[Secure-testing-commits] r10879 - data/CVE

nion at alioth.debian.org nion at alioth.debian.org
Wed Jan 7 18:34:00 UTC 2009 

Author: nion
Date: 2009-01-07 18:33:59 +0000 (Wed, 07 Jan 2009)
New Revision: 10879

Modified:
   data/CVE/list
Log:
NFU
CVE-2008-584{5,6} fixed in movabletype-opensource 4.2.3-1
CVE-2008-5843 doesn't affect pdfjam in Debian
CVE-2008-5687 fixed in mediawiki 1:1.13.3-1


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-01-07 16:43:32 UTC (rev 10878)
+++ data/CVE/list	2009-01-07 18:33:59 UTC (rev 10879)
@@ -1,15 +1,18 @@
 CVE-2008-5847 (Constructr CMS 3.02.5 and earlier stores passwords in cleartext in a ...)
-	TODO: check
+	NOT-FOR-US: Constructr CMS
 CVE-2008-5846 (Six Apart Movable Type (MT) before 4.23 allows remote authenticated ...)
-	TODO: check
+	- movabletype-opensource 4.2.3-1 (low)
 CVE-2008-5845 (Multiple cross-site scripting (XSS) vulnerabilities in Six Apart ...)
-	TODO: check
+	- movabletype-opensource 4.2.3-1 (low)
 CVE-2008-5844 (PHP 5.2.7 contains an incorrect change to the FILTER_UNSAFE_RAW ...)
-	TODO: check
+	- php5 <not-affected> (vulnerable code introduced in 5.2.7, we have 5.2.6 and 5.2.8 was released in the meantime)
+	[etch] - php4 <not-affected> (vulnerable code introduced in php5 5.2.7)
 CVE-2008-5843 (Multiple untrusted search path vulnerabilities in pdfjam allow local ...)
-	TODO: check
+	- pdfjam <not-affected> (the debian package sets pdflatex and thus dirname can't result in returning .)
+	NOTE: it is also not possible to include a crafted sed or pdflatex executable in the pdflatex call
+	NOTE: as our version uses random names, see #510584
 CVE-2008-5842 (Multiple cross-site scripting (XSS) vulnerabilities in Fujitsu-Siemens ...)
-	TODO: check
+	NOT-FOR-US: Fujitsu-Siemens WebTransactions
 CVE-2004-2761 (The MD5 Message-Digest Algorithm is not collision resistant, which ...)
 	TODO: check
 CVE-2008-XXXX [auctex insecure temp file]
@@ -343,7 +346,8 @@
 	- mediawiki <unfixed> (unimportant)
 	NOTE: Installation path disclosure not treated as a security issue
 CVE-2008-5687 (MediaWiki 1.11 through 1.13.3 does not properly protect against the ...)
-	TODO: check
+	- mediawiki 1:1.13.3-1 (low)
+	NOTE: the CVE id description is wrong, this is fixed in 1.13.3, notified mitre
 CVE-2008-5686 (IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006, when its ...)
 	NOT-FOR-US: IBM Tivoli Provisioning Manager
 CVE-2008-5685 (Sun ScApp firmware 5.18.x, 5.19.x, and 5.20.0 through 5.20.10 on Sun ...)

More information about the Secure-testing-commits mailing list