[Secure-testing-commits] r10368 - data/CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Tue Nov 11 23:21:47 UTC 2008
Author: jmm-guest
Date: 2008-11-11 23:21:46 +0000 (Tue, 11 Nov 2008)
New Revision: 10368
Modified:
data/CVE/list
Log:
geshi status update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-11-11 23:19:36 UTC (rev 10367)
+++ data/CVE/list 2008-11-11 23:21:46 UTC (rev 10368)
@@ -200,10 +200,14 @@
- dovecot <not-affected> (Vulnerable code not present prior to 1.1.4)
TODO: check again if >= 1.1.4 gets uploaded
CVE-2008-XXXX [GeSHi: Unspecified Code Execution Vulnerability]
- - geshi 1.0.8.1-1 (bug #504445)
- - dokuwiki 0.0.20080505-3.1 (bug #504682)
- - pgfouine 1.0-1.1 (bug #504681)
- NOTE: This is SA32559, no CVE yet
+ - geshi 1.0.8.1-1 (bug #504445)
+ NOTE: http://comments.gmane.org/gmane.comp.security.oss.general/1152
+ [lenny] - geshi <no-dsa> (Should be sanitised from the app using geshi)
+ [etch] - geshi <no-dsa> (Should be sanitised from the app using geshi)
+ - dokuwiki 0.0.20080505-3.1 (unimportant; bug #504682)
+ NOTE: DokuWiki passes a static string to $path parameter
+ - pgfouine 1.0-1.1 (unimportant; bug #504681)
+ NOTE: pgfouine too does not override default language files path
CVE-2008-6432
REJECTED
CVE-2008-4878 (Unrestricted file upload vulnerability in the "Add Image Macro" ...)
More information about the Secure-testing-commits
mailing list