[Secure-testing-commits] r10379 - data/CVE

joeyh at alioth.debian.org joeyh at alioth.debian.org
Wed Nov 12 21:14:14 UTC 2008 

Author: joeyh
Date: 2008-11-12 21:14:14 +0000 (Wed, 12 Nov 2008)
New Revision: 10379

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-11-12 16:18:31 UTC (rev 10378)
+++ data/CVE/list	2008-11-12 21:14:14 UTC (rev 10379)
@@ -1,3 +1,39 @@
+CVE-2008-5034 (** DISPUTED ** ...)
+	TODO: check
+CVE-2008-5033 (The chip_command function in drivers/media/video/tvaudio.c in the ...)
+	TODO: check
+CVE-2008-5031 (Multiple integer overflows in Python 2.5.2 allow context-dependent ...)
+	TODO: check
+CVE-2008-5030 (Heap-based buffer overflow in the cddb_read_disc_data function in ...)
+	TODO: check
+CVE-2008-5024
+	RESERVED
+CVE-2008-5023
+	RESERVED
+CVE-2008-5022
+	RESERVED
+CVE-2008-5021
+	RESERVED
+CVE-2008-5020
+	RESERVED
+CVE-2008-5019
+	RESERVED
+CVE-2008-5018
+	RESERVED
+CVE-2008-5017
+	RESERVED
+CVE-2008-5016
+	RESERVED
+CVE-2008-5015
+	RESERVED
+CVE-2008-5014
+	RESERVED
+CVE-2008-5013
+	RESERVED
+CVE-2008-5012
+	RESERVED
+CVE-2008-5010 (in.dhcpd in the DHCP implementation in Sun Solaris 8 through 10, and ...)
+	TODO: check
 CVE-2008-XXXX [OptiPNG BMP Reader Buffer Overflow]
 	- optipng <unfixed> (bug #505399)
 	NOTE: This is SA32651
@@ -3,16 +39,17 @@
 CVE-2008-XXXX [tor: changing user does not clear supplementary group entries]
 	- tor <unfixed> (bug #505178)
-CVE-2008-5035
+CVE-2008-5035 (The Resource Monitoring and Control (RMC) daemon in IBM Hardware ...)
 	NOT-FOR-US: IBM Hardware Management Console
-CVE-2008-5026
+CVE-2008-5026 (Microsoft SharePoint uses URLs with the same hostname and port number ...)
 	NOT-FOR-US: Microsoft
-CVE-2008-5011
+CVE-2008-5011 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus ...)
 	NOT-FOR-US: IBM Lotus Quickr
-CVE-2008-5009
+CVE-2008-5009 (Race condition in the s_xout kernel module in Sun Solstice X.25 9.2, ...)
 	NOT-FOR-US: Sun Solstice X.25
 CVE-2008-5025 [kernel: one more hfsplus issue]
+	RESERVED
 	- linux-2.6 <unfixed>
 	- linux-2.6.24 <unfixed>
-CVE-2008-5029 [kernel: net/core/scm.c DoS]
+CVE-2008-5029 (The __scm_destroy function in net/core/scm.c in the Linux kernel ...)
 	- linux-2.6 <unfixed>
 	- linux-2.6.24 <unfixed>
@@ -22,8 +59,10 @@
 CVE-2008-5008 (Buffer overflow in src/src_sinc.c in Secret Rabbit Code (aka SRC or ...)
 	- libsamplerate 0.1.4-1
 CVE-2008-5006 (smtp.c in the c-client library in University of Washington IMAP ...)
+	{DTSA-174-1}
 	- uw-imap 7:2007d~dfsg-1
 CVE-2008-5005 (Multiple stack-based buffer overflows in (1) University of Washington ...)
+	{DTSA-174-1}
 	[lenny] - uw-imap 2007b~dfsg-4+lenny1
 	- uw-imap 7:2007d~dfsg-1
 	- alpine <not-affected> (vulnerable code present but tmail/dmail wont be installed)
@@ -83,10 +122,10 @@
 	NOT-FOR-US: U-Mail Webmail server
 CVE-2008-XXXX [universalindentgui insecure usage of temp files]
 	- universalindentgui <unfixed> (low; bug #504726)
-CVE-2008-5032 [vlc buffer overflow in cue handling]
+CVE-2008-5032 (Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through ...)
 	{DTSA-176-1}
 	- vlc 0.8.6.h-5 (medium; bug #504639)
-CVE-2008-5036 [vlc buffer overflow in realtext subtitle parsing]
+CVE-2008-5036 (Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before ...)
 	- vlc <not-affected> (Vulnerable code not present in 0.8.x)
 	TODO: recheck if 0.9 gets uploaded to unstable
 CVE-2008-4931 (Cross-site scripting (XSS) vulnerability in the account module in ...)
@@ -118,11 +157,11 @@
 	NOT-FOR-US: eXPert PDF Viewer X ActiveX
 CVE-2008-4918 (Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced ...)
 	NOT-FOR-US: SonicOS Enhanced
-CVE-2008-5027 [command injection in nagios]
+CVE-2008-5027 (The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor ...)
 	- nagios3 <unfixed> (unimportant)
 	NOTE: the nagios process shouldnt have rights to execute important commands and non-trusted
 	NOTE: users shouldn't have access to nagios anyway
-CVE-2008-5028 [CSRF in nagios]
+CVE-2008-5028 (Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) ...)
 	- nagios3 <unfixed> (low; bug #504894)
 	[etch] - nagios2 <no-dsa> (CSRF can only cause DoS and needs admin's browser)
 	TODO: check nagios2
@@ -1370,8 +1409,7 @@
 	RESERVED
 CVE-2008-4388
 	RESERVED
-CVE-2008-4387
-	RESERVED
+CVE-2008-4387 (Unspecified vulnerability in the Simba MDrmSap ActiveX control in ...)
 	NOT-FOR-US: ActiveX
 CVE-2008-4386
 	RESERVED
@@ -1807,7 +1845,7 @@
 	- redhat-cluster 2.20081102-1 (bug #496410; low)
 CVE-2008-4191 (extract-table.pl in Emacspeak 26 and 28 allows local users to ...)
 	- emacspeak 28.0-2 (bug #496431; low)
-        [lenny] - emacspeak 26.0-3+lenny1 
+	[lenny] - emacspeak 26.0-3+lenny1 
 	[etch] - emacspeak <no-dsa> (Minor issue)
 CVE-2008-4190 (The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x ...)
 	- openswan 1:2.4.12+dfsg-1.3 (bug #496374; low)

More information about the Secure-testing-commits mailing list