[Secure-testing-commits] r10322 - data/CVE
atomo64-guest at alioth.debian.org
atomo64-guest at alioth.debian.org
Fri Nov 7 00:26:05 UTC 2008
Author: atomo64-guest
Date: 2008-11-07 00:26:05 +0000 (Fri, 07 Nov 2008)
New Revision: 10322
Modified:
data/CVE/list
Log:
Processed the rest of claimed CVEs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-11-06 23:48:45 UTC (rev 10321)
+++ data/CVE/list 2008-11-07 00:26:05 UTC (rev 10322)
@@ -8,44 +8,14 @@
RESERVED
CVE-2008-4961
RESERVED
-begin claimed by atomo64-guest
-CVE-2008-4960 (impose in impose+ 0.2 allows local users to overwrite arbitrary files ...)
- TODO: check
-CVE-2008-4958 (gdrae in gdrae 0.1 allows local users to overwrite arbitrary files via ...)
- TODO: check
-CVE-2008-4957 (find_flags in gccxml 0.9.0 allows local users to overwrite arbitrary ...)
- TODO: check
-CVE-2008-4956 (fwb_install in fwbuilder 2.1.19 allows local users to overwrite ...)
- TODO: check
-CVE-2008-4955 (freevo.real in freevo 1.8.1 allows local users to overwrite arbitrary ...)
- TODO: check
-CVE-2008-4954 (mead.pl in fml 4.0.3 allows local users to overwrite arbitrary files ...)
- TODO: check
CVE-2008-4953 (** DISPUTED ** ...)
- TODO: check
-CVE-2008-4952 (emacs-jabber in emacs-jabber 0.7.91 allows local users to overwrite ...)
- TODO: check
-CVE-2008-4951 (dtc 0.29.6 allows local users to overwrite arbitrary files via a ...)
- TODO: check
+ - firehol <unfixed> (unimportant; bug #496424)
+ NOTE: attack unfeasible because of $$-${RANDOM}-${RANDOM}
CVE-2008-4950 (** DISPUTED ** gccross in dpkg-cross 2.3.0 allows local users to ...)
- TODO: check
-CVE-2008-4948 (fest.pl in digitaldj 0.7.5 allows local users to overwrite arbitrary ...)
- TODO: check
-CVE-2008-4947 (dhis-dummy-log-engine in dhis-server 5.3 allows local users to ...)
- TODO: check
-CVE-2008-4945 (amlabel-cdrw in cdrw-taper 0.4 might allow local users to overwrite ...)
- TODO: check
-CVE-2008-4943 (bulmages-servers 0.11.1 allows local users to overwrite arbitrary ...)
- TODO: check
-CVE-2008-4942 (audiolink in audiolink 0.05 allows local users to overwrite arbitrary ...)
- TODO: check
-CVE-2008-4941 (arb-common 0.0 allows local users to overwrite arbitrary files via a ...)
- TODO: check
-CVE-2008-4940 (xmlfile.py in aptoncd 0.1 allows local users to overwrite arbitrary ...)
- TODO: check
+ - dpkg-cross <unfixed> (unimportant; bug #496413)
+ NOTE: executed under a chroot when a package failed to cross-build
CVE-2008-4938 (aegis 4.24 and aegis-web 4.24 allow local users to overwrite arbitrary ...)
TODO: check
-end claimed by atomo64-guest
CVE-2008-4934 (The hfsplus_block_allocate function in fs/hfsplus/bitmap.c in the ...)
TODO: check
CVE-2008-4933 (Buffer overflow in the hfsplus_find_cat function in ...)
@@ -1266,25 +1236,25 @@
CVE-2008-4969 [ltp: insecure temp file]
- ltp 20060918-3 (low; bug #496411)
[etch] - ltp <no-dsa> (Documented to be only suitable for single user setups currently)
-CVE-2008-XXXX [fml: insecure temp file]
+CVE-2008-4954 [fml: insecure temp file]
- fml <removed> (low; bug #496370)
[etch] - fml <no-dsa> (Minor issue)
-CVE-2008-XXXX [gccxml: insecure temp file]
+CVE-2008-4957 [gccxml: insecure temp file]
- gccxml <unfixed> (unimportant; bug #496391)
NOTE: Only applies to a script used for an obscure SGI compiler
-CVE-2008-XXXX [bulmages: insecure temp file]
+CVE-2008-4943 [bulmages: insecure temp file]
- bulmages <unfixed> (unimportant; bug #496382)
NOTE: Only present in example scripts
CVE-2008-XXXX [printfilters-ppd: insecure temp file]
- printfilters-ppd <unfixed> (unimportant; bug #496417)
NOTE: Only exploitable when modifying master-filter by hand
-CVE-2008-XXXX [freevo: insecure temp file]
+CVE-2008-4955 [freevo: insecure temp file]
- freevo <unfixed> (unimportant; bug #496373)
NOTE: Only exploitable when modifying script by hand
