[Secure-testing-commits] r9856 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Sat Sep 20 21:14:14 UTC 2008
Author: joeyh
Date: 2008-09-20 21:14:11 +0000 (Sat, 20 Sep 2008)
New Revision: 9856
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-09-20 13:21:38 UTC (rev 9855)
+++ data/CVE/list 2008-09-20 21:14:11 UTC (rev 9856)
@@ -200,6 +200,7 @@
- python-dns 2.3.1-5 (low; bug #490217)
CVE-2008-4096 [phpmyadmin code execution PMASA-2008-7]
RESERVED
+ {DSA-1641-1}
- phpmyadmin 4:2.11.8.1-2 (medium)
CVE-2008-XXXX [unsafe use of tempfile in ssmclient]
- smsclient <unfixed> (unimportant; bug #498901)
@@ -462,6 +463,7 @@
CVE-2008-3904 (src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop ...)
- gpicview 0.1.9-2 (low; bug #498022)
CVE-2008-3909 (The administration application in Django 0.91, 0.95, and 0.96 stores ...)
+ {DSA-1640-1}
- python-django 1.0-1
NOTE: http://www.djangoproject.com/weblog/2008/sep/02/security/
CVE-2008-3910 (dns2tcp before 0.4.1 does not properly handle negative values in a ...)
@@ -655,7 +657,7 @@
{DTSA-165-1}
- horde3 <unfixed>
CVE-2008-3823 (Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in ...)
- {DTSA-165-1}
+ {DSA-1642-1 DTSA-165-1}
- horde3 <unfixed>
CVE-2008-3822
RESERVED
@@ -1566,6 +1568,7 @@
CVE-2008-3458 (Vtiger CRM before 5.0.4 stores sensitive information under the web ...)
NOT-FOR-US: Vtiger CRM
CVE-2008-3457 (Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin ...)
+ {DSA-1641-1}
- phpmyadmin 4:2.11.8~rc1-1 (unimportant)
NOTE: if an attacker can write arbitrary content to config/config.php you have way more problems than this XSS
CVE-2008-3455 (PHP remote file inclusion vulnerability in include/admin.php in ...)
@@ -1645,6 +1648,7 @@
- virtualbox-ose <not-affected> (affects only windows host systems)
NOTE: CORE-2008-0716
CVE-2008-3456 (phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from ...)
+ {DSA-1641-1}
- phpmyadmin 4:2.11.8~rc1-1 (low)
NOTE: exploitation circumstances are rare or require other vulnerabilities to be present already. may fix combined with another issue but doesn't warrant DSA on its own
CVE-2008-3547 [openttd remote buffer overflow]
@@ -2166,6 +2170,7 @@
- phpbb3 3.0.2-1 (low)
- phpbb2 <not-affected> (Vulnerable code not present)
CVE-2008-3197 (Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before ...)
+ {DSA-1641-1}
- phpmyadmin 4:2.11.7.1-1 (low)
NOTE: this only allows via csrf to create an empty database.
NOTE: this would take a lot of work to get it only to the 'annoying' level, let alone a DoS
@@ -12193,6 +12198,7 @@
CVE-2007-5713 (Off-by-one error in the GeoIP module in the AMX Mod X 1.76d plugin for ...)
NOT-FOR-US: Half-Life Server
CVE-2007-5712 (The internationalization (i18n) framework in Django 0.91, 0.95, ...)
+ {DSA-1640-1}
- python-django 0.96-1.1 (low; bug #448838)
CVE-2007-5711 (Massive Entertainment World in Conflict 1.001 and earlier allows ...)
NOT-FOR-US: Conflict
More information about the Secure-testing-commits
mailing list