[Secure-testing-commits] r10551 - in data: . CVE

white at alioth.debian.org white at alioth.debian.org
Sun Nov 30 08:47:08 UTC 2008


Author: white
Date: 2008-11-30 08:47:08 +0000 (Sun, 30 Nov 2008)
New Revision: 10551

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
Mark horde3 XSS with no-dsa; use no-das as well and document dup

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-11-30 08:34:35 UTC (rev 10550)
+++ data/CVE/list	2008-11-30 08:47:08 UTC (rev 10551)
@@ -3908,6 +3908,7 @@
 	- horde3 3.2.1+debian0-1 (low; bug #495332)
 	- turba2 2.2.1-1
 	[etch] - turba2 <not-affected> (Vulnerable code not present)
+	[etch] - horde3 <no-dsa> (Minor issue, dup of CVE-2008-3330)
 	NOTE: this is actually two issues:
 	NOTE: - one a dup of CVE-2008-3330 in horde3
 	NOTE: - another an issue in turba2
@@ -4923,7 +4924,7 @@
 	- horde3 3.2.1+debian0-1 (low; bug #492578)
 	- turba2 2.2.1-1 (low)
 	[etch] - turba2 <not-affected> (only version 2.2 contains vulnerable code, etch has 2.1)
-        TODO: <confirm> tag
+	[etch] - horde3 <no-dsa> (Minor issue)
 CVE-2008-3325 (Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before ...)
 	- moodle 1.8.1-1 (low)
 	NOTE: http://moodle.org/mod/forum/discuss.php?d=101405

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2008-11-30 08:34:35 UTC (rev 10550)
+++ data/spu-candidates.txt	2008-11-30 08:47:08 UTC (rev 10551)
@@ -201,6 +201,11 @@
 
 --
 
+horde3 (CVE-2008-3330)
+#495332
+
+--
+
 hplip (CVE-2008-2940/CVE-2008-2941)
 #499842
 notified maintainer




More information about the Secure-testing-commits mailing list