[Secure-testing-commits] r9440 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Mon Jul 28 09:14:15 UTC 2008
Author: joeyh
Date: 2008-07-28 09:14:13 +0000 (Mon, 28 Jul 2008)
New Revision: 9440
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-07-27 23:11:42 UTC (rev 9439)
+++ data/CVE/list 2008-07-28 09:14:13 UTC (rev 9440)
@@ -1,14 +1,288 @@
-CVE-2008-3330 [horde XSS via contact name]
+CVE-2008-3338
+ RESERVED
+CVE-2008-3337
+ RESERVED
+CVE-2008-3336 (Multiple cross-site scripting (XSS) vulnerabilities in PunBB before ...)
+ TODO: check
+CVE-2008-3335 (Unspecified vulnerability in PunBB before 1.2.19 allows remote ...)
+ TODO: check
+CVE-2008-3334 (Cross-site scripting (XSS) vulnerability in MyBB 1.2.x before 1.2.14 ...)
+ TODO: check
+CVE-2008-3333 (Directory traversal vulnerability in core/lang_api.php in Mantis ...)
+ TODO: check
+CVE-2008-3332 (Eval injection vulnerability in adm_config_set.php in Mantis before ...)
+ TODO: check
+CVE-2008-3331 (Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php ...)
+ TODO: check
+CVE-2008-3329 (Unspecified vulnerability in Links before 2.1, when "only proxies" is ...)
+ TODO: check
+CVE-2008-3328 (Cross-site scripting (XSS) vulnerability in the wiki engine in Trac ...)
+ TODO: check
+CVE-2008-3324
+ RESERVED
+CVE-2008-3323
+ RESERVED
+CVE-2008-3322 (admin/index.php in Maian Recipe 1.2 and earlier allows remote ...)
+ TODO: check
+CVE-2008-3321 (admin/index.php in Maian Uploader 4.0 and earlier allows remote ...)
+ TODO: check
+CVE-2008-3320 (admin/index.php in Maian Guestbook 3.2 and earlier allows remote ...)
+ TODO: check
+CVE-2008-3319 (admin/index.php in Maian Links 3.1 and earlier allows remote attackers ...)
+ TODO: check
+CVE-2008-3318 (admin/index.php in Maian Weblog 4.0 and earlier allows remote ...)
+ TODO: check
+CVE-2008-3317 (admin/index.php in Maian Search 1.1 and earlier allows remote ...)
+ TODO: check
+CVE-2008-3316 (Cross-site scripting (XSS) vulnerability in the search feature in the ...)
+ TODO: check
+CVE-2008-3315 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline ...)
+ TODO: check
+CVE-2008-3314 (ZDaemon 1.08.07 and earlier allows remote attackers to cause a denial ...)
+ TODO: check
+CVE-2008-3313 (Multiple PHP remote file inclusion vulnerabilities in CreaCMS 1.0 ...)
+ TODO: check
+CVE-2008-3312 (Directory traversal vulnerability in ...)
+ TODO: check
+CVE-2008-3311 (PHP remote file inclusion vulnerability in config.php in Adam ...)
+ TODO: check
+CVE-2008-3310 (SQL injection vulnerability in default.asp in Pre Survey Poll allows ...)
+ TODO: check
+CVE-2008-3309 (SQL injection vulnerability in info_book.asp in DigiLeave 1.2 and ...)
+ TODO: check
+CVE-2008-3308 (PHP remote file inclusion vulnerability in cuenta/cuerpo.php in C. ...)
+ TODO: check
+CVE-2008-3307 (SQL injection vulnerability in todos.php in C. Desseno YouTube Blog ...)
+ TODO: check
+CVE-2008-3306 (SQL injection vulnerability in info.php in C. Desseno YouTube Blog ...)
+ TODO: check
+CVE-2008-3305 (Cross-site scripting (XSS) vulnerability in mensaje.php in C. Desseno ...)
+ TODO: check
+CVE-2008-3304 (BilboBlog 0.2.1 allows remote attackers to obtain sensitive ...)
+ TODO: check
+CVE-2008-3303 (admin/login.php in BilboBlog 0.2.1, when register_globals is enabled, ...)
+ TODO: check
+CVE-2008-3302 (SQL injection vulnerability in admin/delete.php in BilboBlog 0.2.1, ...)
+ TODO: check
+CVE-2008-3301 (Multiple cross-site scripting (XSS) vulnerabilities in BilboBlog 0.2.1 ...)
