[Secure-testing-commits] r11205 - data/CVE
Author: thijs Date: 2009-02-13 17:13:24 + (Fri, 13 Feb 2009) New Revision: 11205 Modified: data/CVE/list Log: issue too minor for a DSA on its own, may include it in a next update Modified: data/CVE/list === --- data/CVE/list 2009-02-12 22:18:57 UTC (rev 11204) +++ data/CVE/list 2009-02-13 17:13:24 UTC (rev 11205) @@ -5874,6 +5874,7 @@ - python-dns 2.3.1-5 (bug #490217) CVE-2008-4125 (The search function in phpBB 2.x provides a search_id value that leaks ...) - phpbb2 2.0.23+repack-3 (low; bug #500086) + [etch] - phpbb2 no-dsa (Minor issue) - phpbb3 not-affected (vulnerable code not present) NOTE: this is actually a bug in the seeding by PHP, not phpBB per se, but NOTE: fixing it nonetheless as a workaround. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r11206 - data/CVE
Author: gilbert-guest Date: 2009-02-13 20:24:19 + (Fri, 13 Feb 2009) New Revision: 11206 Modified: data/CVE/list Log: adding new application launcher issues Modified: data/CVE/list === --- data/CVE/list 2009-02-13 17:13:24 UTC (rev 11205) +++ data/CVE/list 2009-02-13 20:24:19 UTC (rev 11206) @@ -1,3 +1,13 @@ +CVE-2009- [nautilus: potential exploits via application launchers] +- nautilus unfixed (medium; bug #515104) +[lenny] - nautilus unfixed +[etch] - nautilus unfixed +NOTE: need to submit a request for CVE id +CVE-2009- [konqueror: potential exploits via application launchers] +- konqueror unfixed (medium; bug #515106) +[lenny] - konqueror unfixed +[etch] - konqueror unfixed +NOTE: need to submit a request for CVE id CVE-2009- [mediawiki XSS in installer scripts] [lenny] - mediawiki 1:1.12.0-2lenny3 (low; bug #514547) NOTE: CVE id was requested on oss-sec ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r11207 - data/DSA
Author: thijs Date: 2009-02-13 20:47:27 + (Fri, 13 Feb 2009) New Revision: 11207 Modified: data/DSA/list Log: automatic update Modified: data/DSA/list === --- data/DSA/list 2009-02-13 20:24:19 UTC (rev 11206) +++ data/DSA/list 2009-02-13 20:47:27 UTC (rev 11207) @@ -1,3 +1,5 @@ +[13 Feb 2009] DSA-1724-1 - several vulnerabilities + {CVE-2008-5153 CVE-2009-0500 CVE-2009-0502} [11 Feb 2009] DSA-1723-1 phpmyadmin - arbitrary code execution {CVE-2008-5621 CVE-2008-5622} [etch] - phpmyadmin 4:2.9.1.1-10 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r11208 - data/DSA
Author: thijs Date: 2009-02-13 21:03:46 + (Fri, 13 Feb 2009) New Revision: 11208 Modified: data/DSA/list Log: version misdetected Modified: data/DSA/list === --- data/DSA/list 2009-02-13 20:47:27 UTC (rev 11207) +++ data/DSA/list 2009-02-13 21:03:46 UTC (rev 11208) @@ -1,5 +1,6 @@ [13 Feb 2009] DSA-1724-1 - several vulnerabilities {CVE-2008-5153 CVE-2009-0500 CVE-2009-0502} + [etch] - moodle 1.6.3-2+etch2 [11 Feb 2009] DSA-1723-1 phpmyadmin - arbitrary code execution {CVE-2008-5621 CVE-2008-5622} [etch] - phpmyadmin 4:2.9.1.1-10 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r11209 - data/CVE
Author: joeyh Date: 2009-02-13 21:14:13 + (Fri, 13 Feb 2009) New Revision: 11209 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2009-02-13 21:03:46 UTC (rev 11208) +++ data/CVE/list 2009-02-13 21:14:13 UTC (rev 11209) @@ -1,13 +1,13 @@ CVE-2009- [nautilus: potential exploits via application launchers] -- nautilus unfixed (medium; bug #515104) -[lenny] - nautilus unfixed -[etch] - nautilus unfixed -NOTE: need to submit a request for CVE id + - nautilus unfixed (medium; bug #515104) + [lenny] - nautilus unfixed + [etch] - nautilus unfixed + NOTE: need to submit a request for CVE id CVE-2009- [konqueror: potential exploits via application launchers] -- konqueror unfixed (medium; bug #515106) -[lenny] - konqueror unfixed -[etch] - konqueror unfixed -NOTE: need to submit a request for CVE id + - konqueror unfixed (medium; bug #515106) + [lenny] - konqueror unfixed + [etch] - konqueror unfixed + NOTE: need to submit a request