[Secure-testing-commits] r10320 - in data: . CVE
atomo64-guest at alioth.debian.org
atomo64-guest at alioth.debian.org
Thu Nov 6 23:37:49 UTC 2008
Author: atomo64-guest
Date: 2008-11-06 23:37:48 +0000 (Thu, 06 Nov 2008)
New Revision: 10320
Modified:
data/CVE/list
data/embedded-code-copies
Log:
Processed some CVEs and added information about embedded copies in KDE stuff
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-11-06 22:25:57 UTC (rev 10319)
+++ data/CVE/list 2008-11-06 23:37:48 UTC (rev 10320)
@@ -2,40 +2,13 @@
RESERVED
CVE-2008-4989
RESERVED
+begin claimed by atomo64-guest
CVE-2008-4988 (pscal in xcal 4.1 allows local users to overwrite arbitrary files via ...)
TODO: check
-CVE-2008-4987 (xastir 1.9.2 allows local users to overwrite arbitrary files via a ...)
- TODO: check
-CVE-2008-4986 (wims 3.62 allows local users to overwrite arbitrary files via a ...)
- TODO: check
-CVE-2008-4985 (vdrleaktest in vdr 1.6.0 allows local users to overwrite arbitrary ...)
- TODO: check
-CVE-2008-4984 (scratchbox2 1.99.0.24 allows local users to overwrite arbitrary files ...)
- TODO: check
CVE-2008-4983 (scilab-bin 4.1.2 allows local users to overwrite arbitrary files via a ...)
TODO: check
-CVE-2008-4982 (rkhunter in rkhunter 1.3.2 allows local users to overwrite arbitrary ...)
- TODO: check
-CVE-2008-4981 (perl.robot in realtimebattle 1.0.8 allows local users to overwrite ...)
- TODO: check
-CVE-2008-4980 (delqueueask in rccp 0.9 allows local users to overwrite arbitrary ...)
- TODO: check
-CVE-2008-4979 (getipacctg in rancid 2.3.2~a8 allows local users to overwrite ...)
- TODO: check
-CVE-2008-4978 (radiance 3R9+20080530 allows local users to overwrite arbitrary files ...)
- TODO: check
CVE-2008-4977 (** DISPUTED ** ...)
TODO: check
-CVE-2008-4976 (ogle 0.9.2 and ogle-mmx 0.9.2 allow local users to overwrite arbitrary ...)
- TODO: check
-CVE-2008-4975 (mkmailpost in newsgate 1.6 allows local users to overwrite arbitrary ...)
- TODO: check
-CVE-2008-4974 (rrdedit in netmrg 0.20 allows local users to overwrite arbitrary files ...)
- TODO: check
-CVE-2008-4973 (i2myspell in myspell 3.1 allows local users to overwrite arbitrary ...)
- TODO: check
-CVE-2008-4972 (mailgo in mgt 2.31 allows local users to overwrite arbitrary files via ...)
- TODO: check
CVE-2008-4971 (mafft-homologs in mafft 6.240 allows local users to overwrite ...)
TODO: check
CVE-2008-4970 (runiozone in lustre 1.6.5 allows local users to overwrite arbitrary ...)
@@ -50,8 +23,7 @@
TODO: check
CVE-2008-4965 (liguidsoap.py in liguidsoap 0.3.8.1+2 allows local users to overwrite ...)
TODO: check
-CVE-2008-4964 (filters/any-UTF8 in konwert 1.8 allows local users to delete arbitrary ...)
- TODO: check
+end claimed by atomo64-guest
CVE-2008-4963 (Unspecified vulnerability in the VLAN Trunking Protocol (VTP) ...)
TODO: check
CVE-2008-4962
@@ -1333,16 +1305,16 @@
CVE-2008-XXXX [freevo: insecure temp file]
- freevo <unfixed> (unimportant; bug #496373)
NOTE: Only exploitable when modifying script by hand
-CVE-2008-XXXX [netmrg: insecure temp file]
+CVE-2008-4974 [netmrg: insecure temp file]
- netmrg 0.20-2 (low; bug #496384)
[etch] - netmrg <no-dsa> (Minor issue)
CVE-2008-XXXX [impose+: insecure temp file]
- impose+ 0.2-11.1 (low; bug #496435)
[etch] - impose+ <no-dsa> (Minor issue)
-CVE-2008-XXXX [konwert: insecure temp file]
+CVE-2008-4964 [konwert: insecure temp file]
- konwert 1.8-11.2 (low; bug #496379)
[etch] - konwert <no-dsa> (Minor issue)
-CVE-2008-XXXX [wims: insecure temp file]
+CVE-2008-4986 [wims: insecure temp file]
- wims 3.62-13.1 (low; bug #496387)
[etch] - wims <no-dsa> (Minor issue)
CVE-2008-4474 (freeradius-dialupadmin in freeradius 2.0.4 allows local users to ...)
@@ -1430,7 +1402,7 @@
- linuxtrade <removed> (unimportant; bug #496372)
NOTE: unimportant since the program is dysfunctional with the current
NOTE: trading website and thus not exploitable for practical purposes
-CVE-2008-XXXX [rccp: insecure temp file]
+CVE-2008-4980 [rccp: insecure temp file]
- rccp 0.9-2.1 (low; bug #496364)
[etch] - rccp <no-dsa> (Minor issue)
CVE-2008-XXXX [digitaldj: insecure temp file]
@@ -2689,7 +2661,7 @@
CVE-2008-3920 (Unspecified vulnerability in BitlBee before 1.2.2 allows remote ...)