+ TODO: check
+CVE-2008-3300 (AlphAdmin CMS 1.0.5/03 allows remote attackers to bypass ...)
+ TODO: check
+CVE-2008-3299 (eSyndiCat 1.6 allows remote attackers to bypass authentication and ...)
+ TODO: check
+CVE-2008-3298 (SocialEngine (SE) before 2.83 grants certain write privileges for ...)
+ TODO: check
+CVE-2008-3297 (Multiple SQL injection vulnerabilities in SocialEngine (SE) before ...)
+ TODO: check
+CVE-2008-3296 (Directory traversal vulnerability in modules/system/admin.php in XOOPS ...)
+ TODO: check
+CVE-2008-3295 (Cross-site scripting (XSS) vulnerability in modules/system/admin.php ...)
+ TODO: check
+CVE-2008-3294 (src/configure.in in Vim 5.0 through 7.1, when used for a build with ...)
+ TODO: check
+CVE-2008-3293 (Directory traversal vulnerability in download.php in EZWebAlbum allows ...)
+ TODO: check
+CVE-2008-3292 (constants.inc in EZWebAlbum 1.0 allows remote attackers to bypass ...)
+ TODO: check
+CVE-2008-3291 (SQL injection vulnerability in index.php in AproxEngine (aka Aprox CMS ...)
+ TODO: check
+CVE-2008-3290 (retroclient.exe in EMC Dantz Retrospect Backup Client 7.5.116 allows ...)
+ TODO: check
+CVE-2008-3289 (EMC Dantz Retrospect Backup Client 7.5.116 sends the password hash in ...)
+ TODO: check
+CVE-2008-3288 (The Server Authentication Module in EMC Dantz Retrospect Backup Server ...)
+ TODO: check
+CVE-2008-3287 (retroclient.exe in EMC Dantz Retrospect Backup Client 7.5.116 allows ...)
+ TODO: check
+CVE-2008-3286 (SWAT 4 1.1 and earlier allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2008-3285 (The Filesys::SmbClientParser module 2.7 and earlier for Perl allows ...)
+ TODO: check
+CVE-2008-3284
+ RESERVED
+CVE-2008-3283
+ RESERVED
+CVE-2008-3282
+ RESERVED
+CVE-2008-3281
+ RESERVED
+CVE-2008-3280
+ RESERVED
+CVE-2008-3279
+ RESERVED
+CVE-2008-3278
+ RESERVED
+CVE-2008-3277
+ RESERVED
+CVE-2008-3276
+ RESERVED
+CVE-2008-3275
+ RESERVED
+CVE-2008-3274
+ RESERVED
+CVE-2008-3273
+ RESERVED
+CVE-2008-3272
+ RESERVED
+CVE-2008-3271
+ RESERVED
+CVE-2008-3270
+ RESERVED
+CVE-2008-3269 (WRPCServer.exe in WinSoftMagic WinRemotePC (WRPC) Lite 2008 and Full ...)
+ TODO: check
+CVE-2008-3268 (Unspecified vulnerability in phpScheduleIt 1.2.0 through 1.2.9, when ...)
+ TODO: check
+CVE-2008-3267 (SQL injection vulnerability in mojoJobs.cgi in MojoJobs allows remote ...)
+ TODO: check
+CVE-2008-3266 (SQL injection vulnerability in picture_pic_bv.asp in SoftAcid Hotel ...)
+ TODO: check
+CVE-2008-3265 (SQL injection vulnerability in the DT Register (com_dtregister) 2.2.3 ...)
+ TODO: check
+CVE-2008-3264 (The FWDOWNL firmware-download implementation in Asterisk Open Source ...)
+ TODO: check
+CVE-2008-3263 (The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x ...)
+ TODO: check
+CVE-2008-3262 (Cross-site request forgery (CSRF) vulnerability in Claroline before ...)
+ TODO: check
+CVE-2008-3261 (Open redirect vulnerability in claroline/redirector.php in Claroline ...)
+ TODO: check
+CVE-2008-3260 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline ...)
+ TODO: check
+CVE-2008-3259 (OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the ...)
+ TODO: check
+CVE-2008-3258 (Multiple SQL injection vulnerabilities in Zoph before 0.7.0.5 allow ...)
+ TODO: check
+CVE-2008-3257 (Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle ...)
