[Secure-testing-commits] r8658 - data/CVE
Author: nion Date: 2008-05-01 14:15:49 + (Thu, 01 May 2008) New Revision: 8658 Modified: data/CVE/list Log: add wordpress information Modified: data/CVE/list === --- data/CVE/list 2008-05-01 01:38:20 UTC (rev 8657) +++ data/CVE/list 2008-05-01 14:15:49 UTC (rev 8658) @@ -1,6 +1,7 @@ CVE-2008- [privilege escalation in wordpress] - wordpress 2.2.3-1 NOTE: CVE id requested + NOTE: http://trac.wordpress.org/ticket/4748 CVE-2008-2040 [peercast buffer overflow in HTTP::getAuthUserPass] - peercast unfixed (medium; bug #478573) - gnome-peercast removed ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r8659 - in data: CVE DSA
Author: thijs Date: 2008-05-01 17:10:57 + (Thu, 01 May 2008) New Revision: 8659 Modified: data/CVE/list data/DSA/list Log: DSA 1562,3,4 Modified: data/CVE/list === --- data/CVE/list 2008-05-01 14:15:49 UTC (rev 8658) +++ data/CVE/list 2008-05-01 17:10:57 UTC (rev 8659) @@ -2,6 +2,7 @@ - wordpress 2.2.3-1 NOTE: CVE id requested NOTE: http://trac.wordpress.org/ticket/4748 + NOTE: fixed in DSA-1564-1 CVE-2008-2040 [peercast buffer overflow in HTTP::getAuthUserPass] - peercast unfixed (medium; bug #478573) - gnome-peercast removed Modified: data/DSA/list === --- data/DSA/list 2008-05-01 14:15:49 UTC (rev 8658) +++ data/DSA/list 2008-05-01 17:10:57 UTC (rev 8659) @@ -1,3 +1,12 @@ +[01 May 2008] DSA-1564-1 wordpress - several vulnerabilities + {CVE-2007-0540 CVE-2007-3639 CVE-2007-4153 CVE-2007-4154} + [etch] - wordpress 2.0.10-1etch2 +[30 Apr 2008] DSA-1563-1 asterisk - denial of service + {CVE-2008-1897} + [etch] - asterisk 1:1.2.13~dfsg-2etch4 +[28 Apr 2008] DSA-1562-1 iceape - arbitrary code execution + {CVE-2008-1380} + [etch] - iceape 1.0.13~pre080323b-0etch3 [28 Apr 2008] DSA-1561-1 ltsp - information disclosure {CVE-2008-1293} [etch] - ltsp 0.99debian11+etch1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r8660 - data/CVE
Author: dannf Date: 2008-05-01 20:33:30 + (Thu, 01 May 2008) New Revision: 8660 Modified: data/CVE/list Log: updates for DSA-1565-1; my first significant update, please review Modified: data/CVE/list === --- data/CVE/list 2008-05-01 17:10:57 UTC (rev 8659) +++ data/CVE/list 2008-05-01 20:33:30 UTC (rev 8660) @@ -1307,6 +1307,9 @@ RESERVED CVE-2008-1375 RESERVED + {DSA-1565-1} + - linux-2.6 unfixed + [etch] - linux-2.6 2.6.18.dfsg.1-18etch3 CVE-2008-1374 (Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux ...) - cupsys not-affected (Redhat-specific incomplete patch, upstream patch is complete) CVE-2008-1373 (Buffer overflow in the gif_read_lzw in CUPS 1.3.6 allows remote ...) @@ -1502,7 +1505,8 @@ [etch] - axyl not-affected (Vulnerable code not present) CVE-2008-1294 [setrlimit(RLIMIT_CPUINFO) with zero value doesn't inherit properly across children] RESERVED - - linux-2.6 unfixed (bug #419706) + {DSA-1565-1} + [etch] - linux-2.6 2.6.18.dfsg.1-18etch3 (bug #419706) CVE-2008-1318 (Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows ...) - mediawiki 1:1.11.2-1 [etch] - mediawiki not-affected (Versions prior to 1.11 do not include callback feature) @@ -3562,8 +3566,8 @@ {DSA-1510-1} - ghostscript 8.61.dfsg.1-1.1 (medium; bug #468190) CVE-2007-6694 (The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 ...) - {DSA-1503-2 DSA-1504-1 DSA-1503-1} - - linux-2.6 unfixed + {DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1565-1} + [etch] - linux-2.6 2.6.18.dfsg.1-18etch3 CVE-2008- [exempi buffer overflow in GIF ReadHeader() function] - exempi 1.99.7-1 (bug #454297) CVE-2008-0544 (Heap-based buffer overflow in the IMG_LoadLBM_RW function in IMG_lbm.c ...) @@ -5616,8 +5620,10 @@ {DSA-1476-1} - pulseaudio 0.9.9-1 CVE-2008-0007 (Linux kernel before 2.6.22.17, when using certain drivers that ...) - {DSA-1503-2 DSA-1504-1 DSA-1503-1} + {DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1565-1} - linux-2.6 2.6.24-4 + [etch] - linux-2.6 2.6.18.dfsg.1-18etch3 + {DSA-1565-1} CVE-2008-0006 (Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont ...) {DSA-1466-2 DTSA-110-1} - xorg-server 2:1.4.1~git20080105-2 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r8660 failed
The error message was: data/CVE/list: 5622: error: cross reference to DSA-1565-1 appears multiple times Exception exceptions.AttributeError: 'apsw.Connection' object has no attribute 'close' in bound method DB.__del__ of security_db.DB instance at 0x401c ignored make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r8661 - data/DSA
Author: jmm-guest Date: 2008-05-01 20:59:51 + (Thu, 01 May 2008) New Revision: 8661 Modified: data/DSA/list Log: add an entry for DSA/list as well Modified: data/DSA/list === --- data/DSA/list 2008-05-01 20:33:30 UTC (rev 8660) +++ data/DSA/list 2008-05-01 20:59:51 UTC (rev 8661) @@ -1,3 +1,6 @@ +[01 May 2008] DSA-1565-1 linux-2.6 + {CVE-2008-1375 CVE-2008-1294 CVE-2007-6694 CVE-2008-0007} + [etch] - linux-2.6 2.6.18.dfsg.1-18etch3 [01 May 2008] DSA-1564-1 wordpress - several vulnerabilities {CVE-2007-0540 CVE-2007-3639 CVE-2007-4153 CVE-2007-4154} [etch] - wordpress 2.0.10-1etch2 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r8661 failed
The error message was: data/CVE/list: 5622: error: cross reference to DSA-1565-1 appears multiple times Exception exceptions.AttributeError: 'apsw.Connection' object has no attribute 'close' in bound method DB.__del__ of security_db.DB instance at 0x401c ignored make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r8662 - data/CVE
Author: jmm-guest Date: 2008-05-01 21:08:33 + (Thu, 01 May 2008) New Revision: 8662 Modified: data/CVE/list Log: fixups: - each issue should have the status of unstable (which is recorded in CVE/list), so I've added a few linux-2.6 unfixed (We can figure out the fixed versions later on) - there's no need for [etch] lines for issues fixed in DSAs, this information is cross-referenced from DSA/list and the entries are added automatically by a cron job. I've removed the [etch] lines and added an entry to DSA/list Modified: data/CVE/list === --- data/CVE/list 2008-05-01 20:59:51 UTC (rev 8661) +++ data/CVE/list 2008-05-01 21:08:33 UTC (rev 8662) @@ -1309,7 +1309,6 @@ RESERVED {DSA-1565-1} - linux-2.6 unfixed - [etch] - linux-2.6 2.6.18.dfsg.1-18etch3 CVE-2008-1374 (Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux ...) - cupsys not-affected (Redhat-specific incomplete patch, upstream patch is complete) CVE-2008-1373 (Buffer overflow in the gif_read_lzw in CUPS 1.3.6 allows remote ...) @@ -1506,7 +1505,6 @@ CVE-2008-1294 [setrlimit(RLIMIT_CPUINFO) with zero value doesn't inherit properly across children] RESERVED {DSA-1565-1} - [etch] - linux-2.6 2.6.18.dfsg.1-18etch3 (bug #419706) CVE-2008-1318 (Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows ...) - mediawiki 1:1.11.2-1 [etch] - mediawiki not-affected (Versions prior to 1.11 do not include callback feature) @@ -3567,7 +3565,7 @@ - ghostscript 8.61.dfsg.1-1.1 (medium; bug #468190) CVE-2007-6694 (The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 ...) {DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1565-1} - [etch] - linux-2.6 2.6.18.dfsg.1-18etch3 + - linux-2.6 unfixed CVE-2008- [exempi buffer overflow in GIF ReadHeader() function] - exempi 1.99.7-1 (bug #454297) CVE-2008-0544 (Heap-based buffer overflow in the IMG_LoadLBM_RW function in IMG_lbm.c ...) @@ -5622,8 +5620,6 @@ CVE-2008-0007 (Linux kernel before 2.6.22.17, when using certain drivers that ...) {DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1565-1} - linux-2.6 2.6.24-4 - [etch] - linux-2.6 2.6.18.dfsg.1-18etch3 - {DSA-1565-1} CVE-2008-0006 (Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont ...) {DSA-1466-2 DTSA-110-1} - xorg-server 2:1.4.1~git20080105-2 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r8663 - data/CVE
Author: joeyh Date: 2008-05-01 21:14:15 + (Thu, 01 May 2008) New Revision: 8663 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2008-05-01 21:08:33 UTC (rev 8662) +++ data/CVE/list 2008-05-01 21:14:15 UTC (rev 8663) @@ -1,3 +1,169 @@ +CVE-2008-2042 + RESERVED +CVE-2008-2039 + RESERVED +CVE-2008-2038 (Multiple SQL injection vulnerabilities in admin/adminindex.php in ...) + TODO: check +CVE-2008-2037 (Multiple cross-site scripting (XSS) vulnerabilities in EditeurScripts ...) + TODO: check +CVE-2008-2036 (SQL injection vulnerability in index.php in dream4 Koobi Pro 6.25 ...) + TODO: check +CVE-2008-2035 (Cross-site scripting (XSS) vulnerability in the Bluemoon, Inc. (1) ...) + TODO: check +CVE-2008-2034 (SQL injection vulnerability in wp-download_monitor/download.php in the ...) + TODO: check +CVE-2008-2033 (Multiple unspecified vulnerabilities in ZoneMinder before 1.23.3 allow ...) + TODO: check +CVE-2008-2032 (The FTP service in Acritum Femitter Server 1.03 allows remote ...) + TODO: check +CVE-2008-2031 (VicFTPS 5.0 allows remote attackers to cause a denial of service ...) + TODO: check +CVE-2008-2030 (Cross-site scripting (XSS) vulnerability in installControl.php3 in F5 ...) + TODO: check +CVE-2008-2029 (Multiple SQL injection vulnerabilities in (1) setup_mysql.php and (2) ...) + TODO: check +CVE-2008-2028 (miniBB 2.2, and possibly earlier, when register_globals is enabled, ...) + TODO: check +CVE-2008-2027 (Open redirect vulnerability in WebID/IISWebAgentIF.dll in RSA ...) + TODO: check +CVE-2008-2026 (Cross-site scripting (XSS) vulnerability in WebID/IISWebAgentIF.dll in ...) + TODO: check +CVE-2008-2025 + RESERVED +CVE-2008-2024 (Cross-site scripting (XSS) vulnerability in index.php in miniBB 2.2, ...) + TODO: check +CVE-2008-2023 (Multiple SQL injection vulnerabilities in PD9 Software MegaBBS 2.2 ...) + TODO: check +CVE-2008-2022 (Mulatiple cross-site scripting (XSS) vulnerabilities in PD9 Software ...) + TODO: check +CVE-2008-2021 (Heap-based buffer overflow in Lhaplus before 1.57 allows remote ...) + TODO: check +CVE-2008-2020 (The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 ...) + TODO: check +CVE-2008-2019 (Simple Machines Forum (SMF), probably 1.1.4, relies on quot;randomly ...) + TODO: check +CVE-2008-2018 (The AssignUser function in template.class.php in PHPizabi 0.848b C1 ...) + TODO: check +CVE-2008-2017 (Directory traversal vulnerability in Chilek Content Management System ...) + TODO: check +CVE-2008-2016 (PHP remote file inclusion vulnerability in Chilek Content Management ...) + TODO: check +CVE-2008-2015 (Multiple absolute path traversal vulnerabilities in certain ActiveX ...) + TODO: check +CVE-2008-2014 (Mozilla Firefox 3.0 beta 5 allows remote attackers to cause a denial ...) + TODO: check +CVE-2008-2013 (SQL injection vulnerability in index.php in the pnFlashGames 1.5 ...) + TODO: check +CVE-2008-2012 (SQL injection vulnerability in index.php in the PostSchedule 1.0 ...) + TODO: check +CVE-2008-2011 (Cross-site scripting (XSS) vulnerability in the National Rail ...) + TODO: check +CVE-2008-2010 (Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 ...) + TODO: check +CVE-2008-2009 + RESERVED +CVE-2008-2008 (Buffer overflow in the Display Names message feature in Cerulean ...) + TODO: check +CVE-2008-2007 + RESERVED +CVE-2008-2006 + RESERVED +CVE-2008-2005 + RESERVED +CVE-2008-2004 + RESERVED +CVE-2008-2003 (BadBlue 2.72 Personal Edition stores multiple programs in the web ...) + TODO: check +CVE-2008-2002 (Multiple cross-site request forgery (CSRF) vulnerabilities on Motorola ...) + TODO: check +CVE-2008-2001 (Apple Safari 3.1.1 allows remote attackers to cause a denial of ...) + TODO: check +CVE-2008-2000 (Unspecified vulnerability in Apple Safari 3.1.1 allows remote ...) + TODO: check +CVE-2008-1999 (Apple Safari 3.1.1 allows remote attackers to spoof the address bar by ...) + TODO: check +CVE-2008-1998 (The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, ...) + TODO: check +CVE-2008-1997 (Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM DB2 8 ...) + TODO: check +CVE-2008-1996 (licq before 1.3.6 allows remote attackers to cause a denial of service ...) + TODO: check +CVE-2008-1995 (Sun Java System Directory Proxy Server 6.0, 6.1, and 6.2 classifies a ...) + TODO: check +CVE-2008-1994 (Multiple stack-based buffer overflows in (a) acon.c, (b) menu.c, and ...) + TODO: check +CVE-2008-1993 (Acidcat CMS 3.4.1 does not restrict access to the FCKEditor component, ...) +
[Secure-testing-commits] r8664 - data/DSA
Author: jmm-guest Date: 2008-05-01 21:25:34 + (Thu, 01 May 2008) New Revision: 8664 Modified: data/DSA/list Log: add three missing CVE ids (we skipped one update for iceape and the fixes were fixed upstream and included in the next DSA) Modified: data/DSA/list === --- data/DSA/list 2008-05-01 21:14:15 UTC (rev 8663) +++ data/DSA/list 2008-05-01 21:25:34 UTC (rev 8664) @@ -201,7 +201,7 @@ [sarge] - turba2 2.0.2-1sarge1 [etch] - turba2 2.1.3-1etch1 [24 Feb 2008] DSA-1506-1 iceape - several vulnerabilities - {CVE-2008-0412 CVE-2008-0413 CVE-2008-0414 CVE-2008-0415 CVE-2008-0416 CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593 CVE-2008-0594} + {CVE-2008-0412 CVE-2008-0413 CVE-2008-0414 CVE-2008-0415 CVE-2008-0416 CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593 CVE-2008-0594 CVE-2007-5947 CVE-2007-5959 CVE-2007-5960} [etch] - iceape 1.0.12~pre080131b-0etch1 [22 Feb 2008] DSA-1505-1 alsa-driver alsa-modules-i386 - kernel memory leak {CVE-2007-4571} ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits