[Secure-testing-commits] r9996 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Sat Oct 4 21:14:18 UTC 2008
Author: joeyh
Date: 2008-10-04 21:14:16 +0000 (Sat, 04 Oct 2008)
New Revision: 9996
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-10-04 21:03:59 UTC (rev 9995)
+++ data/CVE/list 2008-10-04 21:14:16 UTC (rev 9996)
@@ -295,7 +295,7 @@
CVE-2008-4297 (Mercurial before 1.0.2 does not enforce the allowpull permission ...)
- mercurial 1.0.1-5.1 (low; bug #500781)
NOTE: the package doesnt install this script by default but ships it with the examples
- [etch] - mercurial <no-dsa> (Only shipped in examples)
+ [etch] - mercurial <no-dsa> (Only shipped in examples)
CVE-2008-4296 (The Cisco Linksys WRT350N with firmware 1.0.3.7 has "admin" as its ...)
NOT-FOR-US: Cisco Linksys WRT350N
CVE-2008-4295 (Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices ...)
@@ -711,7 +711,7 @@
NOT-FOR-US: Microsoft Windows
CVE-2008-4113 (The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the ...)
- linux-2.6 2.6.26-5
- [etch] - linux-2.6 <not-affected> (Vulnerable code not present)
+ [etch] - linux-2.6 <not-affected> (Vulnerable code not present)
[etch] - linux-2.6.24 <unfixed>
CVE-2008-4112
REJECTED
@@ -775,11 +775,11 @@
- movabletype-opensource 4.2~rc5-1 (low; bug #499252)
CVE-2008-4078 (SQL injection vulnerability in the AR/AP transaction report in (1) ...)
- sql-ledger <unfixed> (unimportant)
- NOTE: Only supported behind an authenticated HTTP zone
- TODO: File bug
+ NOTE: Only supported behind an authenticated HTTP zone
+ TODO: File bug
CVE-2008-4077 (The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) ...)
- sql-ledger <unfixed> (unimportant)
- NOTE: Only supported behind an authenticated HTTP zone
+ NOTE: Only supported behind an authenticated HTTP zone
CVE-2008-4076 (Cross-site scripting (XSS) vulnerability in (1) Tor World Tor Board ...)
NOT-FOR-US: Tor World Software
CVE-2008-4075 (Directory traversal vulnerability in index.php in D-iscussion Board ...)
@@ -1131,7 +1131,7 @@
NOT-FOR-US: Ovidentia
CVE-2008-3916 (Heap-based buffer overflow in the strip_escapes function in signal.c ...)
- ed 0.7-2 (low)
- [etch] - ed <no-dsa> (Minor issue)
+ [etch] - ed <no-dsa> (Minor issue)
CVE-2008-3915 (Buffer overflow in nfsd in the Linux kernel before 2.6.26.4, when ...)
{DSA-1636-1}
- linux-2.6 2.6.26-5
@@ -1561,7 +1561,7 @@
[etch] - lmbench <no-dsa> (Non-free not supported)
CVE-2008-XXXX [newsgate: insecure temp files]
- newsgate <removed> (low; bug #496437)
- [etch] - newsgate <no-dsa> (Non-free not supported)
+ [etch] - newsgate <no-dsa> (Non-free not supported)
CVE-2008-XXXX [myspell: insecure temp files]
- myspell 1:3.0+pre3.1-21 (low; bug #496392)
[etch] - myspell <no-dsa> (Minor issue)
@@ -1574,7 +1574,7 @@
[etch] - samba <not-affected> (Only affects Samba 3.2.x)
CVE-2008-XXXX [insecure temp file in nvi]
- nvi 1.81.6-4 (low; bug #496462)
- [etch] - nvi <no-dsa> (Minor issue, only exploitable in postinst)
+ [etch] - nvi <no-dsa> (Minor issue, only exploitable in postinst)
CVE-2008-XXXX [rkhunter: insecure temp file]
- rkhunter 1.3.2-6 (low; bug #496375)
[etch] - rkhunter <no-dsa> (Minor issue, only in debug mode)
@@ -2154,7 +2154,7 @@
CVE-2008-3535 (Off-by-one error in the iov_iter_advance function in mm/filemap.c in ...)
{DSA-1636-1}
- linux-2.6 2.6.26-2
- [etch] - linux-2.6 <not-affected> (Vulnerable code not present)
+ [etch] - linux-2.6 <not-affected> (Vulnerable code not present)
- linux-2.6.24 2.6.24-6~etchnhalf.5
NOTE: 94ad374a0751f40d25e22e036c37f7263569d24c
NOTE: Fixed in 2.6.25.14 and 2.6.26.1
@@ -2162,7 +2162,7 @@
{DSA-1636-1}
- linux-2.6.24 2.6.24-6~etchnhalf.5
- linux-2.6 2.6.26-2
- [etch] - linux-2.6 <not-affected> (Vulnerable code not present)
+ [etch] - linux-2.6 <not-affected> (Vulnerable code not present)
NOTE: 14fcc23fdc78e9d32372553ccf21758a9bd56fa1
NOTE: Fixed in 2.6.25.14 and 2.6.26.1
CVE-2008-3533 (Format string vulnerability in the window_error function in ...)
@@ -2616,7 +2616,7 @@
- mantis 1.1.2+dfsg-2
CVE-2008-3329 (Unspecified vulnerability in Links before 2.1, when "only proxies" is ...)
- links2 2.1pre37-1.1 (low; bug #492744)
- [etch] - links2 <no-dsa> (Minor information leak)
+ [etch] - links2 <no-dsa> (Minor information leak)
CVE-2008-3328 (Cross-site scripting (XSS) vulnerability in the wiki engine in Trac ...)
- trac 0.11-1
CVE-2008-3324 (The PartyGaming PartyPoker client program 121/120 does not properly ...)
@@ -2833,7 +2833,7 @@
CVE-2008-3230 (The ffmpeg lavf demuxer allows user-assisted attackers to cause a ...)
- ffmpeg-debian <unfixed> (unimportant; bug #498764)
- ffmpeg <removed>
- NOTE: Only a NULL pointer deference, hardly security relevant
+ NOTE: Only a NULL pointer deference, hardly security relevant
CVE-2008-3228 (Joomla! before 1.5.4 does not configure .htaccess to apply certain ...)
- joomla <itp> (bug #326398)
CVE-2008-3227 (Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact ...)
More information about the Secure-testing-commits
mailing list