[Secure-testing-commits] r10547 - in data: . CVE DSA
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Sun Nov 30 01:13:50 UTC 2008
Author: jmm-guest
Date: 2008-11-30 01:13:50 +0000 (Sun, 30 Nov 2008)
New Revision: 10547
Modified:
data/CVE/list
data/DSA/list
data/spu-candidates.txt
Log:
* add one CVD ID to horde3 DSA
* bugzilla <no-dsa>
* add a TODO a <confirmed> tag
* document glibc stub resolver situation
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-11-30 00:21:54 UTC (rev 10546)
+++ data/CVE/list 2008-11-30 01:13:50 UTC (rev 10547)
@@ -1828,6 +1828,7 @@
CVE-2008-4437 (Directory traversal vulnerability in importxml.pl in Bugzilla before ...)
{DTSA-170-1}
- bugzilla 3.0.5.0-1 (low; bug #502019)
+ [etch] - bugzilla <no-dsa> (Minor issue)
CVE-2008-4436 (SQL injection vulnerability in bblog_plugins/builtin.help.php in bBlog ...)
NOT-FOR-US: bBlog
CVE-2008-4435 (Multiple cross-site scripting (XSS) vulnerabilities in the RMSOFT ...)
@@ -4921,6 +4922,7 @@
- horde3 3.2.1+debian0-1 (low; bug #492578)
- turba2 2.2.1-1 (low)
[etch] - turba2 <not-affected> (only version 2.2 contains vulnerable code, etch has 2.1)
+ TODO: <confirm> tag
CVE-2008-3325 (Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before ...)
- moodle 1.8.1-1 (low)
NOTE: http://moodle.org/mod/forum/discuss.php?d=101405
@@ -8992,7 +8994,7 @@
CVE-2008-1447 (The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, ...)
{DSA-1623-1 DSA-1619-1 DSA-1617-1 DSA-1603-1 DTSA-147-1}
- bind9 1:9.5.0.dfsg-5 (high)
- - glibc <unfixed> (low)
+ NOTE: glibc stub resolver relies on source port randomisation in kernel
- dnsmasq 2.43-1 (medium; bug #490123)
- pdnsd 1.2.6-par-11 (bug #502275)
- python-dns 2.3.1-5 (low; bug #490217)
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2008-11-30 00:21:54 UTC (rev 10546)
+++ data/DSA/list 2008-11-30 01:13:50 UTC (rev 10547)
@@ -94,7 +94,7 @@
{CVE-2008-4440}
[etch] - feta 1.4.15+etch1
[20 Sep 2008] DSA-1642-1 horde3 - cross site scripting
- {CVE-2008-3823}
+ {CVE-2008-3823 CVE-2008-3824}
[etch] - horde3 3.1.3-4etch4
[20 Sep 2008] DSA-1641-1 phpmyadmin - several issues
{CVE-2008-3197 CVE-2008-3456 CVE-2008-3457 CVE-2008-4096}
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2008-11-30 00:21:54 UTC (rev 10546)
+++ data/spu-candidates.txt 2008-11-30 01:13:50 UTC (rev 10547)
@@ -61,6 +61,9 @@
#480190
notified maintainer
+CVE-2008-4437
+#502019
+
--
byacc (CVE-2008-3196)
More information about the Secure-testing-commits
mailing list