Author: nion
Date: 2009-04-06 17:28:18 +0000 (Mon, 06 Apr 2009)
New Revision: 11570
Modified:
data/CVE/list
Log:
- NFU
- CVE-2008-654{8,9} fixed in moin 1.6.2-1
- CVE-2008-653{2,3} fixed in drupal6/drupal5 6.9-1/5.14-1
- CVE-2009-0364 fixed in webcit 7.38b-dfsg-2
- new multipath-tools issue (CVE-2009-0115)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-04-06 16:40:24 UTC (rev 11569)
+++ data/CVE/list 2009-04-06 17:28:18 UTC (rev 11570)
@@ -380,9 +380,9 @@
CVE-2008-6550 (Cross-site scripting (XSS) vulnerability in glossaire.php in
Glossaire ...)
NOT-FOR-US: Glossaire
CVE-2008-6549 (The password_checker function in config/multiconfig.py in
MoinMoin ...)
- TODO: check
+ - moin 1.6.2-1 (low)
CVE-2008-6548 (The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not
check ...)
- TODO: check
+ - moin 1.6.2-1 (low)
CVE-2008-6547 (schema.py in FormEncode for Python (python-formencode) 1.0 does
not ...)
- python-formencode 1.0.1-1
[etch] - python-formencode <not-affected> (Vulnerable code was
introduced in 1.0)
@@ -413,9 +413,11 @@
CVE-2008-6534 (Incomplete blacklist vulnerability in NULL FTP Server Free and
Pro ...)
NOT-FOR-US: NULL FTP Server
CVE-2008-6533 (Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all
related ...)
- TODO: check
+ - drupal5 5.14-1 (low)
+ - drupal6 6.9-1 (low)
CVE-2008-6532 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
- TODO: check
+ - drupal5 5.14-1 (low)
+ - drupal6 6.9-1 (low)
CVE-2008-6531 (The WebWork 1 web application framework in Atlassian JIRA
before ...)
NOT-FOR-US: Atlassian JIRA
CVE-2008-6530 (Unrestricted file upload vulnerability in editimage.php in ...)
@@ -3253,7 +3255,7 @@
- network-manager 0.7.0.99-1 (medium)
CVE-2009-0364 (Format string vulnerability in the mini_calendar component in
...)
{DSA-1752-1}
- TODO: check
+ - webcit 7.38b-dfsg-2 (low)
CVE-2009-0363 (Multiple buffer overflows in (a) BarnOwl before 1.0.5 and (b)
owl ...)
{DTSA-197-1}
- barnowl 1.0.5-1
@@ -3845,7 +3847,7 @@
CVE-2009-0194
RESERVED
CVE-2009-0193 (Heap-based buffer overflow in Adobe Acrobat Reader 9 before
9.1, 8 ...)
- TODO: check
+ NOT-FOR-US: Adobe Acrobat Reader
CVE-2009-0192
RESERVED
CVE-2009-0191 (Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506,
...)
@@ -4063,7 +4065,7 @@
CVE-2009-0116
RESERVED
CVE-2009-0115 (multipath-tools in SUSE openSUSE 10.3 through 11.0 and SUSE
Linux ...)
- TODO: check
+ - multipath-tools <unfixed> (low; bug #522813)
CVE-2008-5901 (iyzi Forum 1.0 beta 3 stores sensitive information under the
web root ...)
NOT-FOR-US: iyzi Forum
CVE-2008-5900 (CodeAvalanche Articles stores sensitive information under the
web root ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
