[Secure-testing-commits] r10326 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Fri Nov 7 09:14:17 UTC 2008
Author: joeyh
Date: 2008-11-07 09:14:16 +0000 (Fri, 07 Nov 2008)
New Revision: 10326
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-11-07 08:51:53 UTC (rev 10325)
+++ data/CVE/list 2008-11-07 09:14:16 UTC (rev 10326)
@@ -337,9 +337,9 @@
CVE-2008-XXXX [htop display corruption]
- htop <unfixed> (unimportant; bug #504144)
NOTE: CVE id requested
- NOTE: That scenario is too constructed to call it a security issue, especially
- NOTE: given that the standard top will display the maliciously hidden processes
- NOTE: just fine.
+ NOTE: That scenario is too constructed to call it a security issue, especially
+ NOTE: given that the standard top will display the maliciously hidden processes
+ NOTE: just fine.
CVE-2008-XXXX [dia: Python scripts load modules from current directory]
- dia <unfixed> (low; bug #504251)
[etch] - dia <no-dsa> (Minor issue, only vulnerable when called from certain dir)
@@ -1011,7 +1011,7 @@
NOT-FOR-US: Adobe Flash Player
CVE-2008-4482 (The XML parser in Xerces-C++ before 3.0.0 allows context-dependent ...)
- xerces-c2 <unfixed> (low; bug #502102)
- [lenny] - xerces-c2 <no-dsa> (Minor issue, too intrusive to backport)
+ [lenny] - xerces-c2 <no-dsa> (Minor issue, too intrusive to backport)
CVE-2008-4480 (Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.x ...)
NOT-FOR-US: Novell eDirectory
CVE-2008-4479 (Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 ...)
@@ -1235,34 +1235,34 @@
NOT-FOR-US: CA ARCserve Backup
CVE-2008-4396 (Stack-based buffer overflow in Safer Networking FileAlyzer 1.6.0.0 and ...)
NOT-FOR-US: Safer Networking FileAlyzer
-CVE-2008-4969 [ltp: insecure temp file]
+CVE-2008-4969 (ltp-network-test 20060918 allows local users to overwrite arbitrary ...)
- ltp 20060918-3 (low; bug #496411)
[etch] - ltp <no-dsa> (Documented to be only suitable for single user setups currently)
-CVE-2008-4954 [fml: insecure temp file]
+CVE-2008-4954 (mead.pl in fml 4.0.3 allows local users to overwrite arbitrary files ...)
- fml <removed> (low; bug #496370)
[etch] - fml <no-dsa> (Minor issue)
-CVE-2008-4957 [gccxml: insecure temp file]
+CVE-2008-4957 (find_flags in gccxml 0.9.0 allows local users to overwrite arbitrary ...)
- gccxml <unfixed> (unimportant; bug #496391)
NOTE: Only applies to a script used for an obscure SGI compiler
-CVE-2008-4943 [bulmages: insecure temp file]
+CVE-2008-4943 (bulmages-servers 0.11.1 allows local users to overwrite arbitrary ...)
- bulmages <unfixed> (unimportant; bug #496382)
NOTE: Only present in example scripts
CVE-2008-XXXX [printfilters-ppd: insecure temp file]
- printfilters-ppd <unfixed> (unimportant; bug #496417)
NOTE: Only exploitable when modifying master-filter by hand
-CVE-2008-4955 [freevo: insecure temp file]
+CVE-2008-4955 (freevo.real in freevo 1.8.1 allows local users to overwrite arbitrary ...)
- freevo <unfixed> (unimportant; bug #496373)
NOTE: Only exploitable when modifying script by hand
-CVE-2008-4974 [netmrg: insecure temp file]
+CVE-2008-4974 (rrdedit in netmrg 0.20 allows local users to overwrite arbitrary files ...)
- netmrg 0.20-2 (low; bug #496384)
[etch] - netmrg <no-dsa> (Minor issue)
-CVE-2008-4960 [impose+: insecure temp file]
+CVE-2008-4960 (impose in impose+ 0.2 allows local users to overwrite arbitrary files ...)
- impose+ 0.2-11.1 (low; bug #496435)
[etch] - impose+ <no-dsa> (Minor issue)
-CVE-2008-4964 [konwert: insecure temp file]
+CVE-2008-4964 (filters/any-UTF8 in konwert 1.8 allows local users to delete arbitrary ...)
- konwert 1.8-11.2 (low; bug #496379)
[etch] - konwert <no-dsa> (Minor issue)
-CVE-2008-4986 [wims: insecure temp file]
+CVE-2008-4986 (wims 3.62 allows local users to overwrite arbitrary files via a ...)
- wims 3.62-13.1 (low; bug #496387)
[etch] - wims <no-dsa> (Minor issue)
CVE-2008-4474 (freeradius-dialupadmin in freeradius 2.0.4 allows local users to ...)
