[Secure-testing-commits] r8731 - in data: CVE DTSA

nion at alioth.debian.org nion at alioth.debian.org
Thu May 8 09:12:11 UTC 2008 

Author: nion
Date: 2008-05-08 09:12:09 +0000 (Thu, 08 May 2008)
New Revision: 8731

Modified:
   data/CVE/list
   data/DTSA/list
Log:
releasing DTSA-129-1 (speex)
3 new rdesktop issues (CVE-2008-180[1-3])
cveified php printf integer overflow and added patch information
CVE-2007-6039 fixed in php5 5.2.5-1


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-05-08 09:04:16 UTC (rev 8730)
+++ data/CVE/list	2008-05-08 09:12:09 UTC (rev 8731)
@@ -1,7 +1,3 @@
-CVE-2008-XXXX [php integer overflow in printf]
-	- php5 <unfixed> 
-	NOTE: http://www.php.net/ChangeLog-5.php
-	NOTE: Needs further details
 CVE-2008-XXXX [php suboptimal seeding]
 	- php5 <unfixed> (low)
 	- php4 <unfixed> (low)	
@@ -525,12 +521,15 @@
 	RESERVED
 CVE-2008-1804
 	RESERVED
-CVE-2008-1803
+CVE-2008-1803 [rdesktop signedness error in xrealloc]
 	RESERVED
-CVE-2008-1802
+	- rdesktop <unfixed> (bug #480135)
+CVE-2008-1802 [rdesktop heap overflow via RDP redirect request]
 	RESERVED
-CVE-2008-1801
+	- rdesktop <unfixed> (bug #480134)
+CVE-2008-1801 [rdesktop heap overflow]
 	RESERVED
+	- rdesktop <unfixed> (bug #480133)
 CVE-2008-1800 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
 	NOT-FOR-US: DivXDB
 CVE-2008-1799 (Directory traversal vulnerability in thumbnails.php in sabros.us 1.75 ...)
@@ -1474,6 +1473,7 @@
 	- php5 5.2.6-1 (unimportant)
 	NOTE: http://securityreason.com/achievement_securityalert/52
 	NOTE: Only exploitable through malicious script
+	NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/formatted_print.c?r1=1.104&r2=1.105&diff_format=u
 CVE-2008-1383 (The docert function in ssl-cert.eclass, when used by src_compile or ...)
 	NOT-FOR-US: Gentoo Linux Ebuilds
 CVE-2008-1382 (libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 ...)
@@ -6208,7 +6208,7 @@
 CVE-2007-6040 (The Belkin F5D7230-4 Wireless G Router allows remote attackers to ...)
 	NOT-FOR-US: Belkin F5D7230-4 Wireless G Router
 CVE-2007-6039 (PHP 5.2.5 and earlier allows context-dependent attackers to cause a ...)
-	- php5 <unfixed> (unimportant; bug #453295)
+	- php5 5.2.5-1 (unimportant; bug #453295)
 	NOTE: Not a vulnerability per Debian PHP security policy, requires malicious
 	NOTE: script to trigger this issue
 CVE-2007-6077 (The session fixation protection mechanism in cgi_process.rb in Rails ...)

Modified: data/DTSA/list
===================================================================
--- data/DTSA/list	2008-05-08 09:04:16 UTC (rev 8730)
+++ data/DTSA/list	2008-05-08 09:12:09 UTC (rev 8731)
@@ -372,3 +372,6 @@
 [May 5th, 2008] DTSA-128-1 xine-lib - multiple vulnerabilities
 	{CVE-2008-1878 CVE-2008-1686 CVE-2008-0073}
 	[lenny] - xine-lib 1.1.10.1-2+lenny2
+[May 8th, 2008] DTSA-129-1 speex - insufficient boundary check
+	{CVE-2008-1686}
+	[lenny] - speex 1.1.12-3+lenny1

More information about the Secure-testing-commits mailing list