[Secure-testing-commits] r9095 - data/CVE
nion at alioth.debian.org
nion at alioth.debian.org
Tue Jun 17 20:24:47 UTC 2008
Author: nion
Date: 2008-06-17 20:24:43 +0000 (Tue, 17 Jun 2008)
New Revision: 9095
Modified:
data/CVE/list
Log:
new issue: nasm off-by-one (CVE-2008-2719)
cveified gallery2 issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-06-17 19:53:04 UTC (rev 9094)
+++ data/CVE/list 2008-06-17 20:24:43 UTC (rev 9095)
@@ -1,3 +1,7 @@
+CVE-2008-2719 [nasm off-by-one in ppscan function]
+ - nasm <unfixed> (low; bug #486715)
+ [etch] - nasm <not-affected> (vulnerable code not present)
+ NOTE: http://www.openwall.com/lists/oss-security/2008/06/11/4
CVE-2008-2712 [multiple vulnerabilities in several vimscripts]
- vim <unfixed> (medium; bug #486502)
NOTE: a bunch of these are probably low but because of the filetype.vim issue
@@ -8,17 +12,27 @@
NOTE: http://dev.robotbattle.com/cgi-bin/viewvc.cgi/exiv2/trunk/src/nikonmn.cpp?r1=1473&r2=1499
CVE-2008-2713 [ClamaV DoS]
- clamav 0.93.1.dfsg-1 (low)
- NOTE: CVE id requested
CVE-2008-2711 [fetchmail DoS in -vv mode]
- fetchmail <unfixed> (unimportant)
NOTE: http://www.openwall.com/lists/oss-security/2008/06/13/1
NOTE: -vv is only used for debugging purposes so this does not
NOTE: prevent a victim from getting mails. -vv is not used in non-interactive
NOTE: use.
-CVE-2008-XXXX [gallery multiple security issues]
+CVE-2008-2720 [gallery2 XSS via host and path attributes]
- gallery2 2.2.5-1 (low; bug #485947)
- gallery <not-affected> (Vulnerable code not present, different codebase)
- NOTE: CVE id request was already on oss-security
+CVE-2008-2721 [gallery2 attackers can optain hidden albums]
+ - gallery2 2.2.5-1 (low; bug #485947)
+ - gallery <not-affected> (Vulnerable code not present, different codebase)
+CVE-2008-2722 [gallery2 permission bypass for sub-albums]
+ - gallery2 2.2.5-1 (low; bug #485947)
+ - gallery <not-affected> (Vulnerable code not present, different codebase)
+CVE-2008-2723 [gallery2 path disclosure]
+ - gallery2 2.2.5-1 (low; bug #485947)
+ - gallery <not-affected> (Vulnerable code not present, different codebase)
+CVE-2008-2724 [gallery2 access restriction bypass]
+ - gallery2 2.2.5-1 (low; bug #485947)
+ - gallery <not-affected> (Vulnerable code not present, different codebase)
CVE-2008-2717 [typo3 code execution & xss]
- typo3-src 4.1.7-1 (bug #485814)
CVE-2008-2685 (SQL injection vulnerability in article.asp in Battle Blog 1.25 Build 4 ...)
More information about the Secure-testing-commits
mailing list