@@ -1271,7 +1271,7 @@
CVE-2008-XXXX [bk2site: insecure temp file]
- bk2site <unfixed> (unimportant; bug #496430)
NOTE: Only debug code, script needs to be edited to exploit this
-CVE-2008-4983 [scilab: insecure temp file]
+CVE-2008-4983 (scilab-bin 4.1.2 allows local users to overwrite arbitrary files via a ...)
- scilab 4.1.2-6 (low; bug #496414)
[etch] - scilab <no-dsa> (Non-free not supported)
CVE-2008-4395 (Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux ...)
@@ -1335,31 +1335,31 @@
NOT-FOR-US: Java on OSX
CVE-2008-4367
RESERVED
-CVE-2008-4965 [liquidsoap: insecure temp file]
+CVE-2008-4965 (liguidsoap.py in liguidsoap 0.3.8.1+2 allows local users to overwrite ...)
- liquidsoap <unfixed> (low; bug #496360)
-CVE-2008-4966 [openswan kernel patch: insecure temp file]
+CVE-2008-4966 (linux-patch-openswan 2.4.12 allows local users to overwrite arbitrary ...)
- linux-patch-openswan <unfixed> (unimportant; bug #496376)
NOTE: Only unused packaging bits
-CVE-2008-4941 [arb: insecure temp file]
+CVE-2008-4941 (arb-common 0.0 allows local users to overwrite arbitrary files via a ...)
- arb 0.0.20071207.1-5 (low; bug #496396)
-CVE-2008-4940 [aptoncd: insecure temp file]
+CVE-2008-4940 (xmlfile.py in aptoncd 0.1 allows local users to overwrite arbitrary ...)
- aptoncd 0.1-1.2 (bug #496390; low)
-CVE-2008-4947 [dhis-server: insecure temp file]
+CVE-2008-4947 (dhis-dummy-log-engine in dhis-server 5.3 allows local users to ...)
- dhis-server 5.3-1.2 (bug #496388; unimportant)
-CVE-2008-4967 [linuxtrade: insecure temp file]
+CVE-2008-4967 (linuxtrade 3.65 allows local users to overwrite arbitrary files via a ...)
- linuxtrade <removed> (unimportant; bug #496372)
NOTE: unimportant since the program is dysfunctional with the current
NOTE: trading website and thus not exploitable for practical purposes
-CVE-2008-4980 [rccp: insecure temp file]
+CVE-2008-4980 (delqueueask in rccp 0.9 allows local users to overwrite arbitrary ...)
- rccp 0.9-2.1 (low; bug #496364)
[etch] - rccp <no-dsa> (Minor issue)
-CVE-2008-4948 [digitaldj: insecure temp file]
+CVE-2008-4948 (fest.pl in digitaldj 0.7.5 allows local users to overwrite arbitrary ...)
- digitaldj 0.7.5-6.1 (low; bug #496399)
[etch] - digitaldj <no-dsa> (Minor issue)
-CVE-2008-4945 [cdrw-taper: insecure temp file]
+CVE-2008-4945 (amlabel-cdrw in cdrw-taper 0.4 might allow local users to overwrite ...)
- cdrw-taper 0.4-2.1 (low; bug #496380)
[etch] - cdrw-taper <no-dsa> (Minor issue)
-CVE-2008-4958 [gdrae: insecure temp file]
+CVE-2008-4958 (gdrae in gdrae 0.1 allows local users to overwrite arbitrary files via ...)
- gdrae 0.1-1.1 (low; bug #496378)
[etch] - gdrae <no-dsa> (Minor issue)
CVE-2008-4407 (XRunSabre in sabre (aka xsabre) 0.2.4b relies on the ability to create ...)
@@ -1732,13 +1732,13 @@
CVE-2008-XXXX [jumpnbump: insecure temp file]
- jumpnbump 1.50+dfsg1-1 (low; bug #500611)
[etch] - jumpnbump 1.50-6+etch1
-CVE-2008-4959 [gpsdrive: insecure temp file]
+CVE-2008-4959 (geo-code in gpsdrive-scripts 2.10~pre4 allows local users to overwrite ...)
- gpsdrive 2.10~pre4-6.dfsg-1 (low; bug #496436)
[etch] - gpsdrive <no-dsa> (Minor issue)
CVE-2008-4949 (dist 3.5 allows local users to overwrite arbitrary files via a symlink ...)
- dist 1:3.5-17-2 (low; bug #496412)
[etch] - dist 3.70-31etch1
-CVE-2008-4970 [lustre: insecure temp files]
+CVE-2008-4970 (runiozone in lustre 1.6.5 allows local users to overwrite arbitrary ...)
