[Secure-testing-commits] r10778 - data/CVE
white at alioth.debian.org
white at alioth.debian.org
Mon Dec 22 20:23:51 UTC 2008
Author: white
Date: 2008-12-22 20:23:50 +0000 (Mon, 22 Dec 2008)
New Revision: 10778
Modified:
data/CVE/list
Log:
muttprint/ppp temp file issues, one non-issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-12-22 17:20:46 UTC (rev 10777)
+++ data/CVE/list 2008-12-22 20:23:50 UTC (rev 10778)
@@ -756,11 +756,13 @@
NOTE: script if it is used to debug with strace and a missing check for mkstemp failing
NOTE: but these situations are really corner cases
CVE-2008-5368 (muttprint in muttprint 0.72d allows local users to overwrite arbitrary ...)
- TODO: check
+ - muttprint <unfixed> (low; bug #509487)
+ [etch] - muttprint <no-dsa> (Minor issue)
CVE-2008-5367 (ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to ...)
- TODO: check
+ - ppp <unfixed> (unimportant)
+ NOTE: insecure temp file handling in udeb is not an issue, since it is during the installation
CVE-2008-5366 (The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local ...)
- TODO: check
+ - ppp <unfixed> (low; bug #509488)
CVE-2008-5365 (SQL injection vulnerability in VoteHistory.asp in ActiveWebSoftwares ...)
NOT-FOR-US: ActiveWebSoftwares
CVE-2008-5364 (Stack-based buffer overflow in the getPlus ActiveX control in gp.ocx ...)
More information about the Secure-testing-commits
mailing list