- bitlbee 1.2.2-1
end claimed by white
-CVE-2008-XXXX [radiance: insecure temp files]
+CVE-2008-4978 [radiance: insecure temp files]
- radiance 3R9+20080530-4 (low; bug #496433)
CVE-2008-3844 (Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, ...)
NOT-FOR-US: Red Hat services issue
@@ -2904,7 +2876,7 @@
CVE-2008-XXXX [emacs-jabber: insecure temp files]
- emacs-jabber 0.7.91-2 (low; bug #496428)
[etch] - emacs-jabber <no-dsa> (Minor issue)
-CVE-2008-XXXX [xastir: insecure temp files]
+CVE-2008-4987 [xastir: insecure temp files]
- xastir 1.9.2-1.1 (low; bug #496383)
[etch] - xastir <no-dsa> (Minor issue)
CVE-2008-4477 (alert.d/test.alert in mon 0.99.2 allows local users to overwrite ...)
@@ -2925,13 +2897,13 @@
CVE-2008-XXXX [lmbench: insecure temp files]
- lmbench <unfixed> (low; bug #496427)
[etch] - lmbench <no-dsa> (Non-free not supported)
-CVE-2008-XXXX [newsgate: insecure temp files]
+CVE-2008-4975 [newsgate: insecure temp files]
- newsgate <removed> (low; bug #496437)
[etch] - newsgate <no-dsa> (Non-free not supported)
-CVE-2008-XXXX [myspell: insecure temp files]
+CVE-2008-4973 [myspell: insecure temp files]
- myspell 1:3.0+pre3.1-21 (low; bug #496392)
[etch] - myspell <no-dsa> (Minor issue)
-CVE-2008-XXXX [insecure temp file in ogle]
+CVE-2008-4976 [insecure temp file in ogle]
- ogle <unfixed> (unimportant; bug #496420; bug #496425)
NOTE: This only affects debugging scripts not present in standard path
CVE-2008-3789 (Samba 3.2.0 uses weak permissions (0666) for the (1) group_mapping.tdb ...)
@@ -2941,15 +2913,15 @@
CVE-2008-XXXX [insecure temp file in nvi]
- nvi 1.81.6-4 (low; bug #496462)
[etch] - nvi <no-dsa> (Minor issue, only exploitable in postinst)
-CVE-2008-XXXX [rkhunter: insecure temp file]
+CVE-2008-4982 [rkhunter: insecure temp file]
- rkhunter 1.3.2-6 (low; bug #496375)
[etch] - rkhunter <no-dsa> (Minor issue, only in debug mode)
-CVE-2008-XXXX [scratchbox2: insecure temp file]
+CVE-2008-4984 [scratchbox2: insecure temp file]
- scratchbox2 1.99.0.24-2 (low; bug #496409)
-CVE-2008-XXXX [realtimebattle: insecure temp file]
+CVE-2008-4981 [realtimebattle: insecure temp file]
- realtimebattle 1.0.8-8 (low; bug #496385)
[etch] - realtimebattle <no-dsa> (Minor issue)
-CVE-2008-XXXX [mgt: insecure temp file]
+CVE-2008-4972 [mgt: insecure temp file]
- mgt 2.31-6 (low; bug #496434)
[etch] - mgt <no-dsa> (Minor issue)
CVE-2008-XXXX [twiki: insecure temp file]
@@ -3013,10 +2985,10 @@
- openoffice.org 1:2.4.1-8 (low; bug #496361)
[etch] - openoffice.org <not-affected> (Vulnerable code not present)
NOTE: also not present in 3.0.0, only in 2.4.1. Fix pending upload.
-CVE-2008-XXXX [rancid: insecure temp file]
+CVE-2008-4979 [rancid: insecure temp file]
- rancid 2.3.2~a8-2 (low; bug #496426)
[etch] - rancid <no-dsa> (Minor issue)
-CVE-2008-XXXX [vdr: insecure temp file]
+CVE-2008-4985 [vdr: insecure temp file]
- vdr 1.6.0-6 (low; bug #496421)
[etch] - vdr <not-affected> (Vulnerable code not present)
CVE-2008-XXXX [lazarus: insecure temp file]
Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies 2008-11-06 22:25:57 UTC (rev 10319)
+++ data/embedded-code-copies 2008-11-06 23:37:48 UTC (rev 10320)
@@ -673,3 +673,15 @@
webcalendar
- gforge-plugins-extra <unfixed> (embed; bug #504758)
+
+libical
+ - kdepim <unfixed> (fork)
+ - kdepimlibs <unfixed> (fork)
+ NOTE: fixed in KDE4 post 4.1.x series
+
+libltdl3
+ - kdelibs <unfixed> (embed)
+ NOTE: it's been said it sets RT_GLOBAL (or something like that) at runtime and version in experimental of libltdl can optionally set it
+
+harfbuzz
+ - qt4-x11 <unfixed> (embed)
More information about the Secure-testing-commits
mailing list