CVE-2008-7220

NameCVE-2008-7220
DescriptionUnspecified vulnerability in Prototype JavaScript framework ...
SourceCVE (at NVD; oss-sec, OSVDB, EDB, Red Hat, Ubuntu, Gentoo, SuSE, more)
ReferencesDSA-1952-1
Debian Bugs555217, 555220, 555221, 555223, 555225, 555228, 555229, 555231, 555232, 555234, 555235, 555237, 555239, 555240, 555242, 555244, 555246, 555248, 555250, 555255, 555259, 555263, 555266, 555268, 555274, 558977
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
activeldap (PTS)squeeze1.2.2-1fixed
asterisk (PTS)squeeze, squeeze (security)1:1.6.2.9-2+squeeze12fixed
wheezy, wheezy (security)1:1.8.13.1~dfsg1-3+deb7u3fixed
jessie, sid1:11.8.1~dfsg-1fixed
auth2db (PTS)squeeze0.2.5-2+dfsg-3fixed
jessie, wheezy, sid0.2.5-2+dfsg-4fixed
chora2 (PTS)squeeze2.1.1+debian0-1fixed
ebug-http (PTS)squeeze0.31-2.1fixed
exaile (PTS)squeeze0.2.14+debian-2.3fixed
wheezy0.3.2.2-3fixed
jessie, sid3.3.2-1fixed
glpi (PTS)squeeze0.72.4-2.1fixed
wheezy0.83.31-1fixed
jessie, sid0.84.3+dfsg.1-1fixed
gollem (PTS)squeeze1.1.1+debian0-1.1fixed
hobix (PTS)squeeze0.5~svn20070319-4fixed
ingo1 (PTS)squeeze1.2.4+debian0-1fixed
jifty (PTS)squeeze0.91117+dfsg-3fixed
wheezy1.10518+dfsg-2fixed
sid1.10518+dfsg-3fixed
jquery (PTS)squeeze1.4.2-2fixed
wheezy1.7.2+dfsg-1fixed
jessie, sid1.7.2+dfsg-3fixed
jscropperui (PTS)squeeze1.2.1-2fixed
jessie, wheezy, sid1.2.2-1fixed
knowledgeroot (PTS)squeeze, wheezy, sid0.9.9.5-6fixed
kronolith2 (PTS)squeeze2.3.4+debian0-1fixed
libaws (PTS)squeeze2.7-4fixed
jessie, wheezy, sid2.10.2-4fixed
libhtml-prototype-perl (PTS)squeeze, wheezy1.48-3fixed
jessie, sid1.48-4fixed
libjson-ruby (PTS)squeeze1.1.9-1fixed
lucene2 (PTS)squeeze2.9.2+ds1-1fixed
jessie, wheezy, sid2.9.4+ds1-4fixed
mediatomb (PTS)squeeze0.12.0~svn2018-6.1fixed
wheezy0.12.1-4fixed
jessie, sid0.12.1-5fixed
mt-daapd (PTS)squeeze0.9~r1696.dfsg-16fixed
op-panel (PTS)squeeze, wheezy, sid0.30~dfsg-3fixed
otrs2 (PTS)squeeze2.4.9+dfsg1-3+squeeze4fixed
squeeze (security)2.4.9+dfsg1-3+squeeze5fixed
wheezy3.1.7+dfsg1-8+deb7u3fixed
wheezy (security)3.1.7+dfsg1-8+deb7u4fixed
jessie, sid3.3.6-1fixed
passenger (PTS)squeeze2.2.11debian-2fixed
poker-network (PTS)squeeze1.7.7-3.2fixed
prototypejs (PTS)squeeze1.6.1-1fixed
wheezy1.7.0-2fixed
jessie, sid1.7.1-3fixed
rt-extension-emailcompletion (PTS)squeeze0.06-3fixed
scriptaculous (PTS)squeeze1.8.3-1fixed
jessie, wheezy, sid1.9.0-2fixed
webcit (PTS)squeeze7.83-dfsg-1fixed
wheezy8.14-dfsg-1fixed
jessie, sid8.24-dfsg-1fixed
webhelpers (PTS)squeeze1.1-1fixed
jessie, wheezy, sid1.3-4fixed
wordpress (PTS)squeeze3.6.1+dfsg-1~deb6u1fixed
squeeze (security)3.6.1+dfsg-1~deb6u3fixed
wheezy3.6.1+dfsg-1~deb7u1fixed
wheezy (security)3.6.1+dfsg-1~deb7u3fixed
jessie3.8.2+dfsg-1fixed
sid3.9+dfsg-1fixed
zabbix (PTS)squeeze (security)1:1.8.2-1squeeze4fixed
squeeze1:1.8.2-1squeeze5fixed
jessie, sid1:2.2.3+dfsg-1fixed

