[Secure-testing-commits] r9995 - in data: . CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Sat Oct 4 21:04:01 UTC 2008
Author: jmm-guest
Date: 2008-10-04 21:03:59 +0000 (Sat, 04 Oct 2008)
New Revision: 9995
Modified:
data/CVE/list
data/spu-candidates.txt
Log:
more no-dsa
sql-ledger not fully supported in Etch/Lenny
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-10-04 20:51:05 UTC (rev 9994)
+++ data/CVE/list 2008-10-04 21:03:59 UTC (rev 9995)
@@ -295,6 +295,7 @@
CVE-2008-4297 (Mercurial before 1.0.2 does not enforce the allowpull permission ...)
- mercurial 1.0.1-5.1 (low; bug #500781)
NOTE: the package doesnt install this script by default but ships it with the examples
+ [etch] - mercurial <no-dsa> (Only shipped in examples)
CVE-2008-4296 (The Cisco Linksys WRT350N with firmware 1.0.3.7 has "admin" as its ...)
NOT-FOR-US: Cisco Linksys WRT350N
CVE-2008-4295 (Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices ...)
@@ -773,9 +774,12 @@
CVE-2008-4079 (Cross-site scripting (XSS) vulnerability in Movable Type (MT) 4.x ...)
- movabletype-opensource 4.2~rc5-1 (low; bug #499252)
CVE-2008-4078 (SQL injection vulnerability in the AR/AP transaction report in (1) ...)
- - sql-ledger <unfixed>
+ - sql-ledger <unfixed> (unimportant)
+ NOTE: Only supported behind an authenticated HTTP zone
+ TODO: File bug
CVE-2008-4077 (The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) ...)
- - sql-ledger <unfixed>
+ - sql-ledger <unfixed> (unimportant)
+ NOTE: Only supported behind an authenticated HTTP zone
CVE-2008-4076 (Cross-site scripting (XSS) vulnerability in (1) Tor World Tor Board ...)
NOT-FOR-US: Tor World Software
CVE-2008-4075 (Directory traversal vulnerability in index.php in D-iscussion Board ...)
@@ -1557,6 +1561,7 @@
[etch] - lmbench <no-dsa> (Non-free not supported)
CVE-2008-XXXX [newsgate: insecure temp files]
- newsgate <removed> (low; bug #496437)
+ [etch] - newsgate <no-dsa> (Non-free not supported)
CVE-2008-XXXX [myspell: insecure temp files]
- myspell 1:3.0+pre3.1-21 (low; bug #496392)
[etch] - myspell <no-dsa> (Minor issue)
@@ -1568,7 +1573,8 @@
- samba 2:3.2.3-1 (bug #496073; medium)
[etch] - samba <not-affected> (Only affects Samba 3.2.x)
CVE-2008-XXXX [insecure temp file in nvi]
- - nvi 1.81.6-4 (low)
+ - nvi 1.81.6-4 (low; bug #496462)
+ [etch] - nvi <no-dsa> (Minor issue, only exploitable in postinst)
CVE-2008-XXXX [rkhunter: insecure temp file]
- rkhunter 1.3.2-6 (low; bug #496375)
[etch] - rkhunter <no-dsa> (Minor issue, only in debug mode)
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2008-10-04 20:51:05 UTC (rev 9994)
+++ data/spu-candidates.txt 2008-10-04 21:03:59 UTC (rev 9995)
@@ -244,6 +244,11 @@
--
+mercurial (CVE-2008-4297)
+#500781
+
+--
+
mgetty
#496403
notified maintainer
@@ -284,6 +289,11 @@
--
+nvi
+#496462
+
+--
+
paramiko (CVE-2008-0299)
#460706
notified maintainer
More information about the Secure-testing-commits
mailing list