Author: stef-guest
Date: 2008-03-11 13:42:26 +0000 (Tue, 11 Mar 2008)
New Revision: 8309
Modified:
data/CVE/list
Log:
- new jspwiki issue
- new silc-toolkit issue already fixed
- some NFUs
- apache fixes
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-03-11 12:54:00 UTC (rev 8308)
+++ data/CVE/list 2008-03-11 13:42:26 UTC (rev 8309)
@@ -78,61 +78,61 @@
CVE-2008-1232
RESERVED
CVE-2008-1231 (Directory traversal vulnerability in Edit.jsp in JSPWiki
2.4.104 and ...)
- TODO: check
+ - jspwiki <unfixed> (bug #470477)
CVE-2008-1230 (Unrestricted file upload vulnerability in JSPWiki 2.4.104 and
2.5.139 ...)
- TODO: check
+ - jspwiki <unfixed> (bug #470477)
CVE-2008-1229 (Cross-site scripting (XSS) vulnerability in Edit.jsp in JSPWiki
...)
- TODO: check
+ - jspwiki <unfixed> (bug #470477)
CVE-2008-1228 (Cross-site scripting (XSS) vulnerability in admin.php in MG2
(formerly ...)
- TODO: check
+ NOT-FOR-US: MG2
CVE-2008-1227 (Stack-based buffer overflow in the silc_fingerprint function in
...)
- TODO: check
+ - silc-toolkit 1.1.6-1
CVE-2008-1226 (Multiple cross-site scripting (XSS) vulnerabilities in Zimbra
...)
- TODO: check
+ NOT-FOR-US: Zimbra Collaboration Suite
CVE-2008-1225 (Multiple cross-site scripting (XSS) vulnerabilities in WebCT
Campus ...)
- TODO: check
+ NOT-FOR-US: WebCT Campus Edition
CVE-2008-1224 (Cross-site scripting (XSS) vulnerability in account.php in ...)
- TODO: check
+ NOT-FOR-US: BosClassifieds Classified Ads System
CVE-2008-1223 (Unspecified vulnerability in Dokeos 1.8.4 before SP3 allows
attackers ...)
- TODO: check
+ NOT-FOR-US: Dokeos
CVE-2008-1222 (Cross-site scripting (XSS) vulnerability in Dokeos 1.8.4 before
SP3 ...)
- TODO: check
+ NOT-FOR-US: Dokeos
CVE-2008-1221 (Absolute path traversal vulnerability in the FTP server in
MicroWorld ...)
- TODO: check
+ NOT-FOR-US: MicroWorld eScan
CVE-2008-1220 (SQL injection vulnerability in the 4nChat 0.91 module for
PHP-Nuke ...)
- TODO: check
+ NOT-FOR-US: 4nChat for PHP-Nuke
CVE-2008-1219 (SQL injection vulnerability in the Kutub-i Sitte (KutubiSitte)
1.1 ...)
- TODO: check
+ NOT-FOR-US: Kutub-i Sitte for PHP-Nuke
CVE-2008-1218
RESERVED
CVE-2008-1217 (Unspecified vulnerability in nlnotes.dll in the client in IBM
Lotus ...)
- TODO: check
+ NOT-FOR-US: IBM Lotus Notes
CVE-2008-1216 (IBM Lotus Quickr 8.0 server, and possibly QuickPlace 7.x, does
not ...)
- TODO: check
+ NOT-FOR-US: IBM Lotus Notes
CVE-2008-1215 (Stack-based buffer overflow in the command_Expand_Interpret
function ...)
- TODO: check
+ NOT-FOR-US: BSD net/userppp
CVE-2008-1214 (MRcgi/MRProcessIncomingForms.pl in Numara FootPrints 8.1 on
Linux ...)
- TODO: check
+ NOT-FOR-US: Numara FootPrints
CVE-2008-1213 (Cross-site scripting (XSS) vulnerability in Numara FootPrints
for ...)
- TODO: check
+ NOT-FOR-US: Numara FootPrints
CVE-2008-1212 (Cross-site scripting (XSS) vulnerability in set_permissions.php
in ...)
- TODO: check
+ NOT-FOR-US: Podcast Generator
CVE-2008-1211 (Cross-site scripting (XSS) vulnerability in BosDates 3.x and
4.x ...)
- TODO: check
+ NOT-FOR-US: BosDates
CVE-2008-1210 (Stack-based buffer overflow in the ctags parsing code in
Programmer's ...)
- TODO: check
+ NOT-FOR-US: Programmer's Notepad
CVE-2008-1209 (Cross-site scripting (XSS) vulnerability in redirect.do in
Xitex ...)
- TODO: check
+ NOT-FOR-US: Xitex WebContent M1
CVE-2008-1208 (Cross-site scripting (XSS) vulnerability in the login page in
Check ...)
- TODO: check
+ NOT-FOR-US: CheckPoint VPN-1
CVE-2008-1207 (Multiple unspecified vulnerabilities in Fujitsu Interstage
Smart ...)
- TODO: check
+ NOT-FOR-US: Fujitsu Interstage
CVE-2008-1206 (Format string vulnerability in the log_message function in
lks.c in ...)
- TODO: check
+ NOT-FOR-US: Linux Kiss Server
CVE-2008-1205 (Unspecified vulnerability in the ipsecah kernel module in Sun
Solaris ...)
- TODO: check
+ NOT-FOR-US: Sun Solaris
CVE-2008-1204 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
- TODO: check
+ NOT-FOR-US: Sun Java System
CVE-2008-1203
RESERVED
CVE-2008-1202
@@ -140,7 +140,7 @@
CVE-2008-1201
RESERVED
CVE-2008-1200 (Unspecified vulnerability in Microsoft Access allows remote ...)
- TODO: check
+ NOT-FOR-US: Microsoft Access
CVE-2008-1198 (The default IPSec ifup script in Red Hat Enterprise Linux 3
through 5 ...)
TODO: check
CVE-2008-1197
@@ -7837,10 +7837,8 @@
CVE-2007-5000 (Cross-site scripting (XSS) vulnerability in the (1) mod_imap
module in ...)
[sarge] - apache2 <no-dsa> (minor issue)
[sarge] - apache <no-dsa> (minor issue)
- [etch] - apache2 <no-dsa> (minor issue)
- [etch] - apache <no-dsa> (minor issue)
- apache2 2.2.8-1 (low)
- - apache <unfixed> (low)
+ - apache <removed> (low)
[etch] - apache2 2.2.3-4+etch4
[etch] - apache 1.3.34-4.1+etch1
CVE-2007-4999 (libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML
logging, ...)
@@ -9137,7 +9135,7 @@
[sarge] - apache <no-dsa> (browser issue, low impact)
[etch] - apache <no-dsa> (browser issue, low impact)
[sarge] - apache2 <no-dsa> (browser issue, low impact)
- [etch] - apache2 <no-dsa> (browser issue, low impact)
+ [etch] - apache2 2.2.3-4+etch4
NOTE: This is really a browser bug, see CVE-2006-5152. But still
unfixed in MSIE.
NOTE: Etch's default configuration not vulnerable due to
AddDefaultCharset,
NOTE: but many users change this.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
