[Secure-testing-commits] r10518 - in data: . CVE packages
atomo64-guest at alioth.debian.org
atomo64-guest at alioth.debian.org
Sat Nov 29 00:30:08 UTC 2008
Author: atomo64-guest
Date: 2008-11-29 00:30:07 +0000 (Sat, 29 Nov 2008)
New Revision: 10518
Modified:
data/CVE/list
data/embedded-code-copies
data/packages/removed-packages
Log:
axyl is gone
use libphp-cas to track the copies of domxml-php4-php5.php
new minor php5 issue
know about partially-published phpcas issues
/usr/lib/subversion/hook-scripts/commit-email.pl: `/usr/bin/svnlook diff /svn/secure-testing -r 10518' failed with this output:
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-11-29 00:21:43 UTC (rev 10517)
+++ data/CVE/list 2008-11-29 00:30:07 UTC (rev 10518)
@@ -1,3 +1,12 @@
+CVE-2008-XXXX [multiple vulnerabilities in phpcas]
+ - libphp-cas <itp> (bug #495542)
+ - moodle <unfixed>
+ - glpi <unfixed>
+ NOTE: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82
+ NOTE: upstream has been notified
+ TODO: write proper advisory and request CVE id
+CVE-2008-XXXX [php5: inifile handler for the dba functions can be used to truncate a file]
+ - php5 (low; bug #507101)
CVE-2008-5278 [Cross-site scripting (XSS) vulnerability in the RSS Feed Generator]
- wordpress <unfixed> (low; bug #507193)
CVE-2008-XXXX [cups: integer overflow due to incomplete fix for CVE-2008-1722]
Modified: data/embedded-code-copies
===================================================================
More information about the Secure-testing-commits
mailing list