CVE-2008-4974 [netmrg: insecure temp file]
- netmrg 0.20-2 (low; bug #496384)
[etch] - netmrg <no-dsa> (Minor issue)
-CVE-2008-XXXX [impose+: insecure temp file]
+CVE-2008-4960 [impose+: insecure temp file]
- impose+ 0.2-11.1 (low; bug #496435)
[etch] - impose+ <no-dsa> (Minor issue)
CVE-2008-4964 [konwert: insecure temp file]
@@ -1368,11 +1338,11 @@
CVE-2008-4966 [openswan kernel patch: insecure temp file]
- linux-patch-openswan <unfixed> (unimportant; bug #496376)
NOTE: Only unused packaging bits
-CVE-2008-XXXX [arb: insecure temp file]
+CVE-2008-4941 [arb: insecure temp file]
- arb 0.0.20071207.1-5 (low; bug #496396)
-CVE-2008-XXXX [aptoncd: insecure temp file]
+CVE-2008-4940 [aptoncd: insecure temp file]
- aptoncd 0.1-1.2 (bug #496390; low)
-CVE-2008-XXXX [dhis-server: insecure temp file]
+CVE-2008-4947 [dhis-server: insecure temp file]
- dhis-server 5.3-1.2 (bug #496388; unimportant)
CVE-2008-4967 [linuxtrade: insecure temp file]
- linuxtrade <removed> (unimportant; bug #496372)
@@ -1381,13 +1351,13 @@
CVE-2008-4980 [rccp: insecure temp file]
- rccp 0.9-2.1 (low; bug #496364)
[etch] - rccp <no-dsa> (Minor issue)
-CVE-2008-XXXX [digitaldj: insecure temp file]
+CVE-2008-4948 [digitaldj: insecure temp file]
- digitaldj 0.7.5-6.1 (low; bug #496399)
[etch] - digitaldj <no-dsa> (Minor issue)
-CVE-2008-XXXX [cdrw-taper: insecure temp file]
+CVE-2008-4945 [cdrw-taper: insecure temp file]
- cdrw-taper 0.4-2.1 (low; bug #496380)
[etch] - cdrw-taper <no-dsa> (Minor issue)
-CVE-2008-XXXX [gdrae: insecure temp file]
+CVE-2008-4958 [gdrae: insecure temp file]
- gdrae 0.1-1.1 (low; bug #496378)
[etch] - gdrae <no-dsa> (Minor issue)
CVE-2008-4407 (XRunSabre in sabre (aka xsabre) 0.2.4b relies on the ability to create ...)
@@ -2638,7 +2608,7 @@
- bitlbee 1.2.2-1
end claimed by white
CVE-2008-4978 [radiance: insecure temp files]
- - radiance 3R9+20080530-4 (low; bug #496433)
+ - radiance 3R9+20080530-4 (low; bug #496423)
CVE-2008-3844 (Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, ...)
NOT-FOR-US: Red Hat services issue
CVE-2008-3843 (Request Validation (aka the ValidateRequest filters) in ASP.NET in ...)
@@ -2849,7 +2819,7 @@
NOT-FOR-US: Banner Management Script
CVE-2008-3748 (SQL injection vulnerability in view_group.php in Active PHP Bookmarks ...)
NOT-FOR-US: Active PHP Bookmarks
-CVE-2008-XXXX [emacs-jabber: insecure temp files]
+CVE-2008-4952 [emacs-jabber: insecure temp files]
- emacs-jabber 0.7.91-2 (low; bug #496428)
[etch] - emacs-jabber <no-dsa> (Minor issue)
CVE-2008-4987 [xastir: insecure temp files]
@@ -2867,7 +2837,7 @@
[etch] - apertium <no-dsa> (Minor issue)
CVE-2008-4946 (convirt 0.8.2 allows local users to overwrite arbitrary files via a ...)
- convirt <unfixed> (medium; bug #496419)
-CVE-2008-XXXX [audiolink: insecure temp files]
+CVE-2008-4942 [audiolink: insecure temp files]
- audiolink 0.05-1.1 (low; bug #496433)
[etch] - audiolink <no-dsa> (Minor issue)
CVE-2008-4968 [lmbench: insecure temp files]
@@ -2919,7 +2889,7 @@
CVE-2008-4935 (asciiview in aview 1.3.0 allows local users to overwrite arbitrary ...)
- aview 1.3.0rc1-8.1 (low; bug #496422)
[etch] - aview <no-dsa> (Minor issue)
-CVE-2008-XXXX [fwbuilder: insecure temp file]
+CVE-2008-4956 [fwbuilder: insecure temp file]
- fwbuilder 2.1.19-5 (low; bug #496406)
[etch] - fwbuilder <no-dsa> (Minor issue)
CVE-2008-4440 (The to-upgrade plugin in feta 1.4.16 allows local users to overwrite ...)
@@ -2934,7 +2904,7 @@
CVE-2008-XXXX [sgml2x: insecure temp file]
- sgml2x 1.0.0-11.2 (low; bug #496368)
[etch] - sgml2x <no-dsa> (Minor issue)
-CVE-2008-XXXX [dtc-common: insecure temp file]
+CVE-2008-4951 [dtc-common: insecure temp file]
- dtc 0.29.10-1 (low; bug #496362)
CVE-2008-XXXX [liguidsoap: insecure temp file]
- liguidsoap <unfixed> (low; bug #496360)
More information about the Secure-testing-commits
mailing list