[Secure-testing-commits] r8402 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Tue Mar 25 09:14:15 UTC 2008
Author: joeyh
Date: 2008-03-25 09:14:14 +0000 (Tue, 25 Mar 2008)
New Revision: 8402
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-03-25 08:32:07 UTC (rev 8401)
+++ data/CVE/list 2008-03-25 09:14:14 UTC (rev 8402)
@@ -1,4 +1,201 @@
-CVE-2008-1476 [Serendipity XSS in trackbacks]
+CVE-2008-1489 (Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC ...)
+ TODO: check
+CVE-2008-1488 (Stack-based buffer overflow in apc.c in Alternative PHP Cache (APC) ...)
+ TODO: check
+CVE-2008-1487 (Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before ...)
+ TODO: check
+CVE-2008-1486 (SQL injection vulnerability in Phorum before 5.2.6 , when mysql_use_ft ...)
+ TODO: check
+CVE-2008-1485 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and earlier ...)
+ TODO: check
+CVE-2008-1484 (The password reset feature in PunBB 1.2.16 and earlier uses ...)
+ TODO: check
+CVE-2008-1483 (OpenSSH 4.3p2, and probably other versions, allows local users to ...)
+ TODO: check
+CVE-2008-1482 (Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote ...)
+ TODO: check
+CVE-2008-1481 (Cross-site scripting (XSS) vulnerability in index.php in webSPELL ...)
+ TODO: check
+CVE-2008-1480 (rpc.metad in Sun Solaris 10 allows remote attackers to cause a denial ...)
+ TODO: check
+CVE-2008-1479 (Cross-site scripting (XSS) vulnerability in index.php in ...)
+ TODO: check
+CVE-2008-1478 (Home FTP Server 1.4.5.89 allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2008-1477 (Multiple cross-site scripting (XSS) vulnerabilities in busca.php in ...)
+ TODO: check
+CVE-2008-1475 (The xml-rpc server in Roundup 1.4.4 does not check property ...)
+ TODO: check
+CVE-2008-1474 (Multiple unspecified vulnerabilities in Roundup before 1.4.4 have ...)
+ TODO: check
+CVE-2008-1473 (The Altiris Client Service (AClient.exe) in Symantec Altiris ...)
+ TODO: check
+CVE-2008-1472 (Stack-based buffer overflow in the ListCtrl.ocx ActiveX Control in CA ...)
+ TODO: check
+CVE-2008-1471 (The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ ...)
+ TODO: check
+CVE-2008-1470 (Incomplete blacklist vulnerability in IISWebAgentIF.dll in the WebID ...)
+ TODO: check
+CVE-2008-1469 (Gallarific Free Edition 1.1 does not require authentication for (1) ...)
+ TODO: check
+CVE-2008-1468 (Cross-site scripting (XSS) vulnerability in namazu.cgi in Namazu ...)
+ TODO: check
+CVE-2008-1467 (CenterIM 4.22.3 and earlier allows remote attackers to execute ...)
+ TODO: check
+CVE-2008-1466 (Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 ...)
+ TODO: check
+CVE-2008-1465 (SQL injection vulnerability in the Detodas Restaurante ...)
+ TODO: check
+CVE-2008-1464 (Multiple SQL injection vulnerabilities in Gallarific Free Edition 1.1 ...)
+ TODO: check
+CVE-2008-1463 (Cross-site scripting (XSS) vulnerability in the management GUI in ...)
+ TODO: check
+CVE-2008-1462 (SQL injection vulnerability in the sections (Section) module in RunCMS ...)
+ TODO: check
+CVE-2008-1461 (Buffer overflow in XnView 1.92.1 allows user-assisted remote attackers ...)
+ TODO: check
+CVE-2008-1460 (SQL injection vulnerability in the Joovideo (com_joovideo) 1.0 and ...)
+ TODO: check
+CVE-2008-1459 (SQL injection vulnerability in the Alberghi (com_alberghi) 2.1.3 and ...)
