diff options
| author | Joey Hess <joeyh@debian.org> | 2008-12-22 09:14:11 +0000 |
|---|---|---|
| committer | Joey Hess <joeyh@debian.org> | 2008-12-22 09:14:11 +0000 |
| commit | b0ad676f0ae0a8dc93affa03bc7894b2a9564017 (patch) | |
| tree | 4cc42dc302942d7cbb35620fb33b02fb0339cce2 | |
| parent | d6a2efbd81a6b4b7bfa59629496ec33c30e87d99 (diff) | |
automatic update
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@10775 e39458fd-73e7-0310-bf30-c45bca0a0e42
| -rw-r--r-- | data/CVE/list | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/data/CVE/list b/data/CVE/list index fa4c718548..4e30792dc2 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -617,6 +617,7 @@ CVE-2008-5434 (Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 all CVE-2008-5433 (Cross-site scripting (XSS) vulnerability in login.php in PunBB 1.3 and ...) NOT-FOR-US: PunBB CVE-2008-5432 (Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 ...) + {DSA-1691-1} - moodle 1.8.2.dfsg-1 (bug #508593) CVE-2008-5431 (Teamtek Universal FTP Server 1.0.44 allows remote attackers to cause a ...) NOT-FOR-US: Teamtek Universal FTP Server @@ -1429,6 +1430,7 @@ CVE-2008-5083 CVE-2008-5082 RESERVED CVE-2008-5081 (The originates_from_local_legacy_unicast_socket function ...) + {DSA-1690-1} - avahi 0.6.23-3 (bug #508700; low) CVE-2008-5080 (awstats.pl in AWStats 6.8 and earlier does not properly remove quote ...) {DSA-1679-1} @@ -2004,11 +2006,13 @@ CVE-2008-4813 (Adobe Reader and Acrobat 8.1.2 and earlier allow remote attackers CVE-2008-4812 (Array index error in Adobe Reader and Acrobat, and the Explorer ...) NOT-FOR-US: Adobe Reader Explorer extension CVE-2008-4811 (The _expand_quoted_text function in libs/Smarty_Compiler.class.php in ...) + {DSA-1691-1} - smarty <unfixed> (bug #504328) - moodle 1.8.2-2 (bug #504345) [etch] - gallery2 <unfixed> NOTE: This attack vector is *not* fixed in r2797 CVE-2008-4810 (The _expand_quoted_text function in libs/Smarty_Compiler.class.php in ...) + {DSA-1691-1} - smarty <unfixed> (bug #504328) - moodle 1.8.2-2 (bug #504345) [etch] - gallery2 <unfixed> @@ -2063,6 +2067,7 @@ CVE-2008-4798 (The loadModule function in lib/WebGUI/Asset.pm in WebGUI before 7 CVE-2008-4797 (Directory traversal vulnerability in Arihiro Kurata Kantan WEB Server ...) NOT-FOR-US: Arihiro Kurata Kantan WEB Server CVE-2008-4796 (The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 ...) + {DSA-1691-1} - libphp-snoopy 1.2.4-1 (bug #504168; medium) - ampache 3.4.1-2 (bug #504169) - mahara 1.0.5-2 (bug #504170) @@ -5967,9 +5972,11 @@ CVE-2008-3330 (Cross-site scripting (XSS) vulnerability in ...) [etch] - turba2 <not-affected> (only version 2.2 contains vulnerable code, etch has 2.1) [etch] - horde3 <no-dsa> (Minor issue) CVE-2008-3325 (Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before ...) + {DSA-1691-1} - moodle 1.8.1-1 (low) NOTE: http://moodle.org/mod/forum/discuss.php?d=101405 CVE-2008-3326 (Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle ...) + {DSA-1691-1} - moodle 1.8.2-2 (low; bug #492492) NOTE: http://moodle.org/mod/forum/discuss.php?d=101401 CVE-2008-3327 (Moodle 1.6.5, when display_errors is enabled, allows remote attackers ...) @@ -10195,6 +10202,7 @@ CVE-2008-1476 (Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) bef - serendipity 1.3-1 NOTE: http://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.html CVE-2008-1502 (The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in ...) + {DSA-1691-1} - egroupware 1.4.002.dfsg-2.1 (bug #471839) - wordpress 2.5.0-1 (bug #504243) - moodle 1.8.2-1.3 (bug #489533) @@ -22013,6 +22021,7 @@ CVE-2007-3557 (SQL injection vulnerability in admin/login.php in Wheatblog (wB) CVE-2007-3556 (Liesbeth base CMS stores sensitive information under the web root with ...) NOT-FOR-US: Liesbeth CVE-2007-3555 (Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 ...) + {DSA-1691-1} - moodle 1.8.2-1 (low; bug #432264) CVE-2007-3554 (Stack-based buffer overflow in the HPSDDX Class (SDD) ActiveX control ...) NOT-FOR-US: HP @@ -22533,6 +22542,7 @@ CVE-2007-3393 (Off-by-one error in the DHCP/BOOTP dissector in Wireshark before - wireshark 0.99.6pre1-1 - ethereal <not-affected> (Vulnerable code not present) CVE-2007-3372 (The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a ...) + {DSA-1690-1} - avahi 0.6.20-2 (low) [etch] - avahi <no-dsa> (Minor issue, only affects local users) CVE-2007-3371 (PHP remote file inclusion vulnerability in ...) |