[Secure-testing-commits] r8658 - data/CVE
Author: nion Date: 2008-05-01 14:15:49 + (Thu, 01 May 2008) New Revision: 8658 Modified: data/CVE/list Log: add wordpress information Modified: data/CVE/list === --- data/CVE/list 2008-05-01 01:38:20 UTC (rev 8657) +++ data/CVE/list 2008-05-01 14:15:49 UTC (rev 8658) @@ -1,6 +1,7 @@ CVE-2008- [privilege escalation in wordpress] - wordpress 2.2.3-1 NOTE: CVE id requested + NOTE: http://trac.wordpress.org/ticket/4748 CVE-2008-2040 [peercast buffer overflow in HTTP::getAuthUserPass] - peercast unfixed (medium; bug #478573) - gnome-peercast removed ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r8659 - in data: CVE DSA
Author: thijs
Date: 2008-05-01 17:10:57 + (Thu, 01 May 2008)
New Revision: 8659
Modified:
data/CVE/list
data/DSA/list
Log:
DSA 1562,3,4
Modified: data/CVE/list
===
--- data/CVE/list 2008-05-01 14:15:49 UTC (rev 8658)
+++ data/CVE/list 2008-05-01 17:10:57 UTC (rev 8659)
@@ -2,6 +2,7 @@
- wordpress 2.2.3-1
NOTE: CVE id requested
NOTE: http://trac.wordpress.org/ticket/4748
+ NOTE: fixed in DSA-1564-1
CVE-2008-2040 [peercast buffer overflow in HTTP::getAuthUserPass]
- peercast unfixed (medium; bug #478573)
- gnome-peercast removed
Modified: data/DSA/list
===
--- data/DSA/list 2008-05-01 14:15:49 UTC (rev 8658)
+++ data/DSA/list 2008-05-01 17:10:57 UTC (rev 8659)
@@ -1,3 +1,12 @@
+[01 May 2008] DSA-1564-1 wordpress - several vulnerabilities
+ {CVE-2007-0540 CVE-2007-3639 CVE-2007-4153 CVE-2007-4154}
+ [etch] - wordpress 2.0.10-1etch2
+[30 Apr 2008] DSA-1563-1 asterisk - denial of service
+ {CVE-2008-1897}
+ [etch] - asterisk 1:1.2.13~dfsg-2etch4
+[28 Apr 2008] DSA-1562-1 iceape - arbitrary code execution
+ {CVE-2008-1380}
+ [etch] - iceape 1.0.13~pre080323b-0etch3
[28 Apr 2008] DSA-1561-1 ltsp - information disclosure
{CVE-2008-1293}
[etch] - ltsp 0.99debian11+etch1
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r8660 - data/CVE
Author: dannf
Date: 2008-05-01 20:33:30 + (Thu, 01 May 2008)
New Revision: 8660
Modified:
data/CVE/list
Log:
updates for DSA-1565-1; my first significant update, please review
Modified: data/CVE/list
===
--- data/CVE/list 2008-05-01 17:10:57 UTC (rev 8659)
+++ data/CVE/list 2008-05-01 20:33:30 UTC (rev 8660)
@@ -1307,6 +1307,9 @@
RESERVED
CVE-2008-1375
RESERVED
+ {DSA-1565-1}
+ - linux-2.6 unfixed
+ [etch] - linux-2.6 2.6.18.dfsg.1-18etch3
CVE-2008-1374 (Integer overflow in pdftops filter in CUPS in Red Hat
Enterprise Linux ...)
- cupsys not-affected (Redhat-specific incomplete patch, upstream
patch is complete)
CVE-2008-1373 (Buffer overflow in the gif_read_lzw in CUPS 1.3.6 allows remote
...)
@@ -1502,7 +1505,8 @@
[etch] - axyl not-affected (Vulnerable code not present)
CVE-2008-1294 [setrlimit(RLIMIT_CPUINFO) with zero value doesn't inherit
properly across children]
RESERVED
- - linux-2.6 unfixed (bug #419706)
+ {DSA-1565-1}
+ [etch] - linux-2.6 2.6.18.dfsg.1-18etch3 (bug #419706)
CVE-2008-1318 (Unspecified vulnerability in MediaWiki 1.11 before 1.11.2
allows ...)
