[Secure-testing-commits] r10383 - data/CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Thu Nov 13 10:28:39 UTC 2008
Author: jmm-guest
Date: 2008-11-13 10:28:38 +0000 (Thu, 13 Nov 2008)
New Revision: 10383
Modified:
data/CVE/list
Log:
- three new typo3 issues (fixed in unstable)
- new websvn issues (fixed in unstable)
- clamav CVEfied
- python2.5 fixed in unstable
- PHP randomness issues need to be revisited for Etch
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-11-12 22:33:30 UTC (rev 10382)
+++ data/CVE/list 2008-11-13 10:28:38 UTC (rev 10383)
@@ -1,3 +1,12 @@
+CVE-2008-XXXX [typo3: XSS vulnerability in Typo3 backendmodul "fileadmin"]
+ - typo3-src 4.2.3-1 (bug #505324)
+CVE-2008-XXXX [typo3: XSS vulnerability in Typo3 sysext "felogin"]
+ - typo3-src 4.2.3-1 (bug #505325)
+CVE-2008-XXXX [typo3: passwords are not changeable bug in the backend]
+ - typo3-src 4.2.3-1 (bug #505326)
+CVE-2008-XXXX [websvn Cross Site Scripting and Directory Traversal]
+ - websvn 2.0-4 (bug #503330)
+ NOTE: http://www.gulftech.org/?node=research&article_id=00132-10202008
CVE-2008-5034 (** DISPUTED ** ...)
TODO: check
CVE-2008-5033 (The chip_command function in drivers/media/video/tvaudio.c in the ...)
@@ -84,8 +93,8 @@
- initramfs-tools <unfixed> (unimportant; bug #496386)
CVE-2008-4992 (The SPARC hypervisor in Sun System Firmware 6.6.3 through 6.6.5 and ...)
NOT-FOR-US: Sun System Firmware
-CVE-2008-XXXX [ClamAV get_unicode_name() off-by-one buffer overflow]
- - clamav 0.94.dfsg.1-1~volatile1 (bug #505134)
+CVE-2008-5050 [ClamAV get_unicode_name() off-by-one buffer overflow]
+ - clamav 0.94.dfsg.1-1 (bug #505134)
CVE-2008-4991 (SQL injection vulnerability in LOCKON CO.,LTD. EC-CUBE 2.3.0 and ...)
NOT-FOR-US: LOCKON CO.,LTD. EC-CUBE
CVE-2008-XXXX [yzis insecure temp file]
@@ -310,7 +319,7 @@
CVE-2008-4865 (Untrusted search path vulnerability in valgrind allows local users to ...)
TODO: check
CVE-2008-4864 (Multiple integer overflows in imageop.c in the imageop module in ...)
- - python2.5 <unfixed> (bug #504619)
+ - python2.5 2.5.2-12 (bug #504619)
- python2.4 <unfixed> (bug #504620)
CVE-2008-4863 (Untrusted search path vulnerability in BPY_interface in Blender 2.46 ...)
- blender 2.46+dfsg-5 (bug #503632)
@@ -6868,13 +6877,9 @@
NOTE: totally different approach to fix the bug, see Kurts comments in the bug report
CVE-2008-2108 (The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, ...)
- php5 5.2.2-1 (low)
- [etch] - php4 <not-affected> (Vulnerable code not present)
- [etch] - php5 <not-affected> (Vulnerable code not present)
NOTE: http://www.sektioneins.de/advisories/SE-2008-02.txt
CVE-2008-2107 (The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, ...)
- php5 5.2.2-1 (low)
- [etch] - php4 <not-affected> (Vulnerable code not present)
- [etch] - php5 <not-affected> (Vulnerable code not present)
NOTE: closely related to CVE-2008-2108
CVE-2008-2106 (Call of Duty 4 (CoD4) 1.5 and earlier allows remote authenticated ...)
NOT-FOR-US: Call of Duty
More information about the Secure-testing-commits
mailing list