[Secure-testing-commits] r8602 - data/CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Wed Apr 23 19:08:33 UTC 2008
Author: jmm-guest
Date: 2008-04-23 19:08:32 +0000 (Wed, 23 Apr 2008)
New Revision: 8602
Modified:
data/CVE/list
Log:
two m4 issues are non-issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-04-23 18:07:16 UTC (rev 8601)
+++ data/CVE/list 2008-04-23 19:08:32 UTC (rev 8602)
@@ -492,9 +492,13 @@
CVE-2008-1689 (Stack consumption vulnerability in WebContainer.exe 1.0.0.336 and ...)
NOT-FOR-US: SLMail Pro
CVE-2008-1688 (Unspecified vulnerability in GNU m4 before 1.4.11 might allow ...)
- - m4 <unfixed> (low)
+ - m4 <unfixed> (unimportant)
+ NOTE: The file name is passed through a cmdline argument and m4 doesn't run with
+ NOTE: elevated privileges.
CVE-2008-1687 (The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before ...)
- - m4 <unfixed> (low)
+ - m4 <unfixed> (unimportant)
+ NOTE: This is more a generic bug and not a security issue: the random output would
+ NOTE: need to match the name of an existing macro
CVE-2008-1686 (Array index vulnerability in Speex 1.1.12 and earlier, as used in ...)
- speex 1.2~beta2-1 (medium)
- libfishsound 0.7.0-2.2 (medium; bug #475152)
More information about the Secure-testing-commits
mailing list