for CVE id CVE-2009- [mediawiki XSS in installer scripts] [lenny] - mediawiki 1:1.12.0-2lenny3 (low; bug #514547) NOTE: CVE id was requested on oss-sec @@ -96,6 +96,7 @@ CVE-2009- [tor: DoS vulnerability that could be performed by a directory mirror] - tor 0.2.0.34-1 (bug #514580) CVE-2009-0502 (Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php ...) + {DSA-1724-1} - moodle 1.8.2.dfsg-3 (low) TODO: check snoopy and code copies NOTE: MSA-09-0004 @@ -104,7 +105,7 @@ - moodle unfixed (low) [etch] - moodle not-affected (Vulnerable code not present) CVE-2009-0500 (Cross-site scripting (XSS) vulnerability in course/lib.php in Moodle ...) - {DTSA-195-1} + {DSA-1724-1 DTSA-195-1} - moodle 1.8.2.dfsg-3 (low) CVE-2009-0499 (Cross-site request forgery (CSRF) vulnerability in the forum code in ...) - moodle 1.8.2.dfsg-3 (low) @@ -3497,6 +3498,7 @@ - p3nfs 5.19-1.2 (low; bug #506270) [etch] - p3nfs no-dsa (Minor issue) CVE-2008-5153 (spell-check-logic.cgi in Moodle 1.8.2 allows local users to overwrite ...) + {DSA-1724-1} - moodle unfixed (unimportant) NOTE: manual editing of file is required to run the unsafe code CVE-2008-5152 (inmail-show in mh-book 200605 allows local users to overwrite ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r11210 - in data: . CVE
Author: jmm-guest Date: 2009-02-13 21:30:33 + (Fri, 13 Feb 2009) New Revision: 11210 Modified: data/CVE/list data/spu-candidates.txt Log: - no-dsa: mailscanner, tsqllib, mikmod, sdlmixer - remove CVEfied trac temp entry - one tomcat issue is actually a JVM issue - libnet-dns-perl isn't fixed DNS randomisation-wise Modified: data/CVE/list === --- data/CVE/list 2009-02-13 21:14:13 UTC (rev 11209) +++ data/CVE/list 2009-02-13 21:30:33 UTC (rev 11210) @@ -1233,6 +1233,7 @@ NOT-FOR-US: Fedora specific issue CVE-2009-0179 (libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other ...) - libmikmod unfixed (low; bug #476339) + [etch] - libmikmod no-dsa (Minor issue) CVE-2009-0178 (Unspecified vulnerability in IBM Hardware Management Console (HMC) 7 ...) NOT-FOR-US: IBM Hardware Management Console CVE-2009-0177 (vmwarebase.dll, as used in the vmware-authd service (aka ...) @@ -1262,7 +1263,9 @@ NOT-FOR-US: RealNetworks Helix CVE-2007-6720 (libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and ...) - libmikmod unfixed (low; bug #461519) + [etch] - libmikmod no-dsa (Minor issue) - sdl-mixer1.2 1.2.8-1 (low; bug #422021) + [etch] - sdl-mixer1.2 no-dsa (Minor issue) CVE-2009-0173 (Unspecified vulnerability in the server in IBM DB2 9.1 before FP6a and ...) NOT-FOR-US: IBM DB2 CVE-2009-0172 (Unspecified vulnerability in IBM DB2 9.1 before FP6a and 9.5 before ...) @@ -1375,7 +1378,8 @@ CVE-2009-0125 (** DISPUTED ** ...) - libnasl unfixed (unimportant; bug #511517) CVE-2009-0124 (The tqsl_verifyDataBlock function in openssl_cert.cpp in American ...) - - tqsllib 2.0-8 (bug #511509) + - tqsllib 2.0-8 (low; bug #511509) + [etch] - tqsllib no-dsa (Minor issue) CVE-2009-0123 (Unspecified vulnerability in Apple Safari on Mac OS X 10.5 and Windows ...) NOT-FOR-US: Apple Safari CVE-2009-0122 (hplip.postinst in HP Linux Imaging and Printing (HPLIP) 2.7.7 and ...) @@ -2122,9 +2126,9 @@ CVE-2008-5648 (SQL injection vulnerability in admin/login.php in DeltaScripts PHP ...) NOT-FOR-US: DeltaScripts PHP Shop CVE-2008-5647 (Unspecified vulnerability in the HTML sanitizer filter in Trac before ...) - - trac 0.11.1-2.1 (low; bug #509342) + - trac 0.11.1-2.1 (low; bug #509342; bug #505197) CVE-2008-5646 (Unspecified vulnerability in Trac before 0.11.2 allows attackers to ...) - - trac 0.11.1-2.1 (low; bug #509342) + - trac 0.11.1-2.1 (low; bug #509342; bug #505197) CVE-2008-5645 (Directory traversal vulnerability in the media server in Orb Networks ...) NOT-FOR-US: Orb Networks Orb CVE-2008-5644 (Cross-site scripting (XSS) vulnerability in the file backend module in ...) @@ -3438,9 +3442,11 @@ NOTE: http://securityreason.com/achievement_securityalert/57 CVE-2008-5312 (mailscanner 4.55.10 and other versions before 4.74.16-1 might allow ...) - mailscanner 4.74.16-1 (bug #506353) + [etch] - mailscanner no-dsa (Minor issue) NOTE: there is no difference apart from the versions to CVE-2008-5313 CVE-2008-5313 (mailscanner 4.68.8 and other versions before 4.74.16-1 might allow ...) - mailscanner 4.74.16-1 (bug #506353) + [etch] - mailscanner no-dsa (Minor issue) NOTE: there is no difference apart from the versions to CVE-2008-5312 CVE-2008-5175 (Directory traversal vulnerability in the FTP client in AceFTP Freeware ...) NOT-FOR-US: AceFTP @@ -3889,8 +3895,6 @@ {DSA-1687-1 DSA-1681-1} - linux-2.6 2.6.26-11 - linux-2.6.24 2.6.24-6~etchnhalf.7 -CVE-2008- [Trac Multiple Vulnerabilities] - - trac 0.11.1-2.1 (bug #505197) CVE-2008-5008 (Buffer overflow in src/src_sinc.c in Secret Rabbit Code (aka SRC or ...) - libsamplerate 0.1.4-1 CVE-2008-5006 (smtp.c in the c-client library in University of Washington IMAP ...) @@ -7860,8 +7864,6 @@ NOT-FOR-US: IntelliTamper CVE-2008-3359 (SQL injection vulnerability in register.php in Steve Bourgeois and ...) - owl-dms 0.95-1.1 (bug #493372) - NOTE: Hardly maintained and very few users, long standing sec issues in Etch, - NOTE: Emailed release team to ask for removal from lenny CVE-2008-3358 (Cross-site scripting (XSS) vulnerability in Web Dynpro (WD) in the SAP ...) NOT-FOR-US: SAP NetWeaver portal CVE-2008-3357 (Untrusted search path vulnerability in ingvalidpw in Ingres 2.6, ...) @@ -8822,7 +8824,9 @@ [etch] - apache2 2.2.3-4+etch6 - apache not-affected (vulnerable code not present) CVE-2008-2938 (Directory traversal vulnerability in Apache Tomcat 4.1.0 through ...) - - tomcat5.5 5.5.26-5 (low; bug #496309) + NOTE: This is an issue in the respective JVMs, Tomcat only includes a workaround + NOTE: Check status of free JVMs + - tomcat5.5
[Secure-testing-commits] r11211 - data/CVE
Author: jmm-guest Date: 2009-02-13 21:40:44 + (Fri, 13 Feb 2009) New Revision: 11211 Modified: data/CVE/list Log: - fix srcpkg name for konqueror - adjust severities - unfixed state is implicit for released suites Modified: data/CVE/list === --- data/CVE/list 2009-02-13 21:30:33 UTC (rev 11210) +++ data/CVE/list 2009-02-13 21:40:44 UTC (rev 11211) @@ -1,12 +1,8 @@ CVE-2009- [nautilus: potential exploits via application launchers] - - nautilus unfixed (medium; bug #515104) - [lenny] - nautilus unfixed - [etch] - nautilus unfixed + - nautilus unfixed (low; bug #515104) NOTE: need to submit a request for CVE id CVE-2009- [konqueror: potential exploits via application launchers] - - konqueror unfixed (medium; bug #515106) - [lenny] - konqueror unfixed - [etch] - konqueror unfixed + - kdebase unfixed (low; bug #515106) NOTE: need to submit a request for CVE id CVE-2009- [mediawiki XSS in installer scripts] [lenny] - mediawiki 1:1.12.0-2lenny3 (low; bug #514547) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] util
Title: util Evrika Group - cursuri de perfectionare : - contabilitate costul cursului este de 300 ron cu incepere din23februarie 2009. -expert fiscal costul cursului este de 1000 ron cu incepere in04 martie 2009. -inspector protectia muncii studii medii costul cursului este de 300 ron cu incepere din01 aprilie2009 . -inspector protectia munciinivel mediu - studii superioarecostul cursului este de600 ron cu incepere din01 aprilie2009 - inspector resurse umane costul cursului este de 250 ron cu incepere din17 februarie 2009. In urma sustinerii examenului final se obtine un Certificat de absolvire eliberat de Ministerul Muncii Familiei si Egalitatii de Sanse,si Ministerul Educatiei, Cercetarii si Tineretului recunoscut pe piata muncii. Daca vreti sa profitati de oportunitatile ce pot aparea apasati aici: SUBSCRIBE; daca nu, apasa aici: UNSUBSCRIBE .. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits