[Secure-testing-commits] r7941 - in data: CVE DTSA

nion at alioth.debian.org nion at alioth.debian.org
Wed Jan 16 13:00:27 UTC 2008 

Author: nion
Date: 2008-01-16 13:00:27 +0000 (Wed, 16 Jan 2008)
New Revision: 7941

Modified:
   data/CVE/list
   data/DTSA/list
Log:
CVE-2008-0238 also fixed in testing-security, i extracted the patch from a diff between 1.1.9 and 1.1.9.1

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-01-16 12:50:31 UTC (rev 7940)
+++ data/CVE/list	2008-01-16 13:00:27 UTC (rev 7941)
@@ -58,51 +58,52 @@
 CVE-2008-0262 (SQL injection vulnerability in includes/articleblock.php in Agares ...)
 	NOT-FOR-US: Agares PhpAutoVideo
 CVE-2008-0261 (Unspecified vulnerability in the search component and module in Mambo ...)
-	TODO: check
+	NOT-FOR-US: Mambo
+	NOTE: Mambo is in experimental
 CVE-2008-0260 (minimal Gallery 0.8 allows remote attackers to obtain configuration ...)
-	TODO: check
+	NOT-FOR-US: minimal Gallery
 CVE-2008-0259 (Multiple directory traversal vulnerabilities in _mg/php/mg_thumbs.php ...)
-	TODO: check
+	NOT-FOR-US: minimal Gallery
 CVE-2008-0258 (Cross-site scripting (XSS) vulnerability in index.php in PHP Running ...)
-	TODO: check
+	NOT-FOR-US: PHP Running Management
 CVE-2008-0257 (Cross-site scripting (XSS) vulnerability in search.pl in Dansie Search ...)
-	TODO: check
+	NOT-FOR-US: Dansie Search
 CVE-2008-0256 (Multiple SQL injection vulnerabilities in Matteo Binda ASP Photo ...)
-	TODO: check
+	NOT-FOR-US: Matteo Binda ASP Photo Gallery
 CVE-2008-0255 (SQL injection vulnerability in archive.php in iGaming 1.5, and 1.3.1 ...)
-	TODO: check
+	NOT-FOR-US: iGaming
 CVE-2008-0254 (SQL injection vulnerability in activate.php in TutorialCMS (aka ...)
-	TODO: check
+	NOT-FOR-US: TutorialCMS
 CVE-2008-0253 (SQL injection vulnerability in full_text.php in Binn SBuilder allows ...)
-	TODO: check
+	NOT-FOR-US: Binn SBuilder
 CVE-2008-0252 (Directory traversal vulnerability in the _get_file_path function in ...)
-	TODO: check
+	- python-cherrypy <unfixed> (low; bug #461069)
 CVE-2008-0251 (Unrestricted file upload vulnerability in PhotoPost vBGallery before ...)
-	TODO: check
+	NOT-FOR-US: PhotoPost vBGallery
 CVE-2008-0250 (Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Visual InterDev
 CVE-2008-0249 (PHP Webquest 2.6 allows remote attackers to retrieve database ...)
-	TODO: check
+	NOT-FOR-US: PHP Webquest
 CVE-2008-0248 (Buffer overflow in an ActiveX control in ccpm_0237.dll for StreamAudio ...)
-	TODO: check
+	NOT-FOR-US: StreamAudio ChainCast ProxyManager
 CVE-2008-0247 (Heap-based buffer overflow in IBM Tivoli Storage Manager (TSM) Express ...)
-	TODO: check
+	NOT-FOR-US: IBM Tivoli Storage Manager
 CVE-2008-0246 (admin.php in UploadScript 1.0 does not check for the original password ...)
-	TODO: check
+	NOT-FOR-US: UploadScript
 CVE-2008-0245 (admin.php in UploadImage 1.0 does not check for the original password ...)
-	TODO: check
+	NOT-FOR-US: UploadImage
 CVE-2008-0244 (SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: SAP MaxDB
 CVE-2008-0243 (Unspecified vulnerability in Lotus Domino 7.0.2 before Fix Pack 3 ...)
-	TODO: check
+	NOT-FOR-US: Lotus Domino
 CVE-2008-0242 (Unspecified vulnerability in libdevinfo in Sun Solaris 10 allows local ...)
-	TODO: check
+	NOT-FOR-US: Sun Solari
 CVE-2008-0241 (Open redirect vulnerability in /idm/user/login.jsp in Sun Java System ...)
-	TODO: check
+	NOT-FOR-US: Sun Java System Identity Manager
 CVE-2008-0240 (/idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 ...)
-	TODO: check
+	NOT-FOR-US: Sun Java System Identity Manager
 CVE-2008-0239 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...)
-	TODO: check
+	NOT-FOR-US: Sun Java System Identity Manager
 CVE-2008-0238 (Multiple heap-based buffer overflows in the rmff_dump_cont function in ...)
 	TODO: check
 CVE-2008-XXXX [insecure use of RandomPool]

Modified: data/DTSA/list
===================================================================
--- data/DTSA/list	2008-01-16 12:50:31 UTC (rev 7940)
+++ data/DTSA/list	2008-01-16 13:00:27 UTC (rev 7941)
@@ -314,5 +314,5 @@
 [January 12th, 2008] DTSA-108-1 vlc - multiple vulnerabilities
 	[lenny] - vlc 0.8.6.c-4.1~lenny1
 [January 14th, 2008] DTSA-109-1 xine-lib - heap-based buffer overflow
-	{CVE-2008-0225}
+	{CVE-2008-0225 CVE-2008-0238}
 	[lenny] - xine-lib 1.1.8-3+lenny1

More information about the Secure-testing-commits mailing list