[Secure-testing-commits] r10868 - data/CVE
sf at alioth.debian.org
sf at alioth.debian.org
Tue Jan 6 11:26:59 UTC 2009
Author: sf
Date: 2009-01-06 11:26:58 +0000 (Tue, 06 Jan 2009)
New Revision: 10868
Modified:
data/CVE/list
Log:
new: linux, java, mediawiki(unimportant)
some NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-01-06 09:14:11 UTC (rev 10867)
+++ data/CVE/list 2009-01-06 11:26:58 UTC (rev 10868)
@@ -311,7 +311,7 @@
CVE-2008-5695 (wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 ...)
- wordpress <unfixed>
CVE-2008-5694 (PHP remote file inclusion vulnerability in ...)
- TODO: check
+ NOT-FOR-US: Sandbox
CVE-2008-5693 (Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other ...)
NOT-FOR-US: Ipswitch WS_FTP Server Manager
CVE-2008-5692 (Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other ...)
@@ -323,7 +323,8 @@
CVE-2008-5689 (tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through snv_76 ...)
NOT-FOR-US: Solaris
CVE-2008-5688 (MediaWiki 1.8.1 through 1.13.3, when the wgShowExceptionDetails ...)
- TODO: check
+ - mediawiki <unfixed> (unimportant)
+ NOTE: Installation path disclosure not treated as a security issue
CVE-2008-5687 (MediaWiki 1.11 through 1.13.3 does not properly protect against the ...)
TODO: check
CVE-2008-5686 (IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006, when its ...)
@@ -682,9 +683,9 @@
CVE-2008-5551 (The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-5550 (Open redirect vulnerability in console/faces/jsp/login/BeginLogin.jsp ...)
- TODO: check
+ NOT-FOR-US: Sun Java Web Console
CVE-2008-5549 (Unspecified vulnerability in the Sun Java Web Console components in ...)
- TODO: check
+ NOT-FOR-US: Sun Java Web Console
CVE-2008-5548 (VirusBuster 4.5.11.0, when Internet Explorer 6 or 7 is used, allows ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-5547 (HAURI ViRobot 2008.12.4.1499 and possibly 2008.9.12.1375, when ...)
@@ -1050,7 +1051,8 @@
CVE-2008-5396 (Array index error in the (1) torisa.c and (2) dahdi/tor2.c drivers in ...)
- zaptel 1:1.4.11~dfsg-3
CVE-2008-5395 (The parisc_show_stack function in arch/parisc/kernel/traps.c in the ...)
- TODO: check
+ - linux-2.6 <unfixed>
+ - linux-2.6.24 <removed>
CVE-2008-5393 (UPR-Kernel in Ubuntu Privacy Remix (UPR) before 8.04_r1 includes ...)
NOT-FOR-US: Ubuntu Privacy Remix
CVE-2008-5392
@@ -1128,11 +1130,11 @@
CVE-2008-5364 (Stack-based buffer overflow in the getPlus ActiveX control in gp.ocx ...)
NOT-FOR-US: getPlus
CVE-2008-5363 (The ActionScript 2 virtual machine in Adobe Flash Player 10.x before ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash Player
CVE-2008-5362 (The DefineConstantPool action in the ActionScript 2 virtual machine in ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash Player
CVE-2008-5361 (The ActionScript 2 virtual machine in Adobe Flash Player 10.x before ...)
- TODO: check
+ NOT-FOR-US: Adobe Flash Player
CVE-2008-5617 (The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does ...)
- rsyslog 3.18.6-1 (bug #508027)
CVE-2008-5624 (PHP 5 before 5.2.7 does not properly initialize the page_uid and ...)
@@ -1143,49 +1145,93 @@
CVE-2008-5660 (Format string vulnerability in the vinagre_utils_show_error function ...)
- vinagre 0.5.1-2
CVE-2008-5360 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and ...)
- TODO: check
+ - sun-java5 <unfixed> (low; bug #508194)
+ - sun-java6 <unfixed> (low; bug #508195)
+ - openjdk-6 <unfixed> (low; bug #510972)
CVE-2008-5359 (Buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE ...)
- TODO: check
+ - sun-java5 <unfixed> (bug #508194)
+ - sun-java6 <unfixed> (bug #508195)
+ - openjdk-6 <unfixed> (bug #510972)
CVE-2008-5358 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and ...)
- TODO: check
+ - sun-java5 <unfixed> (bug #508194)
+ - sun-java6 <unfixed> (bug #508195)
+ - openjdk-6 <unfixed> (bug #510972)
CVE-2008-5357 (Integer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE ...)
- TODO: check
+ - sun-java5 <unfixed> (bug #508194)
+ - sun-java6 <unfixed> (bug #508195)
+ - openjdk-6 <unfixed> (bug #510972)
CVE-2008-5356 (Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun ...)
