[Secure-testing-commits] r10074 - data/CVE

joeyh at alioth.debian.org joeyh at alioth.debian.org
Mon Oct 13 21:14:19 UTC 2008 

Author: joeyh
Date: 2008-10-13 21:14:18 +0000 (Mon, 13 Oct 2008)
New Revision: 10074

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-10-13 20:34:55 UTC (rev 10073)
+++ data/CVE/list	2008-10-13 21:14:18 UTC (rev 10074)
@@ -1,3 +1,13 @@
+CVE-2008-4538
+	RESERVED
+CVE-2008-4537 (Cross-site scripting (XSS) vulnerability in EC-CUBE Ver1 1.4.6 and ...)
+	TODO: check
+CVE-2008-4536 (Cross-site scripting (XSS) vulnerability in EC-CUBE Ver1 1.4.6 and ...)
+	TODO: check
+CVE-2008-4535 (Cross-site scripting (XSS) vulnerability in EC-CUBE Ver2 2.1.2a and ...)
+	TODO: check
+CVE-2008-4534 (SQL injection vulnerability in EC-CUBE Ver2 2.1.2a and earlier, and ...)
+	TODO: check
 CVE-2008-XXXX [chm2pdf: insecure temp file usage]
 	- chm2pdf <unfixed> (low; bug #501959)
 CVE-2008-4533 (Cross-site scripting (XSS) vulnerability in Kantan WEB Server 1.8 and ...)
@@ -545,6 +555,7 @@
 CVE-2008-4303
 	RESERVED
 CVE-2008-4302 (fs/splice.c in the splice subsystem in the Linux kernel before ...)
+	{DSA-1653-1}
 	- linux-2.6 2.6.22-4 (low)
 CVE-2008-4301 (** DISPUTED ** ...)
 	NOT-FOR-US: Microsoft
@@ -727,6 +738,7 @@
 CVE-2008-4211 (Integer signedness error in QuickLook in Mac OS X 10.5.5 allows remote ...)
 	NOT-FOR-US: QuickLook Mac OS X
 CVE-2008-4210 (fs/open.c in the Linux kernel before 2.6.22 does not properly strip ...)
+	{DSA-1653-1}
 	- linux-2.6 2.6.22-1
 	NOTE: easily exploitable but of limited use as the attacker already needs access to a
 	NOTE: directory that is setgid to the group he wants to get privileges for
@@ -1441,6 +1453,7 @@
 CVE-2007-6717 (Buffer overflow in tftp in bos.net.tcp.client in IBM AIX 5.2.0 and ...)
 	NOT-FOR-US: IBM AIX
 CVE-2007-6716 (fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 ...)
+	{DSA-1653-1}
 	- linux-2.6 2.6.23-1
 CVE-2008-3962 (The from_format function in ssmtp.c in ssmtp 2.61 and 2.62, in certain ...)
 	- ssmtp 2.62-1.1 (low; bug #498366)
@@ -1663,6 +1676,7 @@
 CVE-2008-3834 (The dbus_signature_validate function in the D-bus library (libdbus) ...)
 	- dbus <unfixed> (bug #501443)
 CVE-2008-3833 (The generic_file_splice_write function in fs/splice.c in the Linux ...)
+	{DSA-1653-1}
 	TODO: check
 CVE-2008-3832 (A certain Fedora patch for the utrace subsystem in the Linux kernel ...)
 	- linux-2.6 <not-affected> (Fedora-specific patch)
@@ -2492,6 +2506,7 @@
 	- linux-2.6.24 2.6.24-6~etchnhalf.5
 	[etch] - linux-2.6 <not-affected>
 CVE-2008-3525 (The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem ...)
+	{DSA-1653-1}
 	- linux-2.6 2.6.26-7
 	- linux-2.6.24 <unfixed>
 CVE-2008-3524 (rc.sysinit in initscripts before 8.76.3-1 in Fedora 9 allows local ...)
@@ -3028,7 +3043,7 @@
 CVE-2008-3277
 	RESERVED
 CVE-2008-3276 (Integer overflow in the dccp_setsockopt_change function in ...)
-	{DSA-1636-1}
+	{DSA-1653-1 DSA-1636-1}
 	- linux-2.6 2.6.26-4
 	- linux-2.6.24 2.6.24-6~etchnhalf.5
 	[etch] - linux-2.6 <unfixed>
@@ -7128,6 +7143,7 @@
 	[sarge] - otrs <not-affected> (Vulnerable code not present)
 	NOTE: http://packages.qa.debian.org/o/otrs2/news/20080320T211729Z.html
 CVE-2008-1514 (arch/s390/kernel/ptrace.c in Linux kernel 2.6.9, and other versions ...)
+	{DSA-1653-1}
 	- linux-2.6 2.6.26-8
 	NOTE: s390 specific issue, counterpart for x86 not reproducible with 2.6.24 here
 CVE-2008-1513 (SQL injection vulnerability in index.php in Danneo CMS 0.5.1 and ...)

More information about the Secure-testing-commits mailing list