[Secure-testing-commits] r15644 - in data: . CVE
Raphael Geissert
geissert at alioth.debian.org
Fri Dec 3 01:36:53 UTC 2010
Author: geissert
Date: 2010-12-03 01:36:53 +0000 (Fri, 03 Dec 2010)
New Revision: 15644
Modified:
data/CVE/list
data/embedded-code-copies
Log:
libpam-ssh embeds code from openssh
"new" (months old) hypermail and ocrodjvu issues
We _do_ ship elgg
phpcas issues have all been CVEified and fixed now
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-12-02 21:15:39 UTC (rev 15643)
+++ data/CVE/list 2010-12-03 01:36:53 UTC (rev 15644)
@@ -1,3 +1,8 @@
+CVE-2010-XXXX [ocrodjvu insecure temp files handling]
+ - ocrodjvu <unfixed> (low; bug #598134)
+CVE-2010-XXXX [hypermail XSS]
+ - hypermail <unfixed> (bug #598743)
+ TODO: check
CVE-2010-4366 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
TODO: check
CVE-2010-4365 (SQL injection vulnerability in JE Ajax Event Calendar ...)
@@ -16402,7 +16407,7 @@
CVE-2009-3150 (SQL injection vulnerability in index.php in Multi Website 1.5 allows ...)
NOT-FOR-US: Multi Website
CVE-2009-3149 (Directory traversal vulnerability in _css/js.php in Elgg 1.5, when ...)
- NOT-FOR-US: Elgg
+ - elgg <itp> (bug #526197)
CVE-2009-3148 (Multiple SQL injection vulnerabilities in PortalXP Teacher Edition 1.2 ...)
NOT-FOR-US: PortalXP Teacher Edition
CVE-2009-3147 (Cross-site scripting (XSS) vulnerability in showproduct.php in ...)
@@ -29142,13 +29147,6 @@
- vlc 0.9.8a-1 (low)
[etch] - vlc <not-affected> (vulnerable code not present)
[lenny] - vlc <not-affected> (vulnerable code not present)
-CVE-2008-XXXX [multiple vulnerabilities in phpcas]
- - libphp-cas <itp> (bug #495542)
- - glpi <unfixed> (unimportant)
- NOTE: Only supported behind an authenticated HTTP zone
- NOTE: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495542#82
- NOTE: upstream has been notified
- TODO: write proper advisory and request CVE id
CVE-2008-7068 (The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent ...)
{DTSA-188-1}
- php5 5.2.6.dfsg.1-3 (bug #507101)
Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies 2010-12-02 21:15:39 UTC (rev 15643)
+++ data/embedded-code-copies 2010-12-03 01:36:53 UTC (rev 15644)
@@ -2036,6 +2036,9 @@
mpmath
- sympy <unfixed> (embed; bug #541746)
+openssh
+ - libpam-ssh <unfixed> (embed; bug #598522)
+
curl
- cmake 2.6.0-6 (embed)
NOTE: Might be fixed earlier. Lenny version recorded.
More information about the Secure-testing-commits
mailing list