[Secure-testing-commits] r9878 - data/CVE
stef-guest at alioth.debian.org
stef-guest at alioth.debian.org
Wed Sep 24 21:58:58 UTC 2008
Author: stef-guest
Date: 2008-09-24 21:58:56 +0000 (Wed, 24 Sep 2008)
New Revision: 9878
Modified:
data/CVE/list
Log:
new: phpbb2, php5
already fixed: gallery/gallery2
not affected: bind9, kolab-webadmin
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-09-23 23:11:54 UTC (rev 9877)
+++ data/CVE/list 2008-09-24 21:58:56 UTC (rev 9878)
@@ -47,11 +47,13 @@
CVE-2008-4166 (Integer overflow in the JavaScript engine in Avant Browser 11.7 Build ...)
NOT-FOR-US: Avant Browser
CVE-2008-4165 (admin/user/create_user.php in Kolab Groupware Server 1.0.0 places a ...)
- TODO: check
+ NOT-FOR-US: Kolab Groupware Server 1.0.0
+ NOTE: Debian has kolabd and kolab-webadmin, but neither has the file create_user.php.
+ NOTE: But we have only 0.4 (in etch) and 2.1 (in lenny+sid), maybe 1.0 is different.
CVE-2008-4164 (cron.php in MemHT Portal 3.9.0 and earlier allows remote attackers to ...)
NOT-FOR-US: MemHT Portal
CVE-2008-4163 (Unspecified vulnerability in ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, and ...)
- TODO: check
+ - bind9 <not-affected> (windows specific issue)
CVE-2008-4162 (Open redirect vulnerability in admin/auth.php in NooMS 1.1 allows ...)
NOT-FOR-US: NooMS
CVE-2008-4161 (SQL injection vulnerability in search_inv.php in Assetman 2.5b allows ...)
@@ -117,9 +119,10 @@
CVE-2008-4131 (Multiple unspecified vulnerabilities in Sun Solaris 8 through 10 allow ...)
TODO: check
CVE-2008-4130 (Cross-site scripting (XSS) vulnerability in Gallery 2.x before 2.2.6 ...)
- TODO: check
+ - gallery2 2.2.6-1
CVE-2008-4129 (Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ...)
- TODO: check
+ - gallery 1.5.9-1 (medium)
+ - gallery2 2.2.6-1 (medium)
CVE-2008-4128 (Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP ...)
NOT-FOR-US: Cisco
CVE-2008-4127 (Mshtml.dll in Microsoft Internet Explorer 7 Gold 7.0.5730 and 8 Beta ...)
@@ -127,7 +130,8 @@
CVE-2008-4126 (PyDNS (aka python-dns) before 2.3.1-5 in Debian GNU/Linux does not use ...)
- python-dns 2.3.1-5 (bug #490217)
CVE-2008-4125 (The search function in phpBB 2.x provides a search_id value that leaks ...)
- TODO: check
+ - phpbb2 <unfixed> (bug #500086)
+ TODO: check phpbb3
CVE-2008-4124
RESERVED
CVE-2008-4123
@@ -172,17 +176,17 @@
CVE-2008-4110 (Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in ...)
NOT-FOR-US: Microsoft
CVE-2008-4107 (The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce ...)
- TODO: check
+ - php5 <unfixed> (bug filed)
CVE-2008-4106 (WordPress before 2.6.2 does not properly handle MySQL warnings about ...)
TODO: check
CVE-2008-4105 (JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that ...)
- TODO: check
+ - joomla <itp> (bug #326398)
CVE-2008-4104 (Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 ...)
- TODO: check
+ - joomla <itp> (bug #326398)
CVE-2008-4103 (The mailto (aka com_mailto) component in Joomla! 1.5 before 1.5.7 ...)
- TODO: check
+ - joomla <itp> (bug #326398)
CVE-2008-4102 (Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, ...)
- TODO: check
+ - joomla <itp> (bug #326398)
CVE-2008-4101 (Vim 3.0 through 7.x before 7.2.010 does not properly escape ...)
TODO: check
CVE-2008-4098 (MySQL before 5.0.67 allows local users to bypass certain privilege ...)
@@ -1267,7 +1271,8 @@
RESERVED
- squirrelmail <unfixed> (bug #499942)
CVE-2008-3662 (Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure ...)
- TODO: check
+ - gallery 1.5.9-1
+ - gallery2 2.2.6-1
CVE-2008-3661 (Drupal, probably 5.10 and 6.4, does not set the secure flag for the ...)
TODO: check
CVE-2008-3660 (PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6, when used as a ...)
More information about the Secure-testing-commits
mailing list