The information above is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
activeldapsource(unstable)1.0.9-1unimportant555263
asterisksource(unstable)1:1.6.2.0~rc3-1low555220
asterisksourceetch(not affected)
asterisksourcelenny1:1.4.21.2~dfsg-3+lenny1DSA-1952-1
auth2dbsource(unstable)0.2.5-2+dfsg-1low555217
chora2source(unstable)(not affected)
ebug-httpsource(unstable)0.31-2.1low555235
exailesource(unstable)0.2.14+debian-2.2low555244
glpisource(unstable)0.72.3-1low555228
gollemsource(unstable)(not affected)
hobixsource(unstable)0.5~svn20070319-4low555246
ingo1source(unstable)(not affected)
jiftysource(unstable)(not affected)
jquerysource(unstable)(not affected)
jscropperuisource(unstable)1.2.1-1low555255
knowledgerootsource(unstable)0.9.9.5-1low555229
knowledgerootsourcelenny(not affected)
kronolith2source(unstable)(not affected)
libawssource(unstable)2.7-1low555221
libhtml-prototype-perlsource(unstable)1.48-3low558977
libjson-rubysource(unstable)1.1.4-1low555223
libjson-rubysourcelenny1.1.2-1+lenny1
lucene2source(unstable)2.9.1+ds1-2unimportant555225
lucene2sourceetch(not affected)
mediatombsource(unstable)0.12.0~svn2018-5low555232
mt-daapdsource(unstable)0.9~r1696.dfsg-6low555231
mt-daapdsourceetch0.2.4+r1376-1.1+etch3
op-panelsource(unstable)0.30~dfsg-1low555234
otrs2source(unstable)2.3.4-6low555266
otrs2sourceetch(not affected)
otrs2sourcelenny(not affected)
passengersource(unstable)(not affected)
pixelpostsource(unstable)1.7.1-6low555248
plone3source(unstable)(unfixed)low555274
poker-networksource(unstable)1.7.6-1low555237
prototypejssource(unstable)1.6.0.2-1
qwiksource(unstable)(unfixed)low555240
rt-extension-emailcompletionsource(unstable)(not affected)
scriptaculoussource(unstable)1.8.3-1low555259
symfonysource(unstable)1.0.21-1.1low555250
webcalendarsource(unstable)1.2~b1-2low555268
webcalendarsourcelenny(not affected)
webcitsource(unstable)(not affected)
webhelperssource(unstable)0.3.4-2low555239
wesnothunknown(unstable)(not affected)
wordpresssource(unstable)2.5.0-2low555242
wordpresssourceetch(not affected)
zabbixsource(unstable)(not affected)

Notes

[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
[lenny] - asterisk <no-dsa> (Minor issue)
[etch] - libaws <no-dsa> (minor issue)
[lenny] - libaws <no-dsa> (minor issue)
[etch] - lucene2 <not-affected> (prototype.js not present)
prototype.js copy unused per #555225
[etch] - glpi <no-dsa> (minor issue)
[lenny] - glpi <no-dsa> (minor issue)
[etch] - knowledgeroot <no-dsa> (minor issue)
[lenny] - knowledgeroot <not-affected> (Vulnerable code not present)
[lenny] - mediatomb <no-dsa> (minor issue)
[lenny] - ebug-http <no-dsa> (Minor issue)
[etch] - poker-network <no-dsa> (minor issue)
[etch] - qwik <no-dsa> (minor issue)
[lenny] - qwik <no-dsa> (minor issue)
[etch] - wordpress <not-affected> (prototype.js not present)
[lenny] - exaile <no-dsa> (minor issue)
[lenny] - hobix <no-dsa> (minor issue)
[lenny] - pixelpost <no-dsa> (minor issue)
[lenny] - symfony <no-dsa> (minor issue)
[lenny] - jscropperui <no-dsa> (minor issue)
- rt-extension-emailcompletion <not-affected> (prototype.js not included in the binary package; bug #555258)
[lenny] - scriptaculous <no-dsa> (Minor issue)
Only shipped in an example
[etch] - otrs2 <not-affected> (prototype.js not present)
[lenny] - otrs2 <not-affected> (prototype.js not present)
[lenny] - webcalendar <not-affected> (prototype.js not present)
[etch] - libhtml-prototype-perl <no-dsa> (minor issue)
[lenny] - libhtml-prototype-perl <no-dsa> (minor issue)
- wesnoth <not-affected> (prototype.js not included in any of the binary packages; bug #555266)
- webcit <not-affected> (fixed since initial inclusion)
- zabbix <not-affected> (fixed since initial inclusion)
- chora2 <not-affected> (fixed since initial inclusion)
- gollem <not-affected> (fixed since initial inclusion)
- ingo1 <not-affected> (fixed since initial inclusion)
- kronolith2 <not-affected> (fixed since initial inclusion)
- jifty <not-affected> (fixed since initial inclusion)
- jquery <not-affected> (fixed since initial inclusion)
- passenger <not-affected> (fixed since initial inclusion)

Search for package or bug name: Reporting problems

Home - Testing Security Team - Debian Security - Source (SVN)