+ TODO: check
+CVE-2008-1458 (Cross-site scripting (XSS) vulnerability in index.php in CS-Cart 1.3.2 ...)
+ TODO: check
+CVE-2008-1457
+ RESERVED
+CVE-2008-1456
+ RESERVED
+CVE-2008-1455
+ RESERVED
+CVE-2008-1454
+ RESERVED
+CVE-2008-1453
+ RESERVED
+CVE-2008-1452
+ RESERVED
+CVE-2008-1451
+ RESERVED
+CVE-2008-1450
+ RESERVED
+CVE-2008-1449
+ RESERVED
+CVE-2008-1448
+ RESERVED
+CVE-2008-1447
+ RESERVED
+CVE-2008-1446
+ RESERVED
+CVE-2008-1445
+ RESERVED
+CVE-2008-1444
+ RESERVED
+CVE-2008-1443
+ RESERVED
+CVE-2008-1442
+ RESERVED
+CVE-2008-1441
+ RESERVED
+CVE-2008-1440
+ RESERVED
+CVE-2008-1439
+ RESERVED
+CVE-2008-1438
+ RESERVED
+CVE-2008-1437
+ RESERVED
+CVE-2008-1436
+ RESERVED
+CVE-2008-1435
+ RESERVED
+CVE-2008-1434
+ RESERVED
+CVE-2008-1433
+ RESERVED
+CVE-2008-1432 (Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ...)
+ TODO: check
+CVE-2008-1431 (RaidSonic NAS-4220-B with 2.6.0-n(2007-10-11) firmware stores a ...)
+ TODO: check
+CVE-2008-1430 (SQL injection vulnerability in links.asp in ASPapp allows remote ...)
+ TODO: check
+CVE-2008-1429 (Secure Internet Live Conferencing (SILC) Server before 1.1.1 allows ...)
+ TODO: check
+CVE-2008-1428 (Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart ...)
+ TODO: check
+CVE-2008-1427 (SQL injection vulnerability in the Joobi Acajoom (com_acajoom) 1.1.5 ...)
+ TODO: check
+CVE-2008-1426 (SQL injection vulnerability in album.asp in KAPhotoservice allows ...)
+ TODO: check
+CVE-2008-1425 (SQL injection vulnerability in index.php in the gallery module in ...)
+ TODO: check
+CVE-2008-1424
+ RESERVED
+CVE-2008-1423
+ RESERVED
+CVE-2008-1422
+ RESERVED
+CVE-2008-1421
+ RESERVED
+CVE-2008-1420
+ RESERVED
+CVE-2008-1419
+ RESERVED
+CVE-2008-1418
+ RESERVED
+CVE-2008-1416 (Multiple PHP remote file inclusion vulnerabilities in PHPauction GPL ...)
+ TODO: check
+CVE-2008-1415 (Directory traversal vulnerability in index.php in Multiple Time Sheets ...)
+ TODO: check
+CVE-2008-1414 (Cross-site scripting (XSS) vulnerability in Multiple Time Sheets (MTS) ...)
+ TODO: check
+CVE-2008-1413 (Cross-site scripting (XSS) vulnerability in search.php in SNewsCMS Rus ...)
+ TODO: check
+CVE-2008-1412 (Unspecified vulnerability in multiple F-Secure anti-virus products, ...)
+ TODO: check
+CVE-2008-1411 (The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and ...)
+ TODO: check
+CVE-2008-1410 (Directory traversal vulnerability in the PXE Server (pxesrv.exe) in ...)
+ TODO: check
+CVE-2008-1409 (Multiple directory traversal vulnerabilities in the Default theme in ...)
+ TODO: check
+CVE-2008-1408 (SQL injection vulnerability in includes/functions/banners-external.php ...)
+ TODO: check
+CVE-2008-1407 (SQL injection vulnerability in index.php in the WebChat 1.60 module ...)
+ TODO: check
+CVE-2008-1406 (SQL injection vulnerability in annonces-p-f.php in the MyAnnonces 1.8 ...)
