[Secure-testing-commits] r10321 - data/CVE
atomo64-guest at alioth.debian.org
atomo64-guest at alioth.debian.org
Thu Nov 6 23:48:46 UTC 2008
Author: atomo64-guest
Date: 2008-11-06 23:48:45 +0000 (Thu, 06 Nov 2008)
New Revision: 10321
Modified:
data/CVE/list
Log:
Processed some, claimed even more
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-11-06 23:37:48 UTC (rev 10320)
+++ data/CVE/list 2008-11-06 23:48:45 UTC (rev 10321)
@@ -2,38 +2,15 @@
RESERVED
CVE-2008-4989
RESERVED
-begin claimed by atomo64-guest
-CVE-2008-4988 (pscal in xcal 4.1 allows local users to overwrite arbitrary files via ...)
- TODO: check
-CVE-2008-4983 (scilab-bin 4.1.2 allows local users to overwrite arbitrary files via a ...)
- TODO: check
-CVE-2008-4977 (** DISPUTED ** ...)
- TODO: check
-CVE-2008-4971 (mafft-homologs in mafft 6.240 allows local users to overwrite ...)
- TODO: check
-CVE-2008-4970 (runiozone in lustre 1.6.5 allows local users to overwrite arbitrary ...)
- TODO: check
-CVE-2008-4969 (ltp-network-test 20060918 allows local users to overwrite arbitrary ...)
- TODO: check
-CVE-2008-4968 (The (1) rccs and (2) STUFF scripts in lmbench 3.0-a7 allow local users ...)
- TODO: check
-CVE-2008-4967 (linuxtrade 3.65 allows local users to overwrite arbitrary files via a ...)
- TODO: check
-CVE-2008-4966 (linux-patch-openswan 2.4.12 allows local users to overwrite arbitrary ...)
- TODO: check
-CVE-2008-4965 (liguidsoap.py in liguidsoap 0.3.8.1+2 allows local users to overwrite ...)
- TODO: check
-end claimed by atomo64-guest
CVE-2008-4963 (Unspecified vulnerability in the VLAN Trunking Protocol (VTP) ...)
TODO: check
CVE-2008-4962
RESERVED
CVE-2008-4961
RESERVED
+begin claimed by atomo64-guest
CVE-2008-4960 (impose in impose+ 0.2 allows local users to overwrite arbitrary files ...)
TODO: check
-CVE-2008-4959 (geo-code in gpsdrive-scripts 2.10~pre4 allows local users to overwrite ...)
- TODO: check
CVE-2008-4958 (gdrae in gdrae 0.1 allows local users to overwrite arbitrary files via ...)
TODO: check
CVE-2008-4957 (find_flags in gccxml 0.9.0 allows local users to overwrite arbitrary ...)
@@ -68,8 +45,7 @@
TODO: check
CVE-2008-4938 (aegis 4.24 and aegis-web 4.24 allow local users to overwrite arbitrary ...)
TODO: check
-CVE-2008-4937 (senddoc in OpenOffice.org (OOo) 2.4.1 allows local users to overwrite ...)
- TODO: check
+end claimed by atomo64-guest
CVE-2008-4934 (The hfsplus_block_allocate function in fs/hfsplus/bitmap.c in the ...)
TODO: check
CVE-2008-4933 (Buffer overflow in the hfsplus_find_cat function in ...)
@@ -1287,7 +1263,7 @@
NOT-FOR-US: CA ARCserve Backup
CVE-2008-4396 (Stack-based buffer overflow in Safer Networking FileAlyzer 1.6.0.0 and ...)
NOT-FOR-US: Safer Networking FileAlyzer
-CVE-2008-XXXX [ltp: insecure temp file]
+CVE-2008-4969 [ltp: insecure temp file]
- ltp 20060918-3 (low; bug #496411)
[etch] - ltp <no-dsa> (Documented to be only suitable for single user setups currently)
CVE-2008-XXXX [fml: insecure temp file]
@@ -1323,7 +1299,7 @@
CVE-2008-XXXX [bk2site: insecure temp file]
- bk2site <unfixed> (unimportant; bug #496430)
NOTE: Only debug code, script needs to be edited to exploit this
-CVE-2008-XXXX [scilab: insecure temp file]
+CVE-2008-4983 [scilab: insecure temp file]
- scilab 4.1.2-6 (low; bug #496414)
[etch] - scilab <no-dsa> (Non-free not supported)
CVE-2008-4395 (Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux ...)
