Author: joeyh
Date: 2009-01-06 21:14:12 +0000 (Tue, 06 Jan 2009)
New Revision: 10872
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-01-06 15:46:27 UTC (rev 10871)
+++ data/CVE/list 2009-01-06 21:14:12 UTC (rev 10872)
@@ -1,12 +1,26 @@
+CVE-2008-5847 (Constructr CMS 3.02.5 and earlier stores passwords in cleartext
in a ...)
+ TODO: check
+CVE-2008-5846 (Six Apart Movable Type (MT) before 4.23 allows remote
authenticated ...)
+ TODO: check
+CVE-2008-5845 (Multiple cross-site scripting (XSS) vulnerabilities in Six
Apart ...)
+ TODO: check
+CVE-2008-5844 (PHP 5.2.7 contains an incorrect change to the FILTER_UNSAFE_RAW
...)
+ TODO: check
+CVE-2008-5843 (Multiple untrusted search path vulnerabilities in pdfjam allow
local ...)
+ TODO: check
+CVE-2008-5842 (Multiple cross-site scripting (XSS) vulnerabilities in
Fujitsu-Siemens ...)
+ TODO: check
+CVE-2004-2761 (The MD5 Message-Digest Algorithm is not collision resistant,
which ...)
+ TODO: check
CVE-2008-XXXX [auctex insecure temp file]
- auctex 11.83-7.3 (bug #506961)
-CVE-2008-5841
+CVE-2008-5841 (Multiple SQL injection vulnerabilities in iGaming 1.5 and
earlier ...)
NOT-FOR-US: iGaming
-CVE-2008-5840
+CVE-2008-5840 (PHP iCalendar 2.24 and earlier allows remote attackers to
bypass ...)
NOT-FOR-US: PHP iCalendar
-CVE-2008-5839
+CVE-2008-5839 (Buffer overflow in Foxmail 6.5 allows remote attackers to
execute ...)
NOT-FOR-US: Foxmail
-CVE-2008-5838
+CVE-2008-5838 (SQL injection vulnerability in search_results.php in E-Php
Scripts ...)
NOT-FOR-US: E-Php Scripts E-Shop Shopping Cart
CVE-2008-5837
RESERVED
@@ -565,8 +579,7 @@
RESERVED
CVE-2009-0023
RESERVED
-CVE-2009-0022 [samba: Potential access to "/" in setups with registry shares
enabled]
- RESERVED
+CVE-2009-0022 (Samba 3.2.0 through 3.2.6, when registry shares are enabled,
allows ...)
- samba 2:3.2.5-3
[etch] - samba <not-affected> (Only 3.2.x affected)
CVE-2009-0021
@@ -2305,7 +2318,7 @@
[etch] - kino <not-affected> (Does not ship ffmpeg)
- gstreamer0.10-ffmpeg 0.10.3-2
[etch] - gstreamer0.10-ffmpeg <not-affected> (Vulnerable code not
present)
-CVE-2008-4865 (Untrusted search path vulnerability in valgrind allows local
users to ...)
+CVE-2008-4865 (Untrusted search path vulnerability in valgrind before 3.4.0
allows ...)
- valgrind 1:3.3.1-3 (unimportant; bug #507312)
NOTE: That's hardly an issue
CVE-2008-4864 (Multiple integer overflows in imageop.c in the imageop module
in ...)
@@ -4076,7 +4089,7 @@
NOT-FOR-US: High Norm Sound Master
CVE-2008-4117 (Unspecified vulnerability in a web page in the PRM module in
Sun ...)
NOT-FOR-US: Sun Management Center (SunMC)
-CVE-2008-4116 (Heap-based buffer overflow in Apple QuickTime 7.5.5 and iTunes
8.0 ...)
+CVE-2008-4116 (Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows
remote ...)
NOT-FOR-US: Apple
CVE-2008-4201 (Heap-based buffer overflow in the decodeMP4file function ...)
- faad2 2.6.1-3.1 (bug #499899)
@@ -47255,7 +47268,7 @@
NOT-FOR-US: Interspire TrackPoint NX
CVE-2006-0209 (SQL injection vulnerability in general_functions.php in
TankLogger 2.4 ...)
NOT-FOR-US: TankLogger
-CVE-2006-0208 (Multiple cross-site scripting (XSS) vulnerabilities in PHP
5.1.1, when ...)
+CVE-2006-0208 (Multiple cross-site scripting (XSS) vulnerabilities in PHP
4.4.1 and ...)
- php5 5.1.2-1
- php4 4:4.4.2-1 (bug #354682; low)
[sarge] - php4 <no-dsa> (html_errors shouldn't be used)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
