[Secure-testing-commits] r8758 - data/CVE
nion at alioth.debian.org
nion at alioth.debian.org
Fri May 9 14:35:43 UTC 2008
Author: nion
Date: 2008-05-09 14:35:42 +0000 (Fri, 09 May 2008)
New Revision: 8758
Modified:
data/CVE/list
Log:
CVE-2008-1964 does not affect Debian
new linux-2.6 issue (CVE-2008-1675)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-05-09 11:58:40 UTC (rev 8757)
+++ data/CVE/list 2008-05-09 14:35:42 UTC (rev 8758)
@@ -306,7 +306,9 @@
CVE-2008-1965 (Argument injection vulnerability in the cai: URI handler in ...)
NOT-FOR-US: Lotus Expeditor
CVE-2008-1964 (** DISPUTED ** ...)
- TODO: check
+ - xine-lib <not-affected> (nsf support disabled by maintainer)
+ NOTE: xine-lib (1.1.12) uses strndup to allocate the needed memory and limits it to 32 bytes
+ NOTE: while copyright is 100 bytes long (+ padding for chunks)
CVE-2008-1963 (PHP remote file inclusion vulnerability in includes/functions.php in ...)
NOT-FOR-US: Quate Grape Web Statistics
CVE-2008-1962 (Multiple directory traversal vulnerabilities in Aterr 0.9.1 allow ...)
@@ -962,7 +964,8 @@
CVE-2008-1676
RESERVED
CVE-2008-1675 (The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux ...)
- TODO: check
+ - linux-2.6 <unfixed>
+ NOTE: the cve id description states that 2.6.25 is fixed, this is wrong, it's fixed in 2.6.25.1
CVE-2008-1674
RESERVED
CVE-2008-1673
More information about the Secure-testing-commits
mailing list