[Secure-testing-commits] r8467 - in data: . CVE

devin-guest at alioth.debian.org devin-guest at alioth.debian.org
Wed Apr 2 04:37:35 UTC 2008 

Author: devin-guest
Date: 2008-04-02 04:37:33 +0000 (Wed, 02 Apr 2008)
New Revision: 8467

Modified:
   data/CVE/list
   data/README
Log:
etch not vulnerable to filename buffer overrun.  Expand documentation on
formatting of these lines.


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-04-01 22:07:34 UTC (rev 8466)
+++ data/CVE/list	2008-04-02 04:37:33 UTC (rev 8467)
@@ -15589,8 +15589,9 @@
 	[etch] - mixmaster 3.0b2-4.etch1
 	[sarge] - mixmaster <not-affected> (Code generation in Sarge pads over this)
 CVE-2007-XXXX [heap-based buffer overflow in git-blame with long file names]
+	[etch] - git-core <not-affected> (1.4.4.4 tagged 2007-1-8, bug introduced 2007-1-30)
 	- git-core 1:1.5.1.2-1 (low)
-	NOTE: http://git.kernel.org/?p=git/git.git;a=commit;h=1bb88be99e4fdedcd5cc5292c11b566a00028deb
+	NOTE: http://git.kernel.org/?p=git/git.git;a=commit;h=1bb88be99e4fdedcd5cc5292c11b566a00028deb, http://git.kernel.org/?p=git/git.git;a=commitdiff;h=1cfe77333f274c9ba9879c2eb61057a790eb050f, http://git.kernel.org/?p=git/git.git;a=tag;h=ae9ced19800491a5d80de5ee36bc07d68868a4dd
 CVE-2007-2138 (Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x ...)
 	{DSA-1311-1 DSA-1309-1}
 	- postgresql-8.2 8.2.4-1

Modified: data/README
===================================================================
--- data/README	2008-04-01 22:07:34 UTC (rev 8466)
+++ data/README	2008-04-02 04:37:33 UTC (rev 8467)
@@ -41,7 +41,9 @@
 	use "<not-affected>" as the version. If the problem only affects
 	shipped releases, for which the stable security team provides
 	security support and the affected package has meanwhile been removed
-	from the archive use "<removed>" as the version.
+	from the archive use "<removed>" as the version.  If the problem
+	affects a particular release, prepend "[release]" before the
+	"- package" to reflect as much.
 
 	The notes can be freeform, but some are understood by the tools,
 	including "bug #nnnnn", "bug filed", and "high",

More information about the Secure-testing-commits mailing list