[Secure-testing-commits] r10156 - data/CVE

joeyh at alioth.debian.org joeyh at alioth.debian.org
Thu Oct 23 21:14:15 UTC 2008


Author: joeyh
Date: 2008-10-23 21:14:14 +0000 (Thu, 23 Oct 2008)
New Revision: 10156

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-10-23 20:06:21 UTC (rev 10155)
+++ data/CVE/list	2008-10-23 21:14:14 UTC (rev 10156)
@@ -1,3 +1,51 @@
+CVE-2008-4702 (Multiple directory traversal vulnerabilities in PhpWebGallery 1.3.4 ...)
+	TODO: check
+CVE-2008-4701 (SQL injection vulnerability in admin.php in Libera CMS 1.12, when ...)
+	TODO: check
+CVE-2008-4700 (SQL injection vulnerability in admin.php in Libera CMS 1.12 and ...)
+	TODO: check
+CVE-2008-4699 (Insecure method vulnerability in the ActiveX control (PAWWeb11.ocx) in ...)
+	TODO: check
+CVE-2008-4698
+	RESERVED
+CVE-2008-4697
+	RESERVED
+CVE-2008-4696
+	RESERVED
+CVE-2008-4695
+	RESERVED
+CVE-2008-4694
+	RESERVED
+CVE-2008-4693 (The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 ...)
+	TODO: check
+CVE-2008-4692 (The Native Managed Provider for .NET component in IBM DB2 8 before ...)
+	TODO: check
+CVE-2008-4691 (Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in ...)
+	TODO: check
+CVE-2008-4690 (lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx ...)
+	TODO: check
+CVE-2008-4689 (Mantis before 1.1.3 does not unset the session cookie during logout, ...)
+	TODO: check
+CVE-2008-4688 (core/string_api.php in Mantis before 1.1.3 does not check the ...)
+	TODO: check
+CVE-2008-4685 (Use-after-free vulnerability in the dissect_q931_cause_ie function in ...)
+	TODO: check
+CVE-2008-4684 (packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly ...)
+	TODO: check
+CVE-2008-4683 (The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL ...)
+	TODO: check
+CVE-2008-4682 (wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to ...)
+	TODO: check
+CVE-2008-4681 (Unspecified vulnerability in the Bluetooth RFCOMM dissector in ...)
+	TODO: check
+CVE-2008-4680 (packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 ...)
+	TODO: check
+CVE-2008-4679 (The Web Services Security component in IBM WebSphere Application ...)
+	TODO: check
+CVE-2008-4678 (The HTTP_Request_Parser method in the HTTP Transport component in IBM ...)
+	TODO: check
+CVE-2008-4677 (autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions ...)
+	TODO: check
 CVE-2008-XXXX [local file inclusion in drupal]
 	- drupal6 <unfixed> (low; bug #503222)
 	- drupal5 <unfixed> (low; bug #503217)
@@ -179,9 +227,9 @@
 	- vlc <not-affected> (bug #502726)
 	NOTE: code in 0.8.6.i-2 does not have this flaw, experimental version (0.9.4 is vulnerable)
 	TODO: check if >= 0.9.4 is uploaded to unstable
-CVE-2008-4686 [integer overflow in ty parsing]
+CVE-2008-4686 (Multiple integer overflows in ty.c in the TY demux plugin (aka the ...)
 	- vlc <unfixed> (medium; bug #503118)
-CVE-2008-4687 [mantis code execution]
+CVE-2008-4687 (manage_proj_page.php in Mantis before 1.1.4 allows remote ...)
 	- mantis 1.1.2+dfsg-7 (medium; bug #502728)
 	NOTE: only registered users can perform this
 CVE-2008-4592 (Directory traversal vulnerability in index.php in Sports Clubs Web ...)
@@ -209,7 +257,7 @@
 	- iceape <not-affected> (Windows-specific)
 CVE-2008-4581 (The Editor in IBM ENOVIA SmarTeam 5 before release 18 SP5, and release ...)
 	NOT-FOR-US: IBM ENOVIA SmarTeam
-CVE-2008-4580 (fence_manual in fence allows local users to modify arbitrary files via ...)
+CVE-2008-4580 (fence_manual, as used in fence 2.02.00-r1 and possibly cman, allows ...)
 	- redhat-cluster <unfixed> (low; bug #496410)
 	[etch] - redhat-cluster <no-dsa> (Minor issue)
 CVE-2008-4579 (The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a) ...)
@@ -568,7 +616,7 @@
 CVE-2008-4406 (A certain Debian patch to the run scripts for sabre (aka xsabre) ...)
 	- sabre 0.2.4b-25 (low; bug #433996)
 	[etch] - sabre <no-dsa> (Game not qualified as multi-user system, thus minor issue)
-CVE-2008-4405 (libvirt 0.3.3 relies on files located under subdirectories of ...)
+CVE-2008-4405 (xend in Xen 3.0.3 does not properly limit the contents of the ...)
 	- xen-3 <unfixed>
 	- xen-unstable <unfixed>
 	TODO: report bug
@@ -5278,7 +5326,7 @@
 	NOT-FOR-US: InstallShield
 CVE-2008-2469
 	RESERVED
-	{DTSA-172-1}
+	{DSA-1659-1 DTSA-172-1}
 	- libspf2 <unfixed> (high)
 CVE-2008-2468 (Multiple buffer overflows in the QIP Server Service (aka qipsrvr.exe) ...)
 	NOT-FOR-US: LANDesk Management Suite




More information about the Secure-testing-commits mailing list