[Secure-testing-commits] r11205 - data/CVE
Author: thijs Date: 2009-02-13 17:13:24 + (Fri, 13 Feb 2009) New Revision: 11205 Modified: data/CVE/list Log: issue too minor for a DSA on its own, may include it in a next update Modified: data/CVE/list === --- data/CVE/list 2009-02-12 22:18:57 UTC (rev 11204) +++ data/CVE/list 2009-02-13 17:13:24 UTC (rev 11205) @@ -5874,6 +5874,7 @@ - python-dns 2.3.1-5 (bug #490217) CVE-2008-4125 (The search function in phpBB 2.x provides a search_id value that leaks ...) - phpbb2 2.0.23+repack-3 (low; bug #500086) + [etch] - phpbb2 no-dsa (Minor issue) - phpbb3 not-affected (vulnerable code not present) NOTE: this is actually a bug in the seeding by PHP, not phpBB per se, but NOTE: fixing it nonetheless as a workaround. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r11206 - data/CVE
Author: gilbert-guest Date: 2009-02-13 20:24:19 + (Fri, 13 Feb 2009) New Revision: 11206 Modified: data/CVE/list Log: adding new application launcher issues Modified: data/CVE/list === --- data/CVE/list 2009-02-13 17:13:24 UTC (rev 11205) +++ data/CVE/list 2009-02-13 20:24:19 UTC (rev 11206) @@ -1,3 +1,13 @@ +CVE-2009- [nautilus: potential exploits via application launchers] +- nautilus unfixed (medium; bug #515104) +[lenny] - nautilus unfixed +[etch] - nautilus unfixed +NOTE: need to submit a request for CVE id +CVE-2009- [konqueror: potential exploits via application launchers] +- konqueror unfixed (medium; bug #515106) +[lenny] - konqueror unfixed +[etch] - konqueror unfixed +NOTE: need to submit a request for CVE id CVE-2009- [mediawiki XSS in installer scripts] [lenny] - mediawiki 1:1.12.0-2lenny3 (low; bug #514547) NOTE: CVE id was requested on oss-sec ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r11207 - data/DSA
Author: thijs
Date: 2009-02-13 20:47:27 + (Fri, 13 Feb 2009)
New Revision: 11207
Modified:
data/DSA/list
Log:
automatic update
Modified: data/DSA/list
===
--- data/DSA/list 2009-02-13 20:24:19 UTC (rev 11206)
+++ data/DSA/list 2009-02-13 20:47:27 UTC (rev 11207)
@@ -1,3 +1,5 @@
+[13 Feb 2009] DSA-1724-1 - several vulnerabilities
+ {CVE-2008-5153 CVE-2009-0500 CVE-2009-0502}
[11 Feb 2009] DSA-1723-1 phpmyadmin - arbitrary code execution
{CVE-2008-5621 CVE-2008-5622}
[etch] - phpmyadmin 4:2.9.1.1-10
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r11208 - data/DSA
Author: thijs
Date: 2009-02-13 21:03:46 + (Fri, 13 Feb 2009)
New Revision: 11208
Modified:
data/DSA/list
Log:
version misdetected
Modified: data/DSA/list
===
--- data/DSA/list 2009-02-13 20:47:27 UTC (rev 11207)
+++ data/DSA/list 2009-02-13 21:03:46 UTC (rev 11208)
@@ -1,5 +1,6 @@
[13 Feb 2009] DSA-1724-1 - several vulnerabilities
{CVE-2008-5153 CVE-2009-0500 CVE-2009-0502}
+ [etch] - moodle 1.6.3-2+etch2
[11 Feb 2009] DSA-1723-1 phpmyadmin - arbitrary code execution
{CVE-2008-5621 CVE-2008-5622}
[etch] - phpmyadmin 4:2.9.1.1-10
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r11209 - data/CVE
Author: joeyh
Date: 2009-02-13 21:14:13 + (Fri, 13 Feb 2009)
New Revision: 11209
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2009-02-13 21:03:46 UTC (rev 11208)
+++ data/CVE/list 2009-02-13 21:14:13 UTC (rev 11209)
@@ -1,13 +1,13 @@
CVE-2009- [nautilus: potential exploits via application launchers]
-- nautilus unfixed (medium; bug #515104)
-[lenny] - nautilus unfixed
-[etch] - nautilus unfixed
-NOTE: need to submit a request for CVE id
+ - nautilus unfixed (medium; bug #515104)
+ [lenny] - nautilus unfixed
+ [etch] - nautilus unfixed
+ NOTE: need to submit a request for CVE id
CVE-2009- [konqueror: potential exploits via application launchers]
-- konqueror unfixed (medium; bug #515106)
-[lenny] - konqueror unfixed
-[etch] - konqueror unfixed
-NOTE: need to submit a request for CVE id
+ - konqueror unfixed (medium; bug #515106)
+ [lenny] - konqueror unfixed
+ [etch] - konqueror unfixed
+ NOTE: need to submit a request for CVE id
CVE-2009- [mediawiki XSS in installer scripts]
[lenny] - mediawiki 1:1.12.0-2lenny3 (low; bug #514547)
NOTE: CVE id was requested on oss-sec
@@ -96,6 +96,7 @@
CVE-2009- [tor: DoS vulnerability that could be performed by a directory
mirror]
- tor 0.2.0.34-1 (bug #514580)
CVE-2009-0502 (Cross-site scripting (XSS) vulnerability in
blocks/html/block_html.php ...)