+ TODO: check
+CVE-2008-3256 (SQL injection vulnerability in folder.php in Siteframe CMS 3.2.3 and ...)
+ TODO: check
+CVE-2008-3255 (Cross-site scripting (XSS) vulnerability in LunarNight Laboratory ...)
+ TODO: check
+CVE-2008-3254 (SQL injection vulnerability in index.php in preCMS 1 allows remote ...)
+ TODO: check
+CVE-2008-3253 (Cross-site scripting (XSS) vulnerability in the XenAPI HTTP interfaces ...)
+ TODO: check
+CVE-2008-3252 (Stack-based buffer overflow in the read_article function in ...)
+ TODO: check
+CVE-2008-3251 (Multiple SQL injection vulnerabilities in tplSoccerSite 1.0 allow ...)
+ TODO: check
+CVE-2008-3250 (SQL injection vulnerability in index.php in Arctic Issue Tracker 2.0.0 ...)
+ TODO: check
+CVE-2008-3249 (The client in Lenovo System Update before 3.14 does not properly ...)
+ TODO: check
+CVE-2008-3248
+ RESERVED
+CVE-2008-3247 (The LDT implementation in the Linux kernel 2.6.25.x on x86_64 ...)
+ TODO: check
+CVE-2008-3246 (Unspecified vulnerability in the PDF distiller component in the ...)
+ TODO: check
+CVE-2008-3245 (SQL injection vulnerability in phpHoo3.php in phpHoo3 4.3.9, 4.3.10, ...)
+ TODO: check
+CVE-2008-3244 (The scanning engine before 4.4.4 in F-Prot Antivirus before 6.0.9.0 ...)
+ TODO: check
+CVE-2008-3243 (Multiple unspecified vulnerabilities in the scanning engine before ...)
+ TODO: check
+CVE-2008-3242 (Heap-based buffer overflow in the PPMedia Class ActiveX control in ...)
+ TODO: check
+CVE-2008-3241 (SQL injection vulnerability in players-detail.php in UltraStats ...)
+ TODO: check
+CVE-2008-3240 (SQL injection vulnerability in index.php in AlstraSoft Affiliate ...)
+ TODO: check
+CVE-2008-3239 (Unrestricted file upload vulnerability in the writeLogEntry function ...)
+ TODO: check
+CVE-2008-3238 (Multiple SQL injection vulnerabilities in ITechBids 7.0 Gold allow ...)
+ TODO: check
+CVE-2008-3237 (Cross-site scripting (XSS) vulnerability in forward_to_friend.php in ...)
+ TODO: check
+CVE-2008-3236 (Unspecified vulnerability in Wsadmin in the System ...)
+ TODO: check
+CVE-2008-3235 (Unspecified vulnerability in the PropFilePasswordEncoder utility in ...)
+ TODO: check
+CVE-2008-3234 (sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH ...)
+ TODO: check
+CVE-2008-3233 (Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN ...)
+ TODO: check
+CVE-2008-3232 (Unspecified vulnerability in dotclear before 1.2.8 has unknown impact ...)
+ TODO: check
+CVE-2008-3231 (xine allows user-assisted attackers to cause a denial of service ...)
+ TODO: check
+CVE-2008-3230 (The ffmpeg lavf demuxer allows user-assisted attackers to cause a ...)
+ TODO: check
+CVE-2008-3228 (Joomla! before 1.5.4 does not configure .htaccess to apply certain ...)
+ TODO: check
+CVE-2008-3227 (Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact ...)
+ TODO: check
+CVE-2008-3226 (The file caching implementation in Joomla! before 1.5.4 allows ...)
+ TODO: check
+CVE-2008-3225 (Joomla! before 1.5.4 allows attackers to access administration ...)
+ TODO: check
+CVE-2008-3217 (PowerDNS Recursor before 3.1.6 does not always use the strongest ...)
+ TODO: check
+CVE-2008-3215 (libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to ...)
+ TODO: check
+CVE-2008-3214 (dnsmasq 2.25 allows remote attackers to cause a denial of service (1) ...)
+ TODO: check
+CVE-2008-3213 (SQL injection vulnerability in secciones/tablon/tablon.php in WebCMS ...)
+ TODO: check
+CVE-2008-3212 (Multiple SQL injection vulnerabilities in Scripteen Free Image Hosting ...)
+ TODO: check
+CVE-2008-3211 (Scripteen Free Image Hosting Script 1.2 and 1.2.1 allows remote ...)