+ TODO: check
+CVE-2008-1405 (PHP remote file inclusion vulnerability in code/display.php in ...)
+ TODO: check
+CVE-2008-1404 (SQL injection vulnerability in index.php in the Viso (Industry Book) ...)
+ TODO: check
+CVE-2008-1403 (Stack-based buffer overflow in the TFTP server in BootManage TFTPD ...)
+ TODO: check
+CVE-2008-1402 (MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote ...)
+ TODO: check
+CVE-2008-1401 (Format string vulnerability in the Net Inspector HTTP server (mghttpd) ...)
+ TODO: check
+CVE-2008-1400 (Directory traversal vulnerability in the Net Inspector HTTP Server ...)
+ TODO: check
+CVE-2008-1399 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
+ TODO: check
+CVE-2008-1398 (SQL injection vulnerability in online.php in AuraCMS 2.0 through 2.2.1 ...)
+ TODO: check
+CVE-2008-1397 (Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 ...)
+ TODO: check
+CVE-2008-1396 (Plone CMS 3.x uses invariant data (a client username and a server ...)
+ TODO: check
+CVE-2008-1395 (Plone CMS does not record users' authentication states, and implements ...)
+ TODO: check
+CVE-2008-1394 (Plone CMS before 3 places a base64 encoded form of the username and ...)
+ TODO: check
+CVE-2008-1393 (Plone CMS 3.0.5, and probably other 3.x versions, places a base64 ...)
+ TODO: check
+CVE-2008-1392 (The default configuration of VMware Workstation 6.0.2, VMware Player ...)
+ TODO: check
+CVE-2007-6711 (Unspecified vulnerability in customer.php in FreeWebshop.org 2.2.5, ...)
+ TODO: check
+CVE-2005-4873 (Multiple stack-based buffer overflows in the phpcups PHP module for ...)
+ TODO: check
+CVE-2008-1476 (Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before ...)
+ {DSA-1528-1}
- serendipity 1.3-1
NOTE: http://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.html
CVE-2008-XXXX [multiple security issues in kses as used in egroupware]
@@ -11,8 +208,7 @@
NOTE: http://packages.qa.debian.org/o/otrs2/news/20080320T211729Z.html
CVE-2008-1391
RESERVED
-CVE-2008-1390 [AST-2008-005: HTTP Manager ID is predictable]
- RESERVED
+CVE-2008-1390 (The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before ...)
- asterisk <unfixed> (low)
[etch] - asterisk <not-affected> (Only 1.4.x affected)
[sarge] - asterisk <not-affected> (Only 1.4.x affected)
@@ -72,14 +268,14 @@
NOT-FOR-US: Trend Micro OfficeScan Corporate Edition
CVE-2008-1365 (Stack-based buffer overflow in Trend Micro OfficeScan Corporate ...)
NOT-FOR-US: Trend Micro OfficeScan Corporate Edition
-CVE-2008-1364
- RESERVED
-CVE-2008-1363
- RESERVED
-CVE-2008-1362
- RESERVED
-CVE-2008-1361
- RESERVED
+CVE-2008-1364 (Unspecified vulnerability in the DHCP service in VMware Workstation ...)
+ TODO: check
+CVE-2008-1363 (VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware ...)
+ TODO: check
+CVE-2008-1362 (VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware ...)
+ TODO: check
+CVE-2008-1361 (VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware ...)
+ TODO: check
CVE-2008-1359 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB ...)
NOT-FOR-US: Invision Power Board
CVE-2008-1358 (Sack-based buffer overflow in the IMAP server in Alt-N Technologies ...)
@@ -112,14 +308,14 @@
NOT-FOR-US: MyioSoft EasyCalendar
CVE-2008-1344 (Multiple SQL injection vulnerabilities in MyioSoft EasyCalendar 4.0tr ...)
NOT-FOR-US: MyioSoft EasyCalendar
-CVE-2008-1343 (Directory traversal vulnerability in pkgadd and pkgrm in SCO UnixWare ...)
