[Secure-testing-commits] r9831 - in data: CVE DSA

[thijs at alioth.debian.org]

Author: thijs
Date: 2008-09-16 06:53:40 +0000 (Tue, 16 Sep 2008)
New Revision: 9831

Modified:
   data/CVE/list
   data/DSA/list
Log:
some new assignments:
phpmyadmin - working on it
adns & python-dns - no action needed
python example - cveified


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-09-15 21:14:15 UTC (rev 9830)
+++ data/CVE/list	2008-09-16 06:53:40 UTC (rev 9831)
@@ -1,7 +1,14 @@
+CVE-2008-4100 [adns predictable transaction id's and source port]
+	- adns <unfixed> (unimportant; bug #492698)
+	NOTE: adns is not supported in untrusted contexts, see BR
+CVE-2008-4099 [pydns predictable transaction id's and source port]
+	- python-dns 2.3.1-5 (low; bug #490217)
+CVE-2008-4096 [phpmyadmin code execution PMASA-2008-7]
+	- phpmyadmin <unfixed> (medium)
 CVE-2008-XXXX [unsafe use of tempfile in ssmclient]
 	- smsclient <unfixed> (unimportant; bug #498901)
 	NOTE: script is not in use and only a suggestion for users
-CVE-2008-XXXX [unsafe use of tempfile in python]
+CVE-2008-4108 [unsafe use of tempfile in python]
 	- python-defaults <unfixed> (unimportant; bug #498899)
 	NOTE: script is an example, which can be used by users
 CVE-2008-4018 (swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2008-09-15 21:14:15 UTC (rev 9830)
+++ data/DSA/list	2008-09-16 06:53:40 UTC (rev 9831)
@@ -58,7 +58,7 @@
 	{CVE-2007-2052 CVE-2007-4965 CVE-2008-1679 CVE-2008-1721 CVE-2008-1887}
 	[etch] - python2.5 2.5-5+etch1
 [27 Jul 2008] DSA-1619-1 python-dns - DNS response spoofing
-	{CVE-2008-1447}
+	{CVE-2008-1447 CVE-2008-4099}
 	[etch] - python-dns 2.3.0-5.2+etch1
 [26 Jul 2008] DSA-1618-1 ruby1.9 - several vulnerabilities
 	{CVE-2008-2376 CVE-2008-2662 CVE-2008-2663 CVE-2008-2664 CVE-2008-2725 CVE-2008-2726}