[Secure-testing-commits] r8595 - data/CVE
nion at alioth.debian.org
nion at alioth.debian.org
Tue Apr 22 11:17:09 UTC 2008
Author: nion
Date: 2008-04-22 11:17:08 +0000 (Tue, 22 Apr 2008)
New Revision: 8595
Modified:
data/CVE/list
Log:
aptlinex cveified
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-04-22 09:14:13 UTC (rev 8594)
+++ data/CVE/list 2008-04-22 11:17:08 UTC (rev 8595)
@@ -23,9 +23,11 @@
CVE-2008-1903 (PHP remote file inclusion vulnerability in news_show.php in Newanz ...)
TODO: check
CVE-2008-1902 (The GUI for aptlinex before 0.91 does not sufficiently warn the user ...)
- TODO: check
+ - aptlinex 0.91-1 (low; bug #476572)
+ NOTE: the user gets a confirmation dialog
CVE-2008-1901 (aptlinex before 0.91 allows local users to overwrite arbitrary files ...)
- TODO: check
+ - aptlinex 0.91-1 (medium; bug #476588)
+ NOTE: code execution via /tmp/gambas-apt-exec is also possible, maintainer confirmed this
CVE-2008-1900 (option_Update.asp in Carbon Communities 2.4 and earlier allows remote ...)
TODO: check
CVE-2008-1899
@@ -165,14 +167,6 @@
- dbmail 2.2.9
CVE-2008-1878 (Stack-based buffer overflow in the demux_nsf_send_chunk function in ...)
- xine-lib <unfixed> (medium; bug #476990)
-CVE-2008-XXXX [insecure tmp file handling in aptlinex]
- - aptlinex 0.91-1 (medium; bug #476588)
- NOTE: code execution via /tmp/gambas-apt-exec is also possible, maintainer confirmed this
- NOTE: CVE id requested
-CVE-2008-XXXX [remove/install packages via crafted links or run]
- - aptlinex 0.91-1 (low; bug #476572)
- NOTE: the user gets a confirmation dialog
- NOTE: CVE id requested
CVE-2008-1831 (Multiple unspecified vulnerabilities in the Siebel SimBuilder ...)
NOT-FOR-US: Oracle Siebel Enterprise
CVE-2008-1830 (Unspecified vulnerability in the PeopleSoft HCM ePerformance component ...)
More information about the Secure-testing-commits
mailing list