+ {DSA-1724-1}
- moodle 1.8.2.dfsg-3 (low)
TODO: check snoopy and code copies
NOTE: MSA-09-0004
@@ -104,7 +105,7 @@
- moodle unfixed (low)
[etch] - moodle not-affected (Vulnerable code not present)
CVE-2009-0500 (Cross-site scripting (XSS) vulnerability in course/lib.php in
Moodle ...)
- {DTSA-195-1}
+ {DSA-1724-1 DTSA-195-1}
- moodle 1.8.2.dfsg-3 (low)
CVE-2009-0499 (Cross-site request forgery (CSRF) vulnerability in the forum
code in ...)
- moodle 1.8.2.dfsg-3 (low)
@@ -3497,6 +3498,7 @@
- p3nfs 5.19-1.2 (low; bug #506270)
[etch] - p3nfs no-dsa (Minor issue)
CVE-2008-5153 (spell-check-logic.cgi in Moodle 1.8.2 allows local users to
overwrite ...)
+ {DSA-1724-1}
- moodle unfixed (unimportant)
NOTE: manual editing of file is required to run the unsafe code
CVE-2008-5152 (inmail-show in mh-book 200605 allows local users to overwrite
...)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r11210 - in data: . CVE
Author: jmm-guest
Date: 2009-02-13 21:30:33 + (Fri, 13 Feb 2009)
New Revision: 11210
Modified:
data/CVE/list
data/spu-candidates.txt
Log:
- no-dsa: mailscanner, tsqllib, mikmod, sdlmixer
- remove CVEfied trac temp entry
- one tomcat issue is actually a JVM issue
- libnet-dns-perl isn't fixed DNS randomisation-wise
Modified: data/CVE/list
===
--- data/CVE/list 2009-02-13 21:14:13 UTC (rev 11209)
+++ data/CVE/list 2009-02-13 21:30:33 UTC (rev 11210)
@@ -1233,6 +1233,7 @@
NOT-FOR-US: Fedora specific issue
CVE-2009-0179 (libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly
other ...)
- libmikmod unfixed (low; bug #476339)
+ [etch] - libmikmod no-dsa (Minor issue)
CVE-2009-0178 (Unspecified vulnerability in IBM Hardware Management Console
(HMC) 7 ...)
NOT-FOR-US: IBM Hardware Management Console
CVE-2009-0177 (vmwarebase.dll, as used in the vmware-authd service (aka ...)
@@ -1262,7 +1263,9 @@
NOT-FOR-US: RealNetworks Helix
CVE-2007-6720 (libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer,
and ...)
- libmikmod unfixed (low; bug #461519)
+ [etch] - libmikmod no-dsa (Minor issue)
- sdl-mixer1.2 1.2.8-1 (low; bug #422021)
+ [etch] - sdl-mixer1.2 no-dsa (Minor issue)
CVE-2009-0173 (Unspecified vulnerability in the server in IBM DB2 9.1 before
FP6a and ...)
NOT-FOR-US: IBM DB2
CVE-2009-0172 (Unspecified vulnerability in IBM DB2 9.1 before FP6a and 9.5
before ...)
@@ -1375,7 +1378,8 @@
CVE-2009-0125 (** DISPUTED ** ...)
- libnasl unfixed (unimportant; bug #511517)
CVE-2009-0124 (The tqsl_verifyDataBlock function in openssl_cert.cpp in
American ...)
- - tqsllib 2.0-8 (bug #511509)
+ - tqsllib 2.0-8 (low; bug #511509)
+ [etch] - tqsllib no-dsa (Minor issue)
CVE-2009-0123 (Unspecified vulnerability in Apple Safari on Mac OS X 10.5 and
Windows ...)
NOT-FOR-US: Apple Safari
CVE-2009-0122 (hplip.postinst in HP Linux Imaging and Printing (HPLIP) 2.7.7
and ...)
@@ -2122,9 +2126,9 @@
CVE-2008-5648 (SQL injection vulnerability in admin/login.php in DeltaScripts
PHP ...)
NOT-FOR-US: DeltaScripts PHP Shop
CVE-2008-5647 (Unspecified vulnerability in the HTML sanitizer filter in Trac
before ...)
- - trac 0.11.1-2.1 (low; bug #509342)
+ - trac 0.11.1-2.1 (low; bug #509342; bug #505197)
CVE-2008-5646 (Unspecified vulnerability in Trac before 0.11.2 allows
attackers to ...)
- - trac 0.11.1-2.1 (low; bug #509342)
+ - trac 0.11.1-2.1 (low; bug #509342; bug #505197)
CVE-2008-5645 (Directory traversal vulnerability in the media server in Orb
Networks ...)
