Author: jmm-guest
Date: 2008-10-13 15:57:41 +0000 (Mon, 13 Oct 2008)
New Revision: 10072
Modified:
data/CVE/list
Log:
- mediawiki fixed
- wims fixed
- jasper fixed
- pidgin fixed
- remaining plone issues are against "best practices" and won't be fixed by
upstream
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-10-13 15:50:08 UTC (rev 10071)
+++ data/CVE/list 2008-10-13 15:57:41 UTC (rev 10072)
@@ -256,7 +256,7 @@
CVE-2008-4402 (Multiple buffer overflows in CGI modules in the server in Trend
Micro ...)
NOT-FOR-US: Trend Micro OfficeScan
CVE-2008-4408 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1,
1.12.0, ...)
- - mediawiki <unfixed> (low; bug #501115)
+ - mediawiki 1:1.13.2-1 (low; bug #501115)
CVE-2008-4475 (ibackup 2.27 allows local users to overwrite arbitrary files
via a ...)
- ibackup <removed> (low; bug #496432)
[etch] - ibackup <no-dsa> (Minor issues)
@@ -306,7 +306,7 @@
- konwert 1.8-11.2 (low; bug #496379)
[etch] - konwert <no-dsa> (Minor issue)
CVE-2008-XXXX [wims: insecure temp file]
- - wims <unfixed> (low; bug #496387)
+ - wims 3.62-13.1 (low; bug #496387)
[etch] - wims <no-dsa> (Minor issue)
CVE-2008-4474 (freeradius-dialupadmin in freeradius 2.0.4 allows local users
to ...)
- freeradius 2.0.4+dfsg-6 (low; bug #496389)
@@ -2499,17 +2499,17 @@
CVE-2008-3523
RESERVED
CVE-2008-3522 (Buffer overflow in the jas_stream_printf function in ...)
- - jasper <unfixed> (medium; bug #501021)
+ - jasper 1.900.1-5.1 (medium; bug #501021)
CVE-2008-3521 (The jas_stream_tmpfile function in libjasper/base/jas_stream.c
in ...)
- - jasper <unfixed> (unimportant; bug #501021)
+ - jasper 1.900.1-5.1 (unimportant; bug #501021)
NOTE: file is opened with O_EXCL even if tmpnam is used in this case
CVE-2008-3520 (Multiple integer overflows in JasPer 1.900.1 might allow ...)
- - jasper <unfixed> (medium; bug #501021)
+ - jasper 1.900.1-5.1 (medium; bug #501021)
CVE-2008-3519 (The default configuration of the JBossAs component in Red Hat
JBoss ...)
- jbossas4 <not-affected> (configuration not yet included in Debian
package)
CVE-2008-3518
RESERVED
-CVE-2008-3517 [rejected]
+CVE-2008-3517
RESERVED
CVE-2008-3516 (Multiple cross-site scripting (XSS) vulnerabilities in files
generated ...)
NOT-FOR-US: Adobe Presenter
@@ -4046,7 +4046,7 @@
NOTE: gaim is now a transitional package depending on pidgin with its
own source package
NOTE: jabber servers should not forward malformed XML
CVE-2008-2957 (The UPnP functionality in Pidgin 2.0.0, and possibly other
versions, ...)
- - pidgin <unfixed> (low; bug #488632)
+ - pidgin 2.4.3-4 (low; bug #488632)
- gaim 1:2.0.0+fake.1
NOTE: gaim is now a transitional package depending on pidgin with its
own source package
NOTE: probably only a bandwidth issue
@@ -7390,13 +7390,16 @@
NOT-FOR-US: Check Point VPN
CVE-2008-1396 (Plone CMS 3.x uses invariant data (a client username and a
server ...)
- plone3 <unfixed> (low; bug #473571)
+ [lenny] - plone3 <no-dsa> (Only an issue if not following best
practices, see bug #473571)
CVE-2008-1395 (Plone CMS does not record users' authentication states, and
implements ...)
- plone3 <unfixed> (low; bug #473571)
+ [lenny] - plone3 <no-dsa> (Only an issue if not following best
practices, see bug #473571)
CVE-2008-1394 (Plone CMS before 3 places a base64 encoded form of the username
and ...)
- zope-cmfplone <removed>
NOTE: doesn't apply to v3
CVE-2008-1393 (Plone CMS 3.0.5, and probably other 3.x versions, places a
base64 ...)
- plone3 <unfixed> (low; bug #473571)
+ [lenny] - plone3 <no-dsa> (Only an issue if not following best
practices, see bug #473571)
CVE-2008-1392 (The default configuration of VMware Workstation 6.0.2, VMware
Player ...)
- vmware-package <unfixed> (low; bug #486177)
[etch] - vmware-package <no-dsa> (Contrib not supported)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
