[Secure-testing-commits] r10879 - data/CVE

Wed, 07 Jan 2009 10:34:06 -0800 

Author: nion
Date: 2009-01-07 18:33:59 +0000 (Wed, 07 Jan 2009)
New Revision: 10879

Modified:
   data/CVE/list
Log:
NFU
CVE-2008-584{5,6} fixed in movabletype-opensource 4.2.3-1
CVE-2008-5843 doesn't affect pdfjam in Debian
CVE-2008-5687 fixed in mediawiki 1:1.13.3-1


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2009-01-07 16:43:32 UTC (rev 10878)
+++ data/CVE/list       2009-01-07 18:33:59 UTC (rev 10879)
@@ -1,15 +1,18 @@
 CVE-2008-5847 (Constructr CMS 3.02.5 and earlier stores passwords in cleartext 
in a ...)
-       TODO: check
+       NOT-FOR-US: Constructr CMS
 CVE-2008-5846 (Six Apart Movable Type (MT) before 4.23 allows remote 
authenticated ...)
-       TODO: check
+       - movabletype-opensource 4.2.3-1 (low)
 CVE-2008-5845 (Multiple cross-site scripting (XSS) vulnerabilities in Six 
Apart ...)
-       TODO: check
+       - movabletype-opensource 4.2.3-1 (low)
 CVE-2008-5844 (PHP 5.2.7 contains an incorrect change to the FILTER_UNSAFE_RAW 
...)
-       TODO: check
+       - php5 <not-affected> (vulnerable code introduced in 5.2.7, we have 
5.2.6 and 5.2.8 was released in the meantime)
+       [etch] - php4 <not-affected> (vulnerable code introduced in php5 5.2.7)
 CVE-2008-5843 (Multiple untrusted search path vulnerabilities in pdfjam allow 
local ...)
-       TODO: check
+       - pdfjam <not-affected> (the debian package sets pdflatex and thus 
dirname can't result in returning .)
+       NOTE: it is also not possible to include a crafted sed or pdflatex 
executable in the pdflatex call
+       NOTE: as our version uses random names, see #510584
 CVE-2008-5842 (Multiple cross-site scripting (XSS) vulnerabilities in 
Fujitsu-Siemens ...)
-       TODO: check
+       NOT-FOR-US: Fujitsu-Siemens WebTransactions
 CVE-2004-2761 (The MD5 Message-Digest Algorithm is not collision resistant, 
which ...)
        TODO: check
 CVE-2008-XXXX [auctex insecure temp file]
@@ -343,7 +346,8 @@
        - mediawiki <unfixed> (unimportant)
        NOTE: Installation path disclosure not treated as a security issue
 CVE-2008-5687 (MediaWiki 1.11 through 1.13.3 does not properly protect against 
the ...)
-       TODO: check
+       - mediawiki 1:1.13.3-1 (low)
+       NOTE: the CVE id description is wrong, this is fixed in 1.13.3, 
notified mitre
 CVE-2008-5686 (IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006, 
when its ...)
        NOT-FOR-US: IBM Tivoli Provisioning Manager
 CVE-2008-5685 (Sun ScApp firmware 5.18.x, 5.19.x, and 5.20.0 through 5.20.10 
on Sun ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to