- mediawiki 1:1.11.2-1
[etch] - mediawiki not-affected (Versions prior to 1.11 do not
include callback feature)
@@ -3562,8 +3566,8 @@
{DSA-1510-1}
- ghostscript 8.61.dfsg.1-1.1 (medium; bug #468190)
CVE-2007-6694 (The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel
2.4.21 ...)
- {DSA-1503-2 DSA-1504-1 DSA-1503-1}
- - linux-2.6 unfixed
+ {DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1565-1}
+ [etch] - linux-2.6 2.6.18.dfsg.1-18etch3
CVE-2008- [exempi buffer overflow in GIF ReadHeader() function]
- exempi 1.99.7-1 (bug #454297)
CVE-2008-0544 (Heap-based buffer overflow in the IMG_LoadLBM_RW function in
IMG_lbm.c ...)
@@ -5616,8 +5620,10 @@
{DSA-1476-1}
- pulseaudio 0.9.9-1
CVE-2008-0007 (Linux kernel before 2.6.22.17, when using certain drivers that
...)
- {DSA-1503-2 DSA-1504-1 DSA-1503-1}
+ {DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1565-1}
- linux-2.6 2.6.24-4
+ [etch] - linux-2.6 2.6.18.dfsg.1-18etch3
+ {DSA-1565-1}
CVE-2008-0006 (Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the
libfont ...)
{DSA-1466-2 DTSA-110-1}
- xorg-server 2:1.4.1~git20080105-2
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r8660 failed
The error message was: data/CVE/list: 5622: error: cross reference to DSA-1565-1 appears multiple times Exception exceptions.AttributeError: 'apsw.Connection' object has no attribute 'close' in bound method DB.__del__ of security_db.DB instance at 0x401c ignored make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r8661 - data/DSA
Author: jmm-guest
Date: 2008-05-01 20:59:51 + (Thu, 01 May 2008)
New Revision: 8661
Modified:
data/DSA/list
Log:
add an entry for DSA/list as well
Modified: data/DSA/list
===
--- data/DSA/list 2008-05-01 20:33:30 UTC (rev 8660)
+++ data/DSA/list 2008-05-01 20:59:51 UTC (rev 8661)
@@ -1,3 +1,6 @@
+[01 May 2008] DSA-1565-1 linux-2.6
+ {CVE-2008-1375 CVE-2008-1294 CVE-2007-6694 CVE-2008-0007}
+ [etch] - linux-2.6 2.6.18.dfsg.1-18etch3
[01 May 2008] DSA-1564-1 wordpress - several vulnerabilities
{CVE-2007-0540 CVE-2007-3639 CVE-2007-4153 CVE-2007-4154}
[etch] - wordpress 2.0.10-1etch2
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r8661 failed
The error message was: data/CVE/list: 5622: error: cross reference to DSA-1565-1 appears multiple times Exception exceptions.AttributeError: 'apsw.Connection' object has no attribute 'close' in bound method DB.__del__ of security_db.DB instance at 0x401c ignored make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r8662 - data/CVE
Author: jmm-guest
Date: 2008-05-01 21:08:33 + (Thu, 01 May 2008)
New Revision: 8662
Modified:
data/CVE/list
Log:
fixups:
- each issue should have the status of unstable (which is recorded in
CVE/list), so I've added a few linux-2.6 unfixed (We can figure
out the fixed versions later on)
- there's no need for [etch] lines for issues fixed in DSAs, this
information is cross-referenced from DSA/list and the entries
are added automatically by a cron job. I've removed the [etch]
lines and added an entry to DSA/list
Modified: data/CVE/list
===
--- data/CVE/list 2008-05-01 20:59:51 UTC (rev 8661)
+++ data/CVE/list 2008-05-01 21:08:33 UTC (rev 8662)
@@ -1309,7 +1309,6 @@
RESERVED
{DSA-1565-1}
- linux-2.6 unfixed
- [etch] - linux-2.6 2.6.18.dfsg.1-18etch3
CVE-2008-1374 (Integer overflow in pdftops filter in CUPS in Red Hat
Enterprise Linux ...)
- cupsys not-affected (Redhat-specific incomplete patch, upstream
patch is complete)
CVE-2008-1373 (Buffer overflow in the gif_read_lzw in CUPS 1.3.6 allows remote
...)