@@ -1387,9 +1363,9 @@
NOT-FOR-US: Java on OSX
CVE-2008-4367
RESERVED
-CVE-2008-XXXX [liquidsoap: insecure temp file]
+CVE-2008-4965 [liquidsoap: insecure temp file]
- liquidsoap <unfixed> (low; bug #496360)
-CVE-2008-XXXX [openswan kernel patch: insecure temp file]
+CVE-2008-4966 [openswan kernel patch: insecure temp file]
- linux-patch-openswan <unfixed> (unimportant; bug #496376)
NOTE: Only unused packaging bits
CVE-2008-XXXX [arb: insecure temp file]
@@ -1398,7 +1374,7 @@
- aptoncd 0.1-1.2 (bug #496390; low)
CVE-2008-XXXX [dhis-server: insecure temp file]
- dhis-server 5.3-1.2 (bug #496388; unimportant)
-CVE-2008-XXXX [linuxtrade: insecure temp file]
+CVE-2008-4967 [linuxtrade: insecure temp file]
- linuxtrade <removed> (unimportant; bug #496372)
NOTE: unimportant since the program is dysfunctional with the current
NOTE: trading website and thus not exploitable for practical purposes
@@ -1784,13 +1760,13 @@
CVE-2008-XXXX [jumpnbump: insecure temp file]
- jumpnbump 1.50+dfsg1-1 (low; bug #500611)
[etch] - jumpnbump 1.50-6+etch1
-CVE-2008-XXXX [gpsdrive: insecure temp file]
+CVE-2008-4959 [gpsdrive: insecure temp file]
- gpsdrive 2.10~pre4-6.dfsg-1 (low; bug #496436)
[etch] - gpsdrive <no-dsa> (Minor issue)
CVE-2008-4949 (dist 3.5 allows local users to overwrite arbitrary files via a symlink ...)
- dist 1:3.5-17-2 (low; bug #496412)
[etch] - dist 3.70-31etch1
-CVE-2008-XXXX [lustre: insecure temp files]
+CVE-2008-4970 [lustre: insecure temp files]
- lustre 1.6.5.1-1 (low; bug #496371)
CVE-2008-4247 (ftpd in OpenBSD 4.3, FreeBSD 7.0, and NetBSD 4.0 interprets long ...)
- linux-ftpd-ssl 0.17.27+0.3-3 (bug #500518)
@@ -2894,7 +2870,7 @@
CVE-2008-XXXX [audiolink: insecure temp files]
- audiolink 0.05-1.1 (low; bug #496433)
[etch] - audiolink <no-dsa> (Minor issue)
-CVE-2008-XXXX [lmbench: insecure temp files]
+CVE-2008-4968 [lmbench: insecure temp files]
- lmbench <unfixed> (low; bug #496427)
[etch] - lmbench <no-dsa> (Non-free not supported)
CVE-2008-4975 [newsgate: insecure temp files]
@@ -2926,7 +2902,7 @@
[etch] - mgt <no-dsa> (Minor issue)
CVE-2008-XXXX [twiki: insecure temp file]
- twiki 1:4.1.2-4 (low; bug #494648)
-CVE-2008-XXXX [mafft: insecure temp file]
+CVE-2008-4971 [mafft: insecure temp file]
- mafft 6.240-2 (low; bug #496366)
CVE-2008-XXXX [xen-3: insecure temp file]
- xen-3 <unfixed> (low; bug #496367)
@@ -2949,7 +2925,7 @@
CVE-2008-4440 (The to-upgrade plugin in feta 1.4.16 allows local users to overwrite ...)
{DSA-1643-1}
- feta 1.4.16+nmu1 (low; bug #496397)
-CVE-2008-XXXX [postfix: insecure temp file]
+CVE-2008-4977 [postfix: insecure temp file]
- postfix <unfixed> (unimportant; bug #496401)
NOTE: Not enabled by default, needs manual modification of a script
CVE-2008-4944 (writtercontrol in cdcontrol 1.90 allows local users to overwrite ...)
@@ -2965,7 +2941,7 @@
CVE-2008-XXXX [xmcd: insecure temp file]
- xmcd 2.6-21 (low; bug #496416)
[etch] - xmcd <no-dsa> (Minor issue)
-CVE-2008-XXXX [xcal: insecure temp file]
+CVE-2008-4988 [xcal: insecure temp file]
- xcal 4.1-19 (low; bug #496393)
[etch] - xcal <no-dsa> (Minor issue)
CVE-2008-3791 (src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop ...)
@@ -2981,7 +2957,7 @@
NOTE: http://sourceforge.net/tracker/index.php?func=detail&aid=2019492&group_id=180858&atid=894869
NOTE: non-issue, not exploitable by other users
NOTE: CVE id requested
-CVE-2008-XXXX [openoffice: insecure temp file]
+CVE-2008-4937 [openoffice: insecure temp file]
- openoffice.org 1:2.4.1-8 (low; bug #496361)
[etch] - openoffice.org <not-affected> (Vulnerable code not present)
NOTE: also not present in 3.0.0, only in 2.4.1. Fix pending upload.
More information about the Secure-testing-commits
mailing list