+CVE-2008-1343 (Directory traversal vulnerability in (1) pkgadd and (2) pkgrm in SCO ...)
NOT-FOR-US: SCO Unixware
CVE-2008-1342 (Multiple cross-site scripting (XSS) vulnerabilities in the search ...)
NOT-FOR-US: Polymita BPM-Suite and CollagePortal
CVE-2008-1341 (SQL injection vulnerability in SearchResults.aspx in LaGarde ...)
NOT-FOR-US: LaGarde StoreFront
-CVE-2008-1340
- RESERVED
+CVE-2008-1340 (Virtual Machine Communication Interface (VMCI) in VMware Workstation ...)
+ TODO: check
CVE-2008-1339
RESERVED
CVE-2008-1338 (The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and ...)
@@ -132,14 +328,12 @@
NOT-FOR-US: NetBSD
CVE-2008-1334 (cgi/b on the BT Home Hub router allows remote attackers to bypass ...)
NOT-FOR-US: BT Home Hub router
-CVE-2008-1333 [AST-2008-004: Format String Vulnerability in Logger and Manager]
- RESERVED
+CVE-2008-1333 (Format string vulnerability in Asterisk Open Source 1.6.x before ...)
{DSA-1525-1}
- asterisk 1:1.4.18.1~dfsg-1 (medium)
NOTE: Etch's release is unimportant, since not exploitable, but was fixed anyway
[sarge] - asterisk <not-affected> (Only 1.6.x affected)
-CVE-2008-1332 [AST-2008-003: Unauthenticated calls allowed from SIP channel driver]
- RESERVED
+CVE-2008-1332 (Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, ...)
{DSA-1525-1}
- asterisk 1:1.4.18.1~dfsg-1 (medium)
CVE-2008-1331
@@ -215,14 +409,13 @@
NOT-FOR-US: EncapsGallery
CVE-2008-1295 (SQL injection vulnerability in archives.php in Gregory Kokanosky (aka ...)
NOT-FOR-US: phpMyNewsletter
-CVE-2008-1292
- RESERVED
-CVE-2008-1291
- RESERVED
-CVE-2008-1290
- RESERVED
-CVE-2008-1289 [AST-2008-002: Two buffer overflows in RTP Codec Payload Handling]
- RESERVED
+CVE-2008-1292 (ViewVC before 1.0.5 provides revision metadata without properly ...)
+ TODO: check
+CVE-2008-1291 (ViewVC before 1.0.5 stores sensitive information under the web root ...)
+ TODO: check
+CVE-2008-1290 (ViewVC before 1.0.5 includes "all-forbidden" files within search ...)
+ TODO: check
+CVE-2008-1289 (Multiple buffer overflows in Asterisk Open Source 1.4.x before ...)
- asterisk 1:1.4.18.1~dfsg-1 (medium)
[etch] - asterisk <not-affected> (Only 1.4.x and above affected)
[sarge] - asterisk <not-affected> (Only 1.4.x and above affected)
@@ -236,7 +429,7 @@
NOT-FOR-US: Cisco Linksys
CVE-2008-1360 (Cross-site scripting (XSS) vulnerability in Nagios before 2.11 allows ...)
- nagios2 2.11-1 (low)
-CVE-2008-1417 [tmp race in axyl leading to symlink attack]
+CVE-2008-1417 (The prerm script in axyl 2.1.7 allows local users to overwrite ...)
- axyl 2.2.0 (low; bug #471227)
[sarge] - axyl <not-affected> (Vulnerable code not present)
[etch] - axyl <not-affected> (Vulnerable code not present)
@@ -274,7 +467,7 @@
NOT-FOR-US: MailEnable
CVE-2008-1275 (Multiple unspecified vulnerabilities in the SMTP service in MailEnable ...)
NOT-FOR-US: MailEnable
-CVE-2008-1274 (Untrusted search path vulnerability in man in IBM AIX 6.1.0 invokes ...)
+CVE-2008-1274 (Untrusted search path vulnerability in man in IBM AIX 6.1.0 allows ...)