@@ -1506,7 +1505,6 @@
CVE-2008-1294 [setrlimit(RLIMIT_CPUINFO) with zero value doesn't inherit
properly across children]
RESERVED
{DSA-1565-1}
- [etch] - linux-2.6 2.6.18.dfsg.1-18etch3 (bug #419706)
CVE-2008-1318 (Unspecified vulnerability in MediaWiki 1.11 before 1.11.2
allows ...)
- mediawiki 1:1.11.2-1
[etch] - mediawiki not-affected (Versions prior to 1.11 do not
include callback feature)
@@ -3567,7 +3565,7 @@
- ghostscript 8.61.dfsg.1-1.1 (medium; bug #468190)
CVE-2007-6694 (The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel
2.4.21 ...)
{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1565-1}
- [etch] - linux-2.6 2.6.18.dfsg.1-18etch3
+ - linux-2.6 unfixed
CVE-2008- [exempi buffer overflow in GIF ReadHeader() function]
- exempi 1.99.7-1 (bug #454297)
CVE-2008-0544 (Heap-based buffer overflow in the IMG_LoadLBM_RW function in
IMG_lbm.c ...)
@@ -5622,8 +5620,6 @@
CVE-2008-0007 (Linux kernel before 2.6.22.17, when using certain drivers that
...)
{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1565-1}
- linux-2.6 2.6.24-4
- [etch] - linux-2.6 2.6.18.dfsg.1-18etch3
- {DSA-1565-1}
CVE-2008-0006 (Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the
libfont ...)
{DSA-1466-2 DTSA-110-1}
- xorg-server 2:1.4.1~git20080105-2
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r8663 - data/CVE
Author: joeyh Date: 2008-05-01 21:14:15 + (Thu, 01 May 2008) New Revision: 8663 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2008-05-01 21:08:33 UTC (rev 8662) +++ data/CVE/list 2008-05-01 21:14:15 UTC (rev 8663) @@ -1,3 +1,169 @@ +CVE-2008-2042 + RESERVED +CVE-2008-2039 + RESERVED +CVE-2008-2038 (Multiple SQL injection vulnerabilities in admin/adminindex.php in ...) + TODO: check +CVE-2008-2037 (Multiple cross-site scripting (XSS) vulnerabilities in EditeurScripts ...) + TODO: check +CVE-2008-2036 (SQL injection vulnerability in index.php in dream4 Koobi Pro 6.25 ...) + TODO: check +CVE-2008-2035 (Cross-site scripting (XSS) vulnerability in the Bluemoon, Inc. (1) ...) + TODO: check +CVE-2008-2034 (SQL injection vulnerability in wp-download_monitor/download.php in the ...) + TODO: check +CVE-2008-2033 (Multiple unspecified vulnerabilities in ZoneMinder before 1.23.3 allow ...) + TODO: check +CVE-2008-2032 (The FTP service in Acritum Femitter Server 1.03 allows remote ...) + TODO: check +CVE-2008-2031 (VicFTPS 5.0 allows remote attackers to cause a denial of service ...) + TODO: check +CVE-2008-2030 (Cross-site scripting (XSS) vulnerability in installControl.php3 in F5 ...) + TODO: check +CVE-2008-2029 (Multiple SQL injection vulnerabilities in (1) setup_mysql.php and (2) ...) + TODO: check +CVE-2008-2028 (miniBB 2.2, and possibly earlier, when register_globals is enabled, ...) + TODO: check +CVE-2008-2027 (Open redirect vulnerability in WebID/IISWebAgentIF.dll in RSA ...) + TODO: check +CVE-2008-2026 (Cross-site scripting (XSS) vulnerability in WebID/IISWebAgentIF.dll in ...) + TODO: check +CVE-2008-2025 + RESERVED +CVE-2008-2024 (Cross-site scripting (XSS) vulnerability in index.php in miniBB 2.2, ...) + TODO: check +CVE-2008-2023 (Multiple SQL injection vulnerabilities in PD9 Software MegaBBS 2.2 ...) + TODO: check +CVE-2008-2022 (Mulatiple cross-site scripting (XSS) vulnerabilities in PD9 Software ...) + TODO: check +CVE-2008-2021 (Heap-based buffer overflow in Lhaplus before 1.57 allows remote ...) + TODO: check +CVE-2008-2020 (The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 ...) + TODO: check +CVE-2008-2019 (Simple Machines Forum (SMF), probably 1.1.4, relies on quot;randomly ...) + TODO: check +CVE-2008-2018 (The AssignUser function in template.class.php in PHPizabi 0.848b C1 ...) + TODO: check +CVE-2008-2017 (Directory traversal vulnerability in Chilek Content Management System ...) + TODO: check +CVE-2008-2016 (PHP remote file inclusion vulnerability in Chilek Content Management ...) + TODO: check +CVE-2008-2015 (Multiple absolute path traversal vulnerabilities in certain ActiveX ...) + TODO: check +CVE-2008-2014 (Mozilla Firefox 3.0 beta 5 allows remote attackers to cause a denial ...) + TODO: check +CVE-2008-2013 (SQL injection vulnerability in index.php in the pnFlashGames 1.5 ...) + TODO: check +CVE-2008-2012 (SQL injection vulnerability in index.php in the PostSchedule 1.0 ...) + TODO: check +CVE-2008-2011 (Cross-site scripting (XSS) vulnerability in the National Rail ...) + TODO: check +CVE-2008-2010 (Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 ...) + TODO: check +CVE-2008-2009 + RESERVED +CVE-2008-2008 (Buffer overflow in the Display Names message feature in Cerulean ...) + TODO: check +CVE-2008-2007 + RESERVED +CVE-2008-2006 + RESERVED +CVE-2008-2005 + RESERVED +CVE-2008-2004 + RESERVED +CVE-2008-2003 (BadBlue 2.72 Personal Edition stores multiple programs in the web ...) + TODO: check +CVE-2008-2002 (Multiple cross-site request forgery (CSRF) vulnerabilities on Motorola ...) + TODO: check +CVE-2008-2001 (Apple Safari 3.1.1 allows remote attackers to cause a denial of ...) + TODO: check +CVE-2008-2000 (Unspecified vulnerability in Apple Safari 3.1.1 allows remote ...) + TODO: check +CVE-2008-1999 (Apple Safari 3.1.1 allows remote attackers to spoof the address bar by ...) + TODO: check +CVE-2008-1998 (The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, ...) + TODO: check +CVE-2008-1997 (Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM DB2 8 ...) + TODO: check +CVE-2008-1996 (licq before 1.3.6 allows remote attackers to cause a denial of service ...) + TODO: check +CVE-2008-1995 (Sun Java System Directory Proxy Server 6.0, 6.1, and 6.2 classifies a ...) + TODO: check +CVE-2008-1994 (Multiple stack-based buffer overflows in (a) acon.c, (b) menu.c, and ...) + TODO: check +CVE-2008-1993 (Acidcat CMS 3.4.1 does not restrict access to the FCKEditor component, ...) +
[Secure-testing-commits] r8664 - data/DSA
Author: jmm-guest
Date: 2008-05-01 21:25:34 + (Thu, 01 May 2008)
New Revision: 8664
Modified:
data/DSA/list
Log:
add three missing CVE ids (we skipped one update for iceape
and the fixes were fixed upstream and included in the
next DSA)
Modified: data/DSA/list
===
--- data/DSA/list 2008-05-01 21:14:15 UTC (rev 8663)
+++ data/DSA/list 2008-05-01 21:25:34 UTC (rev 8664)
@@ -201,7 +201,7 @@
[sarge] - turba2 2.0.2-1sarge1
[etch] - turba2 2.1.3-1etch1
[24 Feb 2008] DSA-1506-1 iceape - several vulnerabilities
- {CVE-2008-0412 CVE-2008-0413 CVE-2008-0414 CVE-2008-0415 CVE-2008-0416
CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591 CVE-2008-0592
CVE-2008-0593 CVE-2008-0594}
+ {CVE-2008-0412 CVE-2008-0413 CVE-2008-0414 CVE-2008-0415 CVE-2008-0416
CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591 CVE-2008-0592
CVE-2008-0593 CVE-2008-0594 CVE-2007-5947 CVE-2007-5959 CVE-2007-5960}
[etch] - iceape 1.0.12~pre080131b-0etch1
[22 Feb 2008] DSA-1505-1 alsa-driver alsa-modules-i386 - kernel memory leak
{CVE-2007-4571}
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
