[Secure-testing-commits] r2082 - in data: CAN DSA

Joey Hess joeyh at costa.debian.org
Thu Sep 22 10:23:38 UTC 2005 

Author: joeyh
Date: 2005-09-22 10:23:34 +0000 (Thu, 22 Sep 2005)
New Revision: 2082

Modified:
   data/CAN/list
   data/DSA/list
Log:
added some missing severities
(ruby safe levels are similar to a combination of perl tainting and
Safe.pm; exploitation would depend on a particular ruby script)


Modified: data/CAN/list
===================================================================
--- data/CAN/list	2005-09-22 10:13:07 UTC (rev 2081)
+++ data/CAN/list	2005-09-22 10:23:34 UTC (rev 2082)
@@ -3,9 +3,9 @@
 CAN-2005-XXXX [Firefox passes URLs with backticks from external programs to the shell]
 	- mozilla-firefox not-affected (Debian ships a non-vulnerable wrapper script)
 CAN-2005-XXXX [Incorrect handling of "safe levels" in Ruby]
-	- ruby1.6 1.6.8-13 (unknown)
-	- ruby1.8 1.8.3-1 (unknown)
-	- ruby1.9 1.9.0+20050921-1 (unknown)
+	- ruby1.6 1.6.8-13 (medium)
+	- ruby1.8 1.8.3-1 (medium)
+	- ruby1.9 1.9.0+20050921-1 (medium)
 CAN-2005-XXXX [Insecure temp files in bacula]
 	- bacula (bug #329271; low)
 CAN-2005-XXXX [freeradius buffer overflows and SQL injection]
@@ -749,7 +749,7 @@
 	NOTE: reserved
 CAN-2005-2658 (Buffer overflow in utility.cpp in Turquoise SuperStat (turqstat) 2.2.4 ...)
 	{DSA-812-1}
-	- turqstat 2.2.4-1 (unknown)
+	- turqstat 2.2.4-1 (medium)
 CAN-2005-2657 (Unknown vulnerability in common-lisp-controller 4.18 and earlier ...)
 	{DSA-811-1}
 CAN-2005-2656 (Polygen before 1.0.6 generates precompiled grammar objects with ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2005-09-22 10:13:07 UTC (rev 2081)
+++ data/DSA/list	2005-09-22 10:23:34 UTC (rev 2082)
@@ -1,6 +1,6 @@
 [22 Sep 2005] DSA-817-1 python2.2 - integer overflow
 	{ CAN-2005-2491 }
-	- python2.2 2.2.3dfsg-4
+	- python2.2 2.2.3dfsg-4 (medium)
 	NOTE: not fixed in testing at time of DSA (waiting on gmp)
 [19 Sep 2005] DSA-816-1 xfree86 - integer overflow
 	{ CAN-2005-2495 }
@@ -8,7 +8,7 @@
 	NOTE: fixed in testing at time of DSA
 [16 Sep 2005] DSA-815-1 kdebase - programming error
 	{ CAN-2005-2494 }
-	- kdebase 4:3.4.2-3
+	- kdebase 4:3.4.2-3 (medium)
 	NOTE: not fixed in testing at time of DSA (not even fixed in unstable)
 [15 Sep 2005] DSA-814-1 lm-sensors - insecure temporary file
 	{ CAN-2005-2672 }

More information about the Secure-testing-commits mailing list