[Secure-testing-commits] r9607 - data/CVE

thijs at alioth.debian.org thijs at alioth.debian.org
Tue Aug 19 06:03:55 UTC 2008


Author: thijs
Date: 2008-08-19 06:03:54 +0000 (Tue, 19 Aug 2008)
New Revision: 9607

Modified:
   data/CVE/list
Log:
postfix mailbox ownership issue also fixed in sid, is more like extra hardening
than a direct vulnerability


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-08-18 21:14:09 UTC (rev 9606)
+++ data/CVE/list	2008-08-19 06:03:54 UTC (rev 9607)
@@ -305,20 +305,17 @@
 	RESERVED
 CVE-2008-3523
 	RESERVED
-CVE-2008-3522 [jasper - buffer overflow]
+CVE-2008-3522
 	RESERVED
-	- jasper <unfixed>
-CVE-2008-3521 [jasper - tmp race]
+CVE-2008-3521
 	RESERVED
-	- jasper <unfixed> (low)
-CVE-2008-3520 [jasper - various potential integer overflows]
+CVE-2008-3520
 	RESERVED
-	- jasper <unfixed>
 CVE-2008-3519
 	RESERVED
 CVE-2008-3518
 	RESERVED
-CVE-2008-3517 [rejected libjasper issue]
+CVE-2008-3517
 	RESERVED
 CVE-2008-3516 (Multiple cross-site scripting (XSS) vulnerabilities in files generated ...)
 	NOT-FOR-US: Adobe Presenter
@@ -1584,9 +1581,11 @@
 	- apache <not-affected> (vulnerable code not present)
 CVE-2008-2938 (Directory traversal vulnerability in Apache Tomcat 6.0.0 through ...)
 	TODO: check
-CVE-2008-2937
+CVE-2008-2937 [postfix delivers to mailbox that is not owned by the recipient]
 	RESERVED
 	{DTSA-155-1}
+	- postfix 2.5.4-1 (low)
+	[etch] - postfix <no-dsa> (minor issue)
 CVE-2008-2936 [postfix hardlink to symlink priv esc]
 	RESERVED
 	{DSA-1629-1 DTSA-155-1}




More information about the Secure-testing-commits mailing list