NOT-FOR-US: Orb Networks Orb
CVE-2008-5644 (Cross-site scripting (XSS) vulnerability in the file backend
module in ...)
@@ -3438,9 +3442,11 @@
NOTE: http://securityreason.com/achievement_securityalert/57
CVE-2008-5312 (mailscanner 4.55.10 and other versions before 4.74.16-1 might
allow ...)
- mailscanner 4.74.16-1 (bug #506353)
+ [etch] - mailscanner no-dsa (Minor issue)
NOTE: there is no difference apart from the versions to CVE-2008-5313
CVE-2008-5313 (mailscanner 4.68.8 and other versions before 4.74.16-1 might
allow ...)
- mailscanner 4.74.16-1 (bug #506353)
+ [etch] - mailscanner no-dsa (Minor issue)
NOTE: there is no difference apart from the versions to CVE-2008-5312
CVE-2008-5175 (Directory traversal vulnerability in the FTP client in AceFTP
Freeware ...)
NOT-FOR-US: AceFTP
@@ -3889,8 +3895,6 @@
{DSA-1687-1 DSA-1681-1}
- linux-2.6 2.6.26-11
- linux-2.6.24 2.6.24-6~etchnhalf.7
-CVE-2008- [Trac Multiple Vulnerabilities]
- - trac 0.11.1-2.1 (bug #505197)
CVE-2008-5008 (Buffer overflow in src/src_sinc.c in Secret Rabbit Code (aka
SRC or ...)
- libsamplerate 0.1.4-1
CVE-2008-5006 (smtp.c in the c-client library in University of Washington IMAP
...)
@@ -7860,8 +7864,6 @@
NOT-FOR-US: IntelliTamper
CVE-2008-3359 (SQL injection vulnerability in register.php in Steve Bourgeois
and ...)
- owl-dms 0.95-1.1 (bug #493372)
- NOTE: Hardly maintained and very few users, long standing sec issues in
Etch,
- NOTE: Emailed release team to ask for removal from lenny
CVE-2008-3358 (Cross-site scripting (XSS) vulnerability in Web Dynpro (WD) in
the SAP ...)
NOT-FOR-US: SAP NetWeaver portal
CVE-2008-3357 (Untrusted search path vulnerability in ingvalidpw in Ingres
2.6, ...)
@@ -8822,7 +8824,9 @@
[etch] - apache2 2.2.3-4+etch6
- apache not-affected (vulnerable code not present)
CVE-2008-2938 (Directory traversal vulnerability in Apache Tomcat 4.1.0
through ...)
- - tomcat5.5 5.5.26-5 (low; bug #496309)
+ NOTE: This is an issue in the respective JVMs, Tomcat only includes a
workaround
+ NOTE: Check status of free JVMs
+ - tomcat5.5
[Secure-testing-commits] r11211 - data/CVE
Author: jmm-guest Date: 2009-02-13 21:40:44 + (Fri, 13 Feb 2009) New Revision: 11211 Modified: data/CVE/list Log: - fix srcpkg name for konqueror - adjust severities - unfixed state is implicit for released suites Modified: data/CVE/list === --- data/CVE/list 2009-02-13 21:30:33 UTC (rev 11210) +++ data/CVE/list 2009-02-13 21:40:44 UTC (rev 11211) @@ -1,12 +1,8 @@ CVE-2009- [nautilus: potential exploits via application launchers] - - nautilus unfixed (medium; bug #515104) - [lenny] - nautilus unfixed - [etch] - nautilus unfixed + - nautilus unfixed (low; bug #515104) NOTE: need to submit a request for CVE id CVE-2009- [konqueror: potential exploits via application launchers] - - konqueror unfixed (medium; bug #515106) - [lenny] - konqueror unfixed - [etch] - konqueror unfixed + - kdebase unfixed (low; bug #515106) NOTE: need to submit a request for CVE id CVE-2009- [mediawiki XSS in installer scripts] [lenny] - mediawiki 1:1.12.0-2lenny3 (low; bug #514547) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] util
Title: util Evrika Group - cursuri de perfectionare : - contabilitate costul cursului este de 300 ron cu incepere din23februarie 2009. -expert fiscal costul cursului este de 1000 ron cu incepere in04 martie 2009. -inspector protectia muncii studii medii costul cursului este de 300 ron cu incepere din01 aprilie2009 . -inspector protectia munciinivel mediu - studii superioarecostul cursului este de600 ron cu incepere din01 aprilie2009 - inspector resurse umane costul cursului este de 250 ron cu incepere din17 februarie 2009. In urma sustinerii examenului final se obtine un Certificat de absolvire eliberat de Ministerul Muncii Familiei si Egalitatii de Sanse,si Ministerul Educatiei, Cercetarii si Tineretului recunoscut pe piata muncii. Daca vreti sa profitati de oportunitatile ce pot aparea apasati aici: SUBSCRIBE; daca nu, apasa aici: UNSUBSCRIBE .. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
