[Secure-testing-commits] r11014 - data/CVE

atomo64-guest at alioth.debian.org atomo64-guest at alioth.debian.org
Thu Jan 22 01:00:43 UTC 2009 

Author: atomo64-guest
Date: 2009-01-22 01:00:42 +0000 (Thu, 22 Jan 2009)
New Revision: 11014

Modified:
   data/CVE/list
Log:
websvn issues update


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-01-22 00:19:54 UTC (rev 11013)
+++ data/CVE/list	2009-01-22 01:00:42 UTC (rev 11014)
@@ -3,7 +3,8 @@
 CVE-2009-0241 (Stack-based buffer overflow in the process_path function in ...)
 	TODO: check
 CVE-2009-0240 (listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN ...)
-	TODO: check
+	- websvn <unfixed> (bug #512191)
+	[etch] - websvn <not-affected> (authenthication doesn't exist in that version)
 CVE-2009-0239
 	RESERVED
 CVE-2009-0238
@@ -137,11 +138,8 @@
 CVE-2009-0174 (Stack-based buffer overflow in VUPlayer 2.49 allows remote attackers ...)
 	TODO: check
 CVE-2008-5920 (The create_anchors function in utils.inc in WebSVN 1.x allows remote ...)
-	TODO: check
-CVE-2008-5919 (Directory traversal vulnerability in rss.php in WebSVN 2.0 and ...)
-	TODO: check
-CVE-2008-5918 (Cross-site scripting (XSS) vulnerability in the ...)
-	TODO: check
+	- websvn <not-affected>
+	[etch] - websvn 1.61-21 (bug #503330)
 CVE-2008-5917 (Cross-site scripting (XSS) vulnerability in the XSS filter ...)
 	TODO: check
 CVE-2008-5916 (gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x ...)
@@ -2646,11 +2644,12 @@
 CVE-2008-XXXX [typo3: passwords are not changeable bug in the backend]
 	- typo3-src 4.2.3-1 (bug #505326)
 	[etch] - typo3-src <not-affected> (Typo3 versions below 4.2.x are not affected)
-CVE-2008-XXXX [websvn Cross Site Scripting and Directory Traversal]
+CVE-2008-5919 [websvn Cross Site Scripting and Directory Traversal]
 	- websvn 2.0-4 (bug #503330)
-	[etch] - websvn 1.61-21
-	NOTE: Fixed in etch r6 point update
-	NOTE: http://www.gulftech.org/?node=research&article_id=00132-10202008
+	[etch] - websvn <not-affected> (vulnerable code not present)
+CVE-2008-5918 [websvn Cross Site Scripting and Directory Traversal]
+	- websvn 2.0-4 (bug #503330)
+	[etch] - websvn <not-affected> (vulnerable code not present)
 CVE-2008-5033 (The chip_command function in drivers/media/video/tvaudio.c in the ...)
 	- linux-2.6 2.6.26-11
 	[etch] - linux-2.6.24 <not-affected> (Vulnerable code not present; different ioctls3B)

More information about the Secure-testing-commits mailing list