NOT-FOR-US: IBM AIX
CVE-2008-1273 (Multiple cross-site scripting (XSS) vulnerabilities in imageVue 1.7 ...)
NOT-FOR-US: imageVue
@@ -422,8 +615,8 @@
NOT-FOR-US: Adobe ColdFusion
CVE-2008-1202 (Cross-site scripting (XSS) vulnerability in the web management ...)
NOT-FOR-US: Adobe LiveCycle Workflow
-CVE-2008-1201
- RESERVED
+CVE-2008-1201 (Multiple unspecified vulnerabilities in FLA file parsing in Adobe ...)
+ TODO: check
CVE-2008-1200 (Unspecified vulnerability in Microsoft Access allows remote ...)
NOT-FOR-US: Microsoft Access
CVE-2008-1198 (The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 ...)
@@ -526,8 +719,8 @@
NOT-FOR-US: phpwebscript
CVE-2008-1161 (Buffer overflow in the Matroska demuxer (demuxers/demux_matroska.c) in ...)
- xine-lib 1.1.10.1-1 (medium)
-CVE-2008-1160
- RESERVED
+CVE-2008-1160 (ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra ...)
+ TODO: check
CVE-2008-1159
RESERVED
CVE-2008-1158
@@ -905,8 +1098,8 @@
RESERVED
CVE-2008-1013
RESERVED
-CVE-2008-1012
- RESERVED
+CVE-2008-1012 (Unspecified vulnerability in Apple AirPort Extreme Base Station ...)
+ TODO: check
CVE-2008-1011 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple ...)
NOT-FOR-US: Safari (Mac OS X)
CVE-2008-1010 (Buffer overflow in WebKit, as used in Apple Safari before 3.1, allows ...)
@@ -1031,8 +1224,8 @@
RESERVED
CVE-2008-0952
RESERVED
-CVE-2008-0951
- RESERVED
+CVE-2008-0951 (Microsoft Windows Vista does not properly enforce the ...)
+ TODO: check
CVE-2008-0950
RESERVED
CVE-2008-0949 (Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 7.x ...)
@@ -1161,8 +1354,8 @@
RESERVED
CVE-2008-0890 (Red Hat Directory Server 7.1 before SP4 uses insecure permissions for ...)
NOT-FOR-US: Red Hat Directory Server
-CVE-2008-0889
- RESERVED
+CVE-2008-0889 (Red Hat Directory Server 8.0, when running on Red Hat Enterprise ...)
+ TODO: check
CVE-2008-0888 (The NEEDBITS macro in the inflate_dynamic function in inflate.c for ...)
{DSA-1522-1}
- unzip 5.52-11
@@ -1558,8 +1751,8 @@
RESERVED
CVE-2008-0708
RESERVED
-CVE-2008-0707
- RESERVED
+CVE-2008-0707 (HP StorageWorks Library and Tape Tools (LTT) before 4.5 SR1 on HP-UX ...)
+ TODO: check
CVE-2008-0706
RESERVED
CVE-2008-0705
@@ -2844,8 +3037,8 @@
RESERVED
CVE-2008-0165
RESERVED
-CVE-2008-0164
- RESERVED
+CVE-2008-0164 (Multiple cross-site request forgery (CSRF) vulnerabilities in Plone ...)
+ TODO: check
CVE-2008-0163 (Linux kernel 2.6, when using vservers, allows local users to access ...)
{DSA-1494-1}
- linux-2.6 <unfixed> (high)
@@ -2954,8 +3147,8 @@
NOT-FOR-US: McAfee E-Business Server
CVE-2008-0126
RESERVED
-CVE-2008-0125
- RESERVED
+CVE-2008-0125 (Cross-site scripting (XSS) vulnerability in phpstats.php in Michael ...)
+ TODO: check
CVE-2008-0124 (Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before ...)
{DSA-1528-1}
- serendipity 1.3~b1-1 (low; bug #469667)
@@ -3088,8 +3281,7 @@
NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-0074 (Unspecified vulnerability in Microsoft Internet Information Services ...)