- lustre 1.6.5.1-1 (low; bug #496371)
CVE-2008-4247 (ftpd in OpenBSD 4.3, FreeBSD 7.0, and NetBSD 4.0 interprets long ...)
- linux-ftpd-ssl 0.17.27+0.3-3 (bug #500518)
@@ -1957,6 +1957,7 @@
{DSA-1662-1}
- mysql-dfsg-5.0 5.0.67-1
CVE-2008-4097 (MySQL 5.0.51a allows local users to bypass certain privilege checks by ...)
+ {DSA-1608-1}
- mysql-dfsg-5.0 5.0.51a-10
CVE-2008-4095 (Multiple unspecified vulnerabilities in the Importer in Flip4Mac WMV ...)
NOT-FOR-US: Flip4Mac WMV
@@ -2609,7 +2610,7 @@
CVE-2008-3920 (Unspecified vulnerability in BitlBee before 1.2.2 allows remote ...)
- bitlbee 1.2.2-1
end claimed by white
-CVE-2008-4978 [radiance: insecure temp files]
+CVE-2008-4978 (radiance 3R9+20080530 allows local users to overwrite arbitrary files ...)
- radiance 3R9+20080530-4 (low; bug #496423)
CVE-2008-3844 (Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, ...)
NOT-FOR-US: Red Hat services issue
@@ -2821,10 +2822,10 @@
NOT-FOR-US: Banner Management Script
CVE-2008-3748 (SQL injection vulnerability in view_group.php in Active PHP Bookmarks ...)
NOT-FOR-US: Active PHP Bookmarks
-CVE-2008-4952 [emacs-jabber: insecure temp files]
+CVE-2008-4952 (emacs-jabber in emacs-jabber 0.7.91 allows local users to overwrite ...)
- emacs-jabber 0.7.91-2 (low; bug #496428)
[etch] - emacs-jabber <no-dsa> (Minor issue)
-CVE-2008-4987 [xastir: insecure temp files]
+CVE-2008-4987 (xastir 1.9.2 allows local users to overwrite arbitrary files via a ...)
- xastir 1.9.2-1.1 (low; bug #496383)
[etch] - xastir <no-dsa> (Minor issue)
CVE-2008-4477 (alert.d/test.alert in mon 0.99.2 allows local users to overwrite ...)
@@ -2839,19 +2840,19 @@
[etch] - apertium <no-dsa> (Minor issue)
CVE-2008-4946 (convirt 0.8.2 allows local users to overwrite arbitrary files via a ...)
- convirt <unfixed> (medium; bug #496419)
-CVE-2008-4942 [audiolink: insecure temp files]
+CVE-2008-4942 (audiolink in audiolink 0.05 allows local users to overwrite arbitrary ...)
- audiolink 0.05-1.1 (low; bug #496433)
[etch] - audiolink <no-dsa> (Minor issue)
-CVE-2008-4968 [lmbench: insecure temp files]
+CVE-2008-4968 (The (1) rccs and (2) STUFF scripts in lmbench 3.0-a7 allow local users ...)
- lmbench <unfixed> (low; bug #496427)
[etch] - lmbench <no-dsa> (Non-free not supported)
-CVE-2008-4975 [newsgate: insecure temp files]
+CVE-2008-4975 (mkmailpost in newsgate 1.6 allows local users to overwrite arbitrary ...)
- newsgate <removed> (low; bug #496437)
[etch] - newsgate <no-dsa> (Non-free not supported)
-CVE-2008-4973 [myspell: insecure temp files]
+CVE-2008-4973 (i2myspell in myspell 3.1 allows local users to overwrite arbitrary ...)
- myspell 1:3.0+pre3.1-21 (low; bug #496392)
[etch] - myspell <no-dsa> (Minor issue)
-CVE-2008-4976 [insecure temp file in ogle]
+CVE-2008-4976 (ogle 0.9.2 and ogle-mmx 0.9.2 allow local users to overwrite arbitrary ...)
- ogle <unfixed> (unimportant; bug #496420; bug #496425)
NOTE: This only affects debugging scripts not present in standard path
CVE-2008-3789 (Samba 3.2.0 uses weak permissions (0666) for the (1) group_mapping.tdb ...)
@@ -2861,20 +2862,20 @@
CVE-2008-XXXX [insecure temp file in nvi]
- nvi 1.81.6-4 (low; bug #496462)
[etch] - nvi <no-dsa> (Minor issue, only exploitable in postinst)
-CVE-2008-4982 [rkhunter: insecure temp file]
+CVE-2008-4982 (rkhunter in rkhunter 1.3.2 allows local users to overwrite arbitrary ...)
- rkhunter 1.3.2-6 (low; bug #496375)
[etch] - rkhunter <no-dsa> (Minor issue, only in debug mode)
-CVE-2008-4984 [scratchbox2: insecure temp file]
+CVE-2008-4984 (scratchbox2 1.99.0.24 allows local users to overwrite arbitrary files ...)
