[Secure-testing-commits] r10893 - data/CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Thu Jan 8 20:06:50 UTC 2009
Author: jmm-guest
Date: 2009-01-08 20:06:49 +0000 (Thu, 08 Jan 2009)
New Revision: 10893
Modified:
data/CVE/list
Log:
older ktorrent issues don't affect Etch
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-01-08 10:59:56 UTC (rev 10892)
+++ data/CVE/list 2009-01-08 20:06:49 UTC (rev 10893)
@@ -14,7 +14,7 @@
CVE-2008-5842 (Multiple cross-site scripting (XSS) vulnerabilities in Fujitsu-Siemens ...)
NOT-FOR-US: Fujitsu-Siemens WebTransactions
CVE-2004-2761 (The MD5 Message-Digest Algorithm is not collision resistant, which ...)
- TODO: check
+ NOT-FOR-US: General MD5 weakness, doesn't need to tracked package-wise
CVE-2008-XXXX [auctex insecure temp file]
- auctex 11.83-7.3 (bug #506961)
CVE-2008-5841 (Multiple SQL injection vulnerabilities in iGaming 1.5 and earlier ...)
@@ -1461,7 +1461,7 @@
- mediawiki 1:1.13.3-1 (bug #508869)
CVE-2008-5249 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.0 through ...)
- mediawiki <not-affected> (vulnerable code was introduced in 1.13.0)
- TODO: [experimental] - mediawiki 1:1.13.3-1 (bug #508868)
+ NOTE: Fixed for the 1.13 branch in experimental: 1:1.13.3-1, bug #508868
CVE-2008-5276 (Integer overflow in the ReadRealIndex function in real.c in the Real ...)
- vlc <not-affected> (vulnerable code not present)
NOTE: affected versions are >= 0.9.x (experimental)
@@ -2498,6 +2498,8 @@
CVE-2008-XXXX [ktorrent issues]
- ktorrent2.2 2.2.8.dfsg.1-1 (bug #504178)
- ktorrent 3.1.4+dfsg.1-1
+ [etch] - ktorrent <not-affected> (Doesn't include the web interface)
+ NOTE: CVE requested
CVE-2008-XXXX [epiphany-browser: Python scripts load modules from current directory]
- epiphany-browser 2.22.3-7 (bug #504363; low)
[etch] - epiphany-browser <no-dsa> (Minor issue, only vulnerable when called from certain dir)
More information about the Secure-testing-commits
mailing list