+ TODO: check
+CVE-2008-3210 (rutil/dns/DnsStub.cxx in ReSIProcate 1.3.2, as used by repro, allows ...)
+ TODO: check
+CVE-2008-3209 (Heap-based buffer overflow in the OpenGifFile function in BiGif.dll in ...)
+ TODO: check
+CVE-2008-3208 (Simple DNS Plus 4.1, 5.0, and possibly other versions before 5.1.101 ...)
+ TODO: check
+CVE-2008-3207 (PHP remote file inclusion vulnerability in cms/modules/form.lib.php in ...)
+ TODO: check
+CVE-2008-3206 (SQL injection vulnerability in browse.groups.php in Yuhhu Pubs Black ...)
+ TODO: check
+CVE-2008-3205 (Directory traversal vulnerability in index.php in Easy-Script Wysi ...)
+ TODO: check
+CVE-2008-3204 (SQL injection vulnerability in tops_top.php in E-topbiz Million Pixels ...)
+ TODO: check
+CVE-2008-3203 (js/pages/pages_data.php in AuraCMS 2.2 through 2.2.2 does not perform ...)
+ TODO: check
+CVE-2008-3202 (Cross-site scripting (XSS) vulnerability in index.php in Xomol CMS 1.2 ...)
+ TODO: check
+CVE-2008-3201 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
+ TODO: check
+CVE-2008-3200 (SQL injection vulnerability in vlc_forum.php in Avlc Forum as of ...)
+ TODO: check
+CVE-2008-3199 (Multiple unspecified vulnerabilities in ReSIProcate before 1.3.4 allow ...)
+ TODO: check
+CVE-2008-3198 (Mozilla Firefox 3.x before 3.0.1 allows remote attackers to inject ...)
+ TODO: check
+CVE-2008-3195
+ RESERVED
+CVE-2008-3194 (Multiple directory traversal vulnerabilities in ...)
+ TODO: check
+CVE-2008-3193 (SQL injection vulnerability in jSite 1.0 OE allows remote attackers to ...)
+ TODO: check
+CVE-2008-3192 (Directory traversal vulnerability in index.php in jSite 1.0 OE allows ...)
+ TODO: check
+CVE-2008-3191 (Multiple SQL injection vulnerabilities in usercp.php in mForum 0.1a, ...)
+ TODO: check
+CVE-2008-3190 (Directory traversal vulnerability in list.php in 1Scripts CodeDB 1.1.1 ...)
+ TODO: check
+CVE-2008-3189 (SQL injection vulnerability in dreamnews-rss.php in DreamNews Manager ...)
+ TODO: check
+CVE-2008-3188 (libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the ...)
+ TODO: check
+CVE-2008-3187 (zypp-refresh-patches in zypper in SUSE openSUSE 10.2, 10.3, and 11.0 ...)
+ TODO: check
+CVE-2008-3330 (Cross-site scripting (XSS) vulnerability in ...)
- horde3 3.2.1+debian0-1 (low; bug #492578)
- turba 2.2.1-1 (low)
NOTE: CVE id requested
-CVE-2008-3325 [moodle CSRF]
+CVE-2008-3325 (Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before ...)
- moodle 1.8.1-1 (low)
NOTE: http://moodle.org/mod/forum/discuss.php?d=101405
-CVE-2008-3326 [Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle]
+CVE-2008-3326 (Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle ...)
- moodle <unfixed> (low; bug #492492)
NOTE: http://moodle.org/mod/forum/discuss.php?d=101401
-CVE-2008-3327 [moodle leaks installation path]
+CVE-2008-3327 (Moodle 1.6.5, when display_errors is enabled, allows remote attackers ...)
- moodle <unfixed> (unimportant)
NOTE: http://moodle.org/mod/forum/discuss.php?d=101403
NOTE: Does not allow any attack vendors, apart from gaining non-sensible information
@@ -18,7 +292,7 @@
NOTE: CVE id requested by redhat
NOTE: 0008975 (CSRF) covered by CVE-2008-2276
NOTE: 0008976 remote code execution only possible with valid administrator account
-CVE-2008-3196 [out of bound access]
+CVE-2008-3196 (skeleton.c in yacc does not properly handle reduction of a rule with ...)
- byacc <unfixed> (low; bug #491182)
[etch] - byacc <no-dsa> (Minor issue)
CVE-2008-XXXX [libetpan NULL deref]
@@ -30,10 +304,10 @@
- wordpress <not-affected> (Vulnerable code not present)
NOTE: this code was never present in a released wordpress version
NOTE: http://www.openwall.com/lists/oss-security/2008/07/15/5
-CVE-2008-3224 [phpbb3 urls gone through redirect()]
+CVE-2008-3224 (Unspecified vulnerability in phpBB before 3.0.1 has unknown impact and ...)
- phpbb3 3.0.2-1 (low)
- phpbb2 <not-affected> (Vulnerable code not present)
-CVE-2008-3197 [phpmyadmin CSRF PMASA-2008-5]
+CVE-2008-3197 (Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before ...)
- phpmyadmin 4:2.11.7.1-1 (low)
[etch] - phpmyadmin <no-dsa> (low impact issue)
NOTE: this only allows via csrf to create an empty database.
@@ -178,32 +452,31 @@
NOT-FOR-US: ancient issue
CVE-2003-1559 (Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, ...)
NOT-FOR-US: ancient issue
-CVE-2008-3229 [buffer overflow in XAUTHORITY handling in op]
+CVE-2008-3229 (Stack-based buffer overflow in op before Changeset 563, when xauth ...)
- op <not-affected> (not configured with xauth support)
-CVE-2008-3218 [multiple XSS related to free tagging taxonomy terms not properly handled in node preview]
+CVE-2008-3218 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x ...)
- drupal5 <not-affected> (Vulnerable code not present, feature introduced in 6.0)
- drupal-4.7 <not-affected> (Vulnerable code not present, feature introduced in 6.0)
-CVE-2008-3219 [filter_xss_admin doesnt prevent use of object HTML tag in administrator input]
+CVE-2008-3219 (The Drupal filter_xss_admin function in 5.x before 5.8 and 6.x before ...)
- drupal5 5.8-1 (low; bug #490559)
- drupal-4.7 <unfixed> (low)
TODO: report drupal-4.7 bug (see modules/filter.module line 1113, object is returned as valid)
-CVE-2008-3220 [CSRF might delete translated strings]
+CVE-2008-3220 (Cross-site request forgery (CSRF) vulnerability in Drupal 5.x before ...)
- drupal5 5.8-1 (low; bug #490559)
- drupal-4.7 <not-affected> (Vulnerable code not present)
NOTE: drupal-4.7 uses the locale_admin_string_delete callback which returns a confirmation dialog
-CVE-2008-3221 [CSRF might delete openid identities]
+CVE-2008-3221 (Cross-site request forgery (CSRF) vulnerability in Drupal 6.x before ...)
- drupal5 <not-affected> (Vulnerable code not present, openids introduced in 6.0)
- drupal-4.7 <not-affected> (Vulnerable code not present, openids introduced in 6.0)
-CVE-2008-3222 [session fixation vulnerability]
+CVE-2008-3222 (Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before ...)
- drupal5 5.9-1 (low; bug #490559)
- drupal-4.7 <unfixed> (low)
TODO: report drupal-4.7 bug (see modules/user.module line 964, sess_regenerate() needs to be called)
NOTE: before login action
-CVE-2008-3223 [SQL Injection in Schema API]
+CVE-2008-3223 (SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 ...)
- drupal5 <not-affected> (Vulnerable code not present, introduced in 6.0)
- drupal-4.7 <not-affected> (Vulnerable code not present, introduced in 6.0)
-CVE-2008-3145 [DoS via injecting a series of malformed packets]
- RESERVED
+CVE-2008-3145 (The fragment_add_work function in epan/reassemble.c in Wireshark ...)
- wireshark 1.0.2-1 (low)
NOTE: http://www.wireshark.org/security/wnpa-sec-2008-04.html
CVE-2008-3115 (Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and ...)
@@ -295,7 +568,7 @@
RESERVED
CVE-2008-3084
RESERVED
-CVE-2008-3216 [projectl prone to symlink attack]
+CVE-2008-3216 (The save function in br/prefmanager.d in projectl 1.001 creates a ...)
- projectl 1.001.dfsg1-2 (low; bug #489988)
[etch] - projectl <no-dsa> (Minor issue)
CVE-2008-3083 (SQL injection vulnerability in Brightcode Weblinks ...)
@@ -549,8 +822,8 @@
NOT-FOR-US: CMS Mini
CVE-2008-2959 (Buffer overflow in a certain ActiveX control (vb6skit.dll) in ...)
NOT-FOR-US: ActiveX control
-CVE-2008-2951
- RESERVED
+CVE-2008-2951 (Open redirect vulnerability in the search script in Trac before 0.10.5 ...)
+ TODO: check
CVE-2008-2949 (Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2948 (Cross-domain vulnerability in Microsoft Internet Explorer 7 and 8 ...)
@@ -580,10 +853,9 @@
RESERVED
CVE-2008-2935
RESERVED
-CVE-2008-2934
- RESERVED
-CVE-2008-2933 [command line urls can launch multiple tabs when firefox is not running]
- RESERVED
+CVE-2008-2934 (Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to ...)
+ TODO: check
+CVE-2008-2933 (Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' ...)
{DSA-1615-1 DSA-1614-1}
- iceweasel 3.0.1-1 (low)
NOTE: http://www.mozilla.org/security/announce/2008/mfsa2008-35.html
@@ -802,7 +1074,7 @@
- dnsmasq 2.26-1 (medium)
NOTE: CVE id requested by Ubuntu
NOTE: http://freshmeat.net/projects/dnsmasq/?branch_id=1991&release_id=217681
-CVE-2008-2952 (liblber/io.c in OpenLDAP 2.3.41, 2.3.42, and possibly other versions ...)
+CVE-2008-2952 (liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to ...)
{DTSA-151-1}
- openldap2.3 <removed> (medium; bug #488710)
- openldap <unfixed> (medium; bug #488710)
@@ -897,7 +1169,7 @@
- linux-2.6 2.6.25-7
- linux-2.6.24 2.6.24-6~etchnhalf.4
CVE-2008-2811 (The block reflow implementation in Mozilla Firefox before 2.0.0.15, ...)
- {DSA-1615-1 DSA-1607-1}
+ {DSA-1621-1 DSA-1615-1 DSA-1607-1}
- iceweasel 3.0
NOTE: Firefox 3 not affected
- iceape 1.1.10-1
@@ -907,7 +1179,7 @@
- iceweasel <not-affected> (Windows-specific)
- iceape <not-affected> (Windows-specific)
CVE-2008-2809 (Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, ...)
- {DSA-1615-1 DSA-1607-1}
+ {DSA-1621-1 DSA-1615-1 DSA-1607-1}
- iceweasel 3.0
NOTE: Firefox 3 not affected
- iceape 1.1.10-1
@@ -919,7 +1191,7 @@
- iceape 1.1.10-1
- xulrunner <unfixed>
CVE-2008-2807 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not ...)
- {DSA-1615-1 DSA-1607-1}
+ {DSA-1621-1 DSA-1615-1 DSA-1607-1}
- iceweasel 3.0
- iceape 1.1.10-1
- xulrunner <unfixed>
@@ -936,12 +1208,12 @@
CVE-2008-2804
RESERVED
CVE-2008-2803 (The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox ...)
- {DSA-1615-1 DSA-1607-1}
+ {DSA-1621-1 DSA-1615-1 DSA-1607-1}
- iceweasel 3.0~b2-1
- iceape 1.1.10-1
- xulrunner 2.0.0.16-1
CVE-2008-2802 (Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and ...)
- {DSA-1615-1 DSA-1607-1}
+ {DSA-1621-1 DSA-1615-1 DSA-1607-1}
- iceweasel 3.0~b2-1
- iceape 1.1.10-1
- xulrunner 2.0.0.16-1
@@ -956,13 +1228,13 @@
- iceape 1.1.10-1
- xulrunner <unfixed>
CVE-2008-2799 (Multiple unspecified vulnerabilities in Mozilla Firefox before ...)
- {DSA-1615-1 DSA-1607-1}
+ {DSA-1621-1 DSA-1615-1 DSA-1607-1}
- iceweasel 3.0~b2-1
- iceape 1.1.10-1
- xulrunner <unfixed>
- icedove 2.0.0.16-1
CVE-2008-2798 (Multiple unspecified vulnerabilities in Mozilla Firefox before ...)
- {DSA-1615-1 DSA-1607-1}
+ {DSA-1621-1 DSA-1615-1 DSA-1607-1}
- iceweasel 3.0~b2-1
- iceape 1.1.10-1
- xulrunner <unfixed>
@@ -1003,8 +1275,8 @@
- iceweasel <unfixed> (bug #488358)
- iceape <unfixed> (bug #491162)
- xulrunner <unfixed> (bug #491160)
-CVE-2008-2785 (Unspecified vulnerability in Firefox 3.0 and 2.0.x has unknown impact ...)