NOT-FOR-US: Microsoft Internet Explorer
-CVE-2008-0073 [Array indexing vulnerability in Real SDP parsing]
- RESERVED
+CVE-2008-0073 (Array index error in the sdpplin_parse function in ...)
- xine-lib 1.1.11-1 (medium)
NOTE: http://bugs.xine-project.org/show_bug.cgi?id=58
CVE-2008-0072 (Format string vulnerability in the emf_multipart_encrypted function in ...)
@@ -3112,12 +3304,10 @@
NOT-FOR-US: Winamp
CVE-2008-0064 (Stack-based buffer overflow in Pierre-emmanuel Gougelet (1) XnView ...)
NOT-FOR-US: XnView, nconvert GFL SDK for Windows
-CVE-2008-0063
- RESERVED
+CVE-2008-0063 (The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not ...)
{DSA-1524-1}
- krb5 1.6.dfsg.3~beta1-4 (medium)
-CVE-2008-0062
- RESERVED
+CVE-2008-0062 (KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for ...)
{DSA-1524-1}
- krb5 1.6.dfsg.3~beta1-4 (high)
CVE-2008-0060 (Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote ...)
@@ -3146,7 +3336,7 @@
NOT-FOR-US: Apple Mac OS X
CVE-2008-0048 (Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows ...)
NOT-FOR-US: Apple Mac OS X
-CVE-2008-0047 (Heap-based buffer overflow in CUPS in Apple Mac OS X 10.5.2, when ...)
+CVE-2008-0047 (Heap-based buffer overflow in the cgiCompileSearch function in CUPS ...)
- cupsys 1.3.6-3 (medium; bug #472105)
[sarge] - cupsys <not-affected> (Vulnerable code not present)
CVE-2008-0046 (The Application Firewall in Apple Mac OS X 10.5.2 has an incorrect ...)
@@ -4200,8 +4390,8 @@
RESERVED
CVE-2007-6255
RESERVED
-CVE-2007-6254
- RESERVED
+CVE-2007-6254 (Stack-based buffer overflow in the SAP Business Objects ...)
+ TODO: check
CVE-2007-6253 (Multiple buffer overflows in Adobe Form Designer 5.0 and Form Client ...)
NOT-FOR-US: Adobe Form Designer
CVE-2007-6252 (Multiple stack-based buffer overflows in the Learn2 Corporation ...)
@@ -9178,8 +9368,8 @@
NOT-FOR-US: Entrust Entelligence Security Provider
CVE-2007-4593 (Unspecified vulnerability in vstor2-ws60.sys in VMWare Workstation 6.0 ...)
NOT-FOR-US: VMWare Workstation
-CVE-2007-4592
- RESERVED
+CVE-2007-4592 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
+ TODO: check
CVE-2007-4591 (vstor-ws60.sys in VMWare Workstation 6.0 allows local users to cause a ...)
NOT-FOR-US: VMWare Workstation
CVE-2007-4590 (The get_system_info command in Ignite-UX C.7.0 through C.7.3, and ...)
@@ -18340,6 +18530,7 @@
- php4 6:4.4.4-9
[etch] - php4 6:4.4.4-8+etch1
CVE-2007-0908 (The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and ...)
+ {DSA-1264-1}
- php5 5.2.0-9 (unimportant)
[etch] - php5 5.2.0-8+etch1
- php4 6:4.4.4-9 (unimportant)
@@ -34613,7 +34804,6 @@
CVE-2006-0909 (Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers ...)
NOT-FOR-US: Invision Power Board
CVE-2006-0908 (PHP-Nuke 7.8 Patched 3.2 allows remote attackers to bypass SQL ...)
- {DSA-1264-1}
NOT-FOR-US: PHP-Nuke
CVE-2006-0907 (SQL injection vulnerability in PHP-Nuke before 7.8 Patched 3.2 allows ...)
NOT-FOR-US: PHP-Nuke
More information about the Secure-testing-commits
mailing list