[Secure-testing-commits] r9245 - data/CVE
nion at alioth.debian.org
nion at alioth.debian.org
Sun Jul 6 09:34:52 UTC 2008
Author: nion
Date: 2008-07-06 09:34:51 +0000 (Sun, 06 Jul 2008)
New Revision: 9245
Modified:
data/CVE/list
Log:
update description for python-werkzeug
CVE-2008-2430 fixed in vlc 0.8.6.h-1
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-07-05 21:38:08 UTC (rev 9244)
+++ data/CVE/list 2008-07-06 09:34:51 UTC (rev 9245)
@@ -26,10 +26,9 @@
- linuxdcpp 1.0.1-2 (low; bug #488630)
CVE-2008-2958 [possible symlink attack in checkinstall]
- checkinstall 1.6.1-7 (low; bug #488140)
-CVE-2008-XXXX [unspecified python-werkzeug issue]
+CVE-2008-XXXX [werkzeug hashes its secret instead of using hmac]
- python-werkzeug 0.3.1-1 (unknown)
NOTE: http://lucumr.pocoo.org/cogitations/2008/06/24/werkzeug-031-released/
- NOTE: contacted upstream for exploit vector
CVE-2008-XXXX [sudo does not flush stdin on timeout]
- sudo 1.6.9p12-1
[etch] - sudo <not-affected> (Issue was introduced in 1.6.9)
@@ -907,7 +906,7 @@
RESERVED
CVE-2008-2430 [vlc heap overflow in wav decoding]
RESERVED
- - vlc <unfixed> (medium; bug #489004)
+ - vlc 0.8.6.h-1 (medium; bug #489004)
CVE-2008-2429
RESERVED
CVE-2008-2428 (Multiple SQL injection vulnerabilities in TorrentTrader 1.08 Classic ...)
More information about the Secure-testing-commits
mailing list