[Secure-testing-commits] r10317 - data/CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Thu Nov 6 22:07:07 UTC 2008


Author: jmm-guest
Date: 2008-11-06 22:07:07 +0000 (Thu, 06 Nov 2008)
New Revision: 10317

Modified:
   data/CVE/list
Log:
let's not exaggerate things


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-11-06 22:01:06 UTC (rev 10316)
+++ data/CVE/list	2008-11-06 22:07:07 UTC (rev 10317)
@@ -415,8 +415,11 @@
 	- eog 2.22.3-2 (bug #504352; low)
 	[etch] - eog <not-affected> (Vulnerable code not present)
 CVE-2008-XXXX [htop display corruption]
-	- htop <unfixed> (low; bug #504144)
+	- htop <unfixed> (unimportant; bug #504144)
 	NOTE: CVE id requested
+        NOTE: That scenario is too constructed to call it a security issue, especially
+        NOTE: given that the standard top will display the maliciously hidden processes
+        NOTE: just fine. 
 CVE-2008-XXXX [dia: Python scripts load modules from current directory]
 	- dia <unfixed> (low; bug #504251)
 	[etch] - dia <no-dsa> (Minor issue, only vulnerable when called from certain dir)




More information about the Secure-testing-commits mailing list