[Secure-testing-commits] r11028 - data/CVE

Fri, 23 Jan 2009 03:16:16 -0800 

Author: jmm-guest
Date: 2009-01-23 11:16:07 +0000 (Fri, 23 Jan 2009)
New Revision: 11028

Modified:
   data/CVE/list
Log:
- typo3 CVEfied
- fix incorrect use of not-affected in websvn commit, the fixed
  version for unstable also implicitly applies for etch


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2009-01-23 03:10:29 UTC (rev 11027)
+++ data/CVE/list       2009-01-23 11:16:07 UTC (rev 11028)
@@ -58,10 +58,14 @@
        NOT-FOR-US: Cant Find A Gaming CMS
 CVE-2008-5921 (SQL injection vulnerability in albums.php in Umer Inc Songs 
Portal ...)
        NOT-FOR-US: Umer Inc Songs Portal
-CVE-2009-XXXX [multiple security issues in typo3-src]
-       - typo3-src 4.2.4-1 (medium)
-       NOTE: 
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/
-       NOTE: CVE ids requested on oss-sec
+CVE-2009-0255 [typo3: install tool]
+       - typo3-src 4.2.4-1
+CVE-2009-0256 [typo3: session fixation]
+       - typo3-src 4.2.4-1
+CVE-2009-0257 [typo3: XSS]
+       - typo3-src 4.2.4-1
+CVE-2009-0258 [typo3: serch index]
+       - typo3-src 4.2.4-1
 CVE-2009-0242 (Ganglia 3.1.1 allows remote attackers to cause a denial of 
service via ...)
        - ganglia-monitor-core <unfixed> (low; bug #512637)
 CVE-2009-0241 (Stack-based buffer overflow in the process_path function in ...)
@@ -202,8 +206,7 @@
 CVE-2009-0174 (Stack-based buffer overflow in VUPlayer 2.49 allows remote 
attackers ...)
        NOT-FOR-US: VUPlayer
 CVE-2008-5920 (The create_anchors function in utils.inc in WebSVN 1.x allows 
remote ...)
-       - websvn <not-affected>
-       [etch] - websvn 1.61-21 (bug #503330)
+       - websvn 1.61-21 (bug #503330)
 CVE-2008-5917 (Cross-site scripting (XSS) vulnerability in the XSS filter ...)
        - horde3 <unfixed> (bug #512592)
 CVE-2008-5916 (gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 
1.5.6.x ...)
@@ -1765,7 +1768,7 @@
 CVE-2008-5381 (Buffer overflow in the URL processing in ffdshow (aka 
ffdshow-tryout) ...)
        NOT-FOR-US: ffdshow
 CVE-2008-5380 (gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to 
overwrite ...)
-       - gpsdrive <not-affected> (geo-nearest not shipped, geo-code already 
fixed)
+       - gpsdrive 2.10~pre4-6.dfsg-2 (low)
        [etch] - gpsdrive <no-dsa> (Minor issue)
 CVE-2008-5379 (netdisco-mibs-installer 1.0 allows local users to overwrite 
arbitrary ...)
        - netdisco-mibs-installer (low; bug #508940)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to