- {DSA-1615-1 DSA-1614-1}
+CVE-2008-2785 (Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird ...)
+ {DSA-1621-1 DSA-1615-1 DSA-1614-1}
- iceweasel 3.0 (medium; bug #488358)
- icedove 2.0.0.16-1
- iceape 1.1.11-1 (bug #491163)
@@ -1451,19 +1723,19 @@
RESERVED
CVE-2008-2583 (Unspecified vulnerability in the sample Discussion Forum Portlet for ...)
NOT-FOR-US: Oracle database
-CVE-2008-2582 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
+CVE-2008-2582 (Unspecified vulnerability in the WebLogic Server component in Oracle ...)
NOT-FOR-US: BEA Product Suite
-CVE-2008-2581 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
+CVE-2008-2581 (Unspecified vulnerability in the WebLogic Server component in Oracle ...)
NOT-FOR-US: BEA Product Suite
-CVE-2008-2580 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
+CVE-2008-2580 (Unspecified vulnerability in the WebLogic Server component in Oracle ...)
NOT-FOR-US: BEA Product Suite
CVE-2008-2579 (Unspecified vulnerability in the WebLogic Server Plugins for Apache, ...)
NOT-FOR-US: BEA Product Suite
-CVE-2008-2578 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
+CVE-2008-2578 (Unspecified vulnerability in the WebLogic Server component in Oracle ...)
NOT-FOR-US: BEA Product Suite
-CVE-2008-2577 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
+CVE-2008-2577 (Unspecified vulnerability in the WebLogic Server component in Oracle ...)
NOT-FOR-US: BEA Product Suite
-CVE-2008-2576 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
+CVE-2008-2576 (Unspecified vulnerability in the WebLogic Server component in Oracle ...)
NOT-FOR-US: BEA Product Suite
CVE-2008-2574 (Unrestricted file upload vulnerability in admin/Editor/imgupload.php ...)
NOT-FOR-US: FlashBlog
@@ -2191,8 +2463,7 @@
RESERVED
CVE-2008-2233
RESERVED
-CVE-2008-2232 [privilege escalation in afuse]
- RESERVED
+CVE-2008-2232 (The expand_template function in afuse.c in afuse 0.2 allows local ...)
{DSA-1611-1 DTSA-149-1}
- afuse 0.2-3 (bug #490921; medium)
CVE-2008-2231 (SQL injection vulnerability in Slashdot Like Automated Storytelling ...)
@@ -2339,7 +2610,7 @@
RESERVED
CVE-2008-2163 (Cross-site scripting (XSS) vulnerability in IBM Lotus Quickr 8.1 ...)
NOT-FOR-US: IBM Lotus Quickr
-CVE-2008-2276 (Cross-site request forgery (CSRF) vulnerability in Mantis 1.1.1 allows ...)
+CVE-2008-2276 (Cross-site request forgery (CSRF) vulnerability in ...)
- mantis 1.0.8-4.1 (bug #481504)
CVE-2008-2266 (uulib/uunconc.c in UUDeview 0.5.20, as used in nzbget before 0.3.0 and ...)
- uudeview 0.5.20-3.1 (low; bug #480972)
@@ -3523,10 +3794,10 @@
RESERVED
CVE-2008-1667
RESERVED
-CVE-2008-1666
- RESERVED
-CVE-2008-1665
- RESERVED
+CVE-2008-1666 (Unspecified vulnerability in HP Oracle for OpenView (OfO) 8.1.7, ...)
+ TODO: check
+CVE-2008-1665 (Multiple unspecified vulnerabilities in HP Select Identity (HPSI) ...)
+ TODO: check
CVE-2008-1664
RESERVED
CVE-2008-1663 (Cross-site scripting (XSS) vulnerability in HP System Management ...)
@@ -6752,6 +7023,7 @@
CVE-2008-0305
RESERVED
CVE-2008-0304 (Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and ...)
+ {DSA-1621-1}
- icedove 2.0.0.12-1 (medium)
- iceape 1.1.8-1 (medium)
CVE-2008-0303 (The FTP print feature in multiple Canon printers, including ...)
More information about the Secure-testing-commits
mailing list