- TODO: check
+ - sun-java5 <unfixed> (bug #508194)
+ - sun-java6 <unfixed> (bug #508195)
+ - openjdk-6 <unfixed> (bug #510972)
CVE-2008-5355 (The "Java Update" feature for Java Runtime Environment (JRE) for Sun ...)
- TODO: check
+ - sun-java5 <not-affected> (Java update not used in Debian)
+ - sun-java6 <not-affected> (Java update not used in Debian)
+ - openjdk-6 <not-affected> (Java update not used in Debian)
CVE-2008-5354 (Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun ...)
- TODO: check
+ - sun-java5 <unfixed> (bug #508194)
+ - sun-java6 <unfixed> (bug #508195)
+ - openjdk-6 <unfixed> (bug #510972)
CVE-2008-5353 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun ...)
- TODO: check
+ - sun-java5 <unfixed> (bug #508194)
+ - sun-java6 <unfixed> (bug #508195)
+ - openjdk-6 <unfixed> (bug #510972)
CVE-2008-5352 (Integer overflow in the JAR unpacking utility (unpack200) in the ...)
- TODO: check
+ - sun-java5 <unfixed> (bug #508194)
+ - sun-java6 <unfixed> (bug #508195)
+ - openjdk-6 <unfixed> (bug #510972)
CVE-2008-5351 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and ...)
- TODO: check
+ - sun-java5 <unfixed> (bug #508194)
+ - sun-java6 <unfixed> (bug #508195)
+ - openjdk-6 <unfixed> (bug #510972)
CVE-2008-5350 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun ...)
- TODO: check
+ - sun-java5 <unfixed> (bug #508194)
+ - sun-java6 <unfixed> (bug #508195)
+ - openjdk-6 <unfixed> (bug #510972)
CVE-2008-5349 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun ...)
- TODO: check
+ - sun-java5 <unfixed> (bug #508194)
+ - sun-java6 <unfixed> (bug #508195)
+ - openjdk-6 <unfixed> (bug #510972)
CVE-2008-5348 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun ...)
- TODO: check
+ - sun-java5 <unfixed> (bug #508194)
+ - sun-java6 <unfixed> (bug #508195)
+ - openjdk-6 <unfixed> (bug #510972)
CVE-2008-5347 (Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) ...)
- TODO: check
+ - sun-java5 <unfixed> (bug #508194)
+ - sun-java6 <unfixed> (bug #508195)
+ - openjdk-6 <unfixed> (bug #510972)
CVE-2008-5346 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun ...)
- TODO: check
+ - sun-java5 <unfixed> (bug #508194)
+ - sun-java6 <unfixed> (bug #508195)
+ - openjdk-6 <unfixed> (bug #510972)
CVE-2008-5345 (Unspecified vulnerability in Java Runtime Environment (JRE) with Sun ...)
- TODO: check
+ - sun-java5 <unfixed> (bug #508194)
+ - sun-java6 <unfixed> (bug #508195)
+ - openjdk-6 <unfixed> (bug #510972)
CVE-2008-5344 (Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in ...)
- TODO: check
+ - sun-java5 <unfixed> (bug #508194)
+ - sun-java6 <unfixed> (bug #508195)
+ - openjdk-6 <unfixed> (bug #510972)
CVE-2008-5343 (Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 ...)
- TODO: check
+ - sun-java5 <unfixed> (bug #508194)
+ - sun-java6 <unfixed> (bug #508195)
+ - openjdk-6 <unfixed> (bug #510972)
CVE-2008-5342 (Unspecified vulnerability in the BasicService for Java Web Start (JWS) ...)
- TODO: check
+ - sun-java5 <unfixed> (bug #508194)
+ - sun-java6 <unfixed> (bug #508195)
+ - openjdk-6 <unfixed> (bug #510972)
CVE-2008-5341 (Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in ...)
- TODO: check
+ - sun-java5 <unfixed> (bug #508194)
+ - sun-java6 <unfixed> (bug #508195)
+ - openjdk-6 <unfixed> (bug #510972)
CVE-2008-5340 (Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in ...)
- TODO: check
+ - sun-java5 <unfixed> (bug #508194)
+ - sun-java6 <unfixed> (bug #508195)
+ - openjdk-6 <unfixed> (bug #510972)
CVE-2008-5339 (Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in ...)
- TODO: check
+ - sun-java5 <unfixed> (bug #508194)
+ - sun-java6 <unfixed> (bug #508195)
+ - openjdk-6 <unfixed> (bug #510972)
CVE-2008-5338 (Cross-site scripting (XSS) vulnerability in info.php in Bandwebsite ...)
NOT-FOR-US: Bandwebsite
CVE-2008-5337 (SQL injection vulnerability in lyrics.php in Bandwebsite (aka Bandsite ...)
More information about the Secure-testing-commits
mailing list