[Secure-testing-commits] r10081 - data/CVE

[nion at alioth.debian.org]

Author: nion
Date: 2008-10-14 11:36:42 +0000 (Tue, 14 Oct 2008)
New Revision: 10081

Modified:
   data/CVE/list
Log:
CVE-2008-3906, CVE-2008-3422 fixed in mono 1.9.1+dfsg-4
CVE-2008-1633 fixed in mondo 1:2.2.7-1


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-10-14 11:31:12 UTC (rev 10080)
+++ data/CVE/list	2008-10-14 11:36:42 UTC (rev 10081)
@@ -1442,7 +1442,7 @@
 	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
 	[etch] - linux-2.6.24 <not-affected> (Vulnerable code not present)
 CVE-2008-3906 (CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows ...)
-	- mono <unfixed> (low; bug #498894)
+	- mono 1.9.1+dfsg-4 (low; bug #498894)
 CVE-2008-3905 (resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 ...)
 	{DSA-1652-1 DSA-1651-1}
 	- ruby1.8 1.8.7.72-1 (bug #498978)
@@ -2729,7 +2729,7 @@
 CVE-2008-3423 (IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to ...)
 	NOT-FOR-US: IBM WebSphere Portal
 CVE-2008-3422 (Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net ...)
-	- mono <unfixed> (low; bug #494406)
+	- mono 1.9.1+dfsg-4 (low; bug #494406)
 	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=413534
 	NOTE: http://n2.nabble.com/-PATCH--HTML-encode-attributes-that-might-need-encoding-td584193.html
 CVE-2004-2760 (sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately ...)
@@ -6860,7 +6860,7 @@
 CVE-2008-1634 (Cross-site scripting (XSS) vulnerability in index.php in JV2 Folder ...)
 	NOT-FOR-US: JV2 Folder Gallery
 CVE-2008-1633 (Unspecified vulnerability in Mondo Rescue before 2.2.5 has unknown ...)
-	- mondo <unfixed> (bug #475221)
+	- mondo 1:2.2.7-1 (bug #475221)
 CVE-2008-1632 (Multiple SQL injection vulnerabilities in CuteFlow 2.10.0 allow remote ...)
 	- cuteflow <itp> (bug #465372)
 CVE-2008-1631 (SQL injection vulnerability in login.php in CuteFlow 1.5.0 and 2.10.0 ...)