- scratchbox2 1.99.0.24-2 (low; bug #496409)
-CVE-2008-4981 [realtimebattle: insecure temp file]
+CVE-2008-4981 (perl.robot in realtimebattle 1.0.8 allows local users to overwrite ...)
- realtimebattle 1.0.8-8 (low; bug #496385)
[etch] - realtimebattle <no-dsa> (Minor issue)
-CVE-2008-4972 [mgt: insecure temp file]
+CVE-2008-4972 (mailgo in mgt 2.31 allows local users to overwrite arbitrary files via ...)
- mgt 2.31-6 (low; bug #496434)
[etch] - mgt <no-dsa> (Minor issue)
CVE-2008-XXXX [twiki: insecure temp file]
- twiki 1:4.1.2-4 (low; bug #494648)
-CVE-2008-4971 [mafft: insecure temp file]
+CVE-2008-4971 (mafft-homologs in mafft 6.240 allows local users to overwrite ...)
- mafft 6.240-2 (low; bug #496366)
CVE-2008-XXXX [xen-3: insecure temp file]
- xen-3 <unfixed> (low; bug #496367)
@@ -2891,13 +2892,13 @@
CVE-2008-4935 (asciiview in aview 1.3.0 allows local users to overwrite arbitrary ...)
- aview 1.3.0rc1-8.1 (low; bug #496422)
[etch] - aview <no-dsa> (Minor issue)
-CVE-2008-4956 [fwbuilder: insecure temp file]
+CVE-2008-4956 (fwb_install in fwbuilder 2.1.19 allows local users to overwrite ...)
- fwbuilder 2.1.19-5 (low; bug #496406)
[etch] - fwbuilder <no-dsa> (Minor issue)
CVE-2008-4440 (The to-upgrade plugin in feta 1.4.16 allows local users to overwrite ...)
{DSA-1643-1}
- feta 1.4.16+nmu1 (low; bug #496397)
-CVE-2008-4977 [postfix: insecure temp file]
+CVE-2008-4977 (** DISPUTED ** ...)
- postfix <unfixed> (unimportant; bug #496401)
NOTE: Not enabled by default, needs manual modification of a script
CVE-2008-4944 (writtercontrol in cdcontrol 1.90 allows local users to overwrite ...)
@@ -2906,14 +2907,14 @@
CVE-2008-XXXX [sgml2x: insecure temp file]
- sgml2x 1.0.0-11.2 (low; bug #496368)
[etch] - sgml2x <no-dsa> (Minor issue)
-CVE-2008-4951 [dtc-common: insecure temp file]
+CVE-2008-4951 (dtc 0.29.6 allows local users to overwrite arbitrary files via a ...)
- dtc 0.29.10-1 (low; bug #496362)
CVE-2008-XXXX [liguidsoap: insecure temp file]
- liguidsoap <unfixed> (low; bug #496360)
CVE-2008-XXXX [xmcd: insecure temp file]
- xmcd 2.6-21 (low; bug #496416)
[etch] - xmcd <no-dsa> (Minor issue)
-CVE-2008-4988 [xcal: insecure temp file]
+CVE-2008-4988 (pscal in xcal 4.1 allows local users to overwrite arbitrary files via ...)
- xcal 4.1-19 (low; bug #496393)
[etch] - xcal <no-dsa> (Minor issue)
CVE-2008-3791 (src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop ...)
@@ -2929,14 +2930,14 @@
NOTE: http://sourceforge.net/tracker/index.php?func=detail&aid=2019492&group_id=180858&atid=894869
NOTE: non-issue, not exploitable by other users
NOTE: CVE id requested
-CVE-2008-4937 [openoffice: insecure temp file]
+CVE-2008-4937 (senddoc in OpenOffice.org (OOo) 2.4.1 allows local users to overwrite ...)
- openoffice.org 1:2.4.1-8 (low; bug #496361)
[etch] - openoffice.org <not-affected> (Vulnerable code not present)
NOTE: also not present in 3.0.0, only in 2.4.1. Fix pending upload.
-CVE-2008-4979 [rancid: insecure temp file]
+CVE-2008-4979 (getipacctg in rancid 2.3.2~a8 allows local users to overwrite ...)
- rancid 2.3.2~a8-2 (low; bug #496426)
[etch] - rancid <no-dsa> (Minor issue)
-CVE-2008-4985 [vdr: insecure temp file]
+CVE-2008-4985 (vdrleaktest in vdr 1.6.0 allows local users to overwrite arbitrary ...)
- vdr 1.6.0-6 (low; bug #496421)
[etch] - vdr <not-affected> (Vulnerable code not present)
CVE-2008-XXXX [lazarus: insecure temp file]
More information about the Secure-testing-commits
mailing list