0237 (The Microsoft Rich Textbox ActiveX Control (RICHTX32.OCX) 6.1.97.82 ...)
NOT-FOR-US: Microsoft Rich Textbox ActiveX Control
@@ -11077,10 +11077,7 @@
CVE-2007-3091 (Race condition in Microsoft Internet Explorer 6 and 7 allows remote ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3090 (Mozilla Firefox does not properly manage a delay timer used in ...)
- - iceweasel <unfixed> (medium)
- - iceape <unfixed> (medium)
- [sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
- - xulrunner <unfixed> (medium)
+ NOTE: This is a dupe of CVE-2008-0519, since 0519 is more widely used, marking this as a dupe
CVE-2007-3089 (Mozilla Firefox before 2.0.0.5 does not prevent use of document.write ...)
{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
- iceweasel 2.0.0.5-1 (low; bug #427691)
@@ -37394,9 +37391,9 @@
CVE-2005-3682 (Multiple SQL injection vulnerabilities in Wizz Forum 1.20 allow remote ...)
NOT-FOR-US: Wizz Forum
CVE-2005-3681 (SQL injection vulnerability in viewcat.php in XOOPS WF-Downloads ...)
- - xoops <itp> (bug #207640)
+ NOT-FOR-US: Xoops
CVE-2005-3680 (Directory traversal vulnerability in editor_registry.php in XOOPS ...)
- - xoops <itp> (bug #207640)
+ NOT-FOR-US: Xoops
CVE-2005-3679 (SQL injection vulnerability in admin/index.php in ActiveCampaign ...)
NOT-FOR-US: ActiveCampaign 1-2-All Broadcast Email
CVE-2005-3678 (Google Talk before 1.0.0.76, with email notification enabled, allows ...)
@@ -41892,7 +41889,7 @@
CVE-2005-2339 (Cross-site scripting (XSS) vulnerability in the Unicode version of ...)
NOT-FOR-US: unicode msearch
CVE-2005-2338 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.12 JP ...)
- - xoops <itp> (bug #207640)
+ NOT-FOR-US: Xoops
CVE-2005-2337 (Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to ...)
{DSA-864-1 DSA-862-1 DSA-860-1}
- ruby <removed>
@@ -43055,9 +43052,9 @@
[sarge] - mozilla <not-affected> (Unreproducible)
- mozilla 2:1.7.10-1 (bug #318723; medium)
CVE-2005-2113 (SQL injection vulnerability in the loginUser function in the XMLRPC ...)
- - xoops <itp> (bug #207640)
+ NOT-FOR-US: Xoops
CVE-2005-2112 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 ...)
- - xoops <itp> (bug #207640)
+ NOT-FOR-US: Xoops
CVE-2005-2111 (login.cgi in Community Link Pro Web Editor allows remote attackers to ...)
NOT-FOR-US: Community Link Pro Web Editor
CVE-2005-2110 (WordPress 1.5.1.2 and earlier allows remote attackers to obtain ...)
@@ -43676,7 +43673,7 @@
CVE-2002-1803 (Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows remote ...)
NOT-FOR-US: PHP-Nuke
CVE-2002-1802 (Cross-site scripting (XSS) vulnerability in Xoops 1.0 RC3 allows ...)
- - xoops <itp> (bug #207640)
+ NOT-FOR-US: Xoops
CVE-2002-1801 (ImageFolio 2.23 through 2.27 allows remote attackers to obtain ...)
NOT-FOR-US: ImageFolio
CVE-2002-1800 (phpRank 1.8 stores the administrative password in plaintext on the ...)
@@ -48194,7 +48191,7 @@
CVE-2005-0744 (The web GUI for Novell iChain 2.2 and 2.3 SP2 and SP3 allows attackers ...)
NOT-FOR-US: Novell iChain
CVE-2005-0743 (The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 ...)
- - xoops <itp> (bug #207640)
+ NOT-FOR-US: Xoops
CVE-2005-0742 (Cross-site scripting (XSS) vulnerability in Sun Java System ...)
NOT-FOR-US: Sun Java System Application Server
CVE-2005-0741 (Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0 RC1 ...)
@@ -55301,7 +55298,7 @@
CVE-2003-0492 (Cross-site scripting (XSS) vulnerability in search.asp for Snitz ...)
NOT-FOR-US: snitz forums; not in debian
CVE-2003-0491 (The Tutorials 2.0 module in XOOPS and E-XOOPS allows remote attackers ...)
- - xoops <itp> (bug #207640)
+ NOT-FOR-US: Xoops
CVE-2003-0490 (The installation of Dantz Retrospect Client 5.0.540 on MacOS X 10.2.6, ...)
NOT-FOR-US: Dantz Retrospect
CVE-2003-0489 (tcptraceroute 1.4 and earlier does not fully drop privileges after ...)
More information about the Secure-testing-commits
mailing list