[Secure-testing-commits] r7939 - data/CVE

nion at alioth.debian.org nion at alioth.debian.org
Wed Jan 16 12:43:26 UTC 2008 

Author: nion
Date: 2008-01-16 12:43:25 +0000 (Wed, 16 Jan 2008)
New Revision: 7939

Modified:
   data/CVE/list
Log:
NFUs
new issue: ngircd
CVE-2008-027[2-4] fixed in drupal5 5.6-1


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-01-16 12:21:03 UTC (rev 7938)
+++ data/CVE/list	2008-01-16 12:43:25 UTC (rev 7939)
@@ -1,61 +1,62 @@
 CVE-2008-0290 (Multiple SQL injection vulnerabilities in Digital Hive 2.0 RC2 and ...)
-	TODO: check
+	NOT-FOR-US: Digital Hive
 CVE-2008-0289 (PHP remote file inclusion vulnerability in view_func.php in Member ...)
-	TODO: check
+	NOT-FOR-US: Member Area System
 CVE-2008-0288 (Multiple SQL injection vulnerabilities in ImageAlbum 2.0.0b2 allow ...)
-	TODO: check
+	NOT-FOR-US: ImageAlbum
 CVE-2008-0287 (PHP remote file inclusion vulnerability in VisionBurst vcart 3.3.2 and ...)
-	TODO: check
+	NOT-FOR-US: VisionBurst vcart
 CVE-2008-0286 (SQL injection vulnerability in admin/login.php in Article Dashboard ...)
-	TODO: check
+	NOT-FOR-US: Article Dashboard
 CVE-2008-0285 (ngIRCd 0.10.x before 0.10.4 and 0.11.0 before 0.11.0-pre2 allows ...)
-	TODO: check
+	- ngircd <unfixed> (bug #461067; medium)
 CVE-2008-0284 (Cross-site scripting (XSS) vulnerability in Simple Machines Forum ...)
-	TODO: check
+	NOT-FOR-US: Simple Machines Forum
 CVE-2008-0283 (PHP remote file inclusion vulnerability in /aides/index.php in DomPHP ...)
-	TODO: check
+	NOT-FOR-US: DomPHP
 CVE-2008-0282 (SQL injection vulnerability in welcome/inscription.php in DomPHP 0.81 ...)
-	TODO: check
+	NOT-FOR-US: DomPHP
 CVE-2008-0281 (SQL injection vulnerability in liste.php in ID-Commerce 2.0 and ...)
-	TODO: check
+	NOT-FOR-US: ID-Commerce
 CVE-2008-0280 (SQL injection vulnerability in index.php in MTCMS 2.0 and possibly ...)
-	TODO: check
+	NOT-FOR-US: MTCMS
 CVE-2008-0279 (SQL injection vulnerability in liretopic.php in Xforum 1.4 and ...)
-	TODO: check
+	NOT-FOR-US: Xforum
 CVE-2008-0278 (SQL injection vulnerability in index.php in X7 Chat 2.0.5 and possibly ...)
-	TODO: check
+	NOT-FOR-US: X7 Chat
 CVE-2008-0277 (Unspecified vulnerability in the Fileshare module for Drupal allows ...)
-	TODO: check
+	NOT-FOR-US: Fileshare module for Drupal
 CVE-2008-0276 (Cross-site scripting (XSS) vulnerability in the Devel module before ...)
-	TODO: check
+	NOT-FOR-US: Devel module for Drupal
 CVE-2008-0275 (The Atom 4.7 before 4.7.x-1.0 and 5.x before 5.x-1.0 module for Drupal ...)
-	TODO: check
+	NOT-FOR-US: Atom module for Drupal
 CVE-2008-0274 (Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when ...)
-	TODO: check
+	- drupal5 5.6-1 (unimportant)
+	NOTE: needs register_globals on
 CVE-2008-0273 (Interpretation conflict in Drupal 4.7.x before 4.7.11 and 5.x before ...)
-	TODO: check
+	- drupal5 5.6-1 (low)
 CVE-2008-0272 (Cross-site request forgery (CSRF) vulnerability in the aggregator ...)
-	TODO: check
+	- drupal5 5.6-1 (low)
 CVE-2008-0271 (The editor deletion form in BUEditor 4.7.x before 4.7.x-1.0 and 5.x ...)
-	TODO: check
+	NOT-FOR-US: BUEditor
 CVE-2008-0270 (SQL injection vulnerability in index.php in TaskFreak! 0.6.1 and ...)
-	TODO: check
+	NOT-FOR-US: TaskFreak!
 CVE-2008-0269 (Unspecified vulnerability in the dotoprocs function in Sun Solaris 10 ...)
-	TODO: check
+	NOT-FOR-US: Sun Solaris
 CVE-2008-0268 (Cross-site scripting (XSS) vulnerability in view.php in eTicket ...)
-	TODO: check
+	NOT-FOR-US: eTicket
 CVE-2008-0267 (Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote ...)
-	TODO: check
+	NOT-FOR-US: eTicket
 CVE-2008-0266 (Cross-site request forgery (CSRF) vulnerability in admin.php in ...)
-	TODO: check
+	NOT-FOR-US: eTicket
 CVE-2008-0265 (Multiple cross-site scripting (XSS) vulnerabilities in the Search ...)
-	TODO: check
+	NOT-FOR-US:  F5 BIG-IP
 CVE-2008-0264 (Unspecified vulnerability in the Meta Tags (aka Nodewords) 5.x-1.6 ...)
-	TODO: check
+	NOT-FOR-US: Meta Tags module for Drupal
 CVE-2008-0263 (The SIP module in Ingate Firewall before 4.6.1 and SIParator before ...)
-	TODO: check
+	NOT-FOR-US: Ingate Firewall
 CVE-2008-0262 (SQL injection vulnerability in includes/articleblock.php in Agares ...)
-	TODO: check
+	NOT-FOR-US: Agares PhpAutoVideo
 CVE-2008-0261 (Unspecified vulnerability in the search component and module in Mambo ...)
 	TODO: check
 CVE-2008-0260 (minimal Gallery 0.8 allows remote attackers to obtain configuration ...)
@@ -1998,7 +1999,7 @@
 	- linux-2.6 2.6.23-2
 	NOTE: kernel-sec is aware of this
 CVE-2007-6062 (irc-channel.c in ngIRCd before 0.10.3 allows remote attackers to cause ...)
-	- ngircd 0.10.3-1 (medium; bug #451875)
+	- ngircd 0.10.3-1 (bug #451875)
 	[etch] - ngircd <no-dsa> (Minor issue)
 CVE-2007-6061 (Audacity 1.3.2 creates a temporary directory with a predictable name ...)
 	- audacity <unfixed> (bug #453283; low)

More information about the Secure-testing-commits mailing list