[Secure-testing-commits] r10432 - data/CVE

atomo64-guest at alioth.debian.org atomo64-guest at alioth.debian.org
Thu Nov 20 02:27:47 UTC 2008


Author: atomo64-guest
Date: 2008-11-20 02:27:46 +0000 (Thu, 20 Nov 2008)
New Revision: 10432

Modified:
   data/CVE/list
Log:
Processed in detail some of the recent issues, and marked the previous ltp issue as unfixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-11-20 01:41:10 UTC (rev 10431)
+++ data/CVE/list	2008-11-20 02:27:46 UTC (rev 10432)
@@ -1,5 +1,5 @@
 CVE-2008-5160 (Unspecified vulnerability in MyServer 0.8.11 allows remote attackers ...)
-	TODO: check
+	- msp-webserver <unfixed> (bug #506268)
 CVE-2008-5159 (Integer overflow in the remote administration protocol processing in ...)
 	TODO: check
 CVE-2008-5158 (Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote ...)
@@ -7,29 +7,38 @@
 CVE-2008-5157 (tau 2.16.4 allows local users to overwrite arbitrary files via a ...)
 	- tau <unfixed>
 CVE-2008-5156 (si_mkbootserver in systemimager-server 3.6.3 allows local users to ...)
-	- systemimager <unfixed>
+	- systemimager <unfixed> (bug #506269)
 CVE-2008-5155 (mail2sms.sh in smsclient 2.0.8z allows local users to overwrite ...)
 	- smsclient <unfixed> (bug #498901)
 CVE-2008-5154 (bluetooth.rc in p3nfs 5.19 allows local users to overwrite arbitrary ...)
-	- p3nfs <unfixed>
+	- p3nfs <unfixed> (bug #506270)
 CVE-2008-5153 (spell-check-logic.cgi in Moodle 1.8.2 allows local users to overwrite ...)
-	- moodle <unfixed>
+	- moodle <unfixed> (unimportant)
+	NOTE: manual editing of file is required to run the unsafe code
 CVE-2008-5152 (inmail-show in mh-book 200605 allows local users to overwrite ...)
-	- mh-book <unfixed>
+	- mh-book <unfixed> (low)
+	NOTE: unsafe code is in example script
 CVE-2008-5151 (test_parser.py in mayavi 1.5 allows local users to overwrite arbitrary ...)
-	- mayavi <unfixed>
+	- mayavi <unfixed> (unimportant)
+	NOTE: just a comment, not code
 CVE-2008-5150 (sample.sh in maildirsync 1.1 allows local users to append data to ...)
-	- maildirsync <unfixed>
+	- maildirsync <unfixed> (low)
+	NOTE: unsafe code is in example script
 CVE-2008-5149 (fwd_check.sh in libncbi6 6.1.20080302 allows local users to overwrite ...)
-	- ncbi-tools6 <unfixed>
+	- ncbi-tools6 <unfixed> (low)
+	NOTE: unsafe code is in example script
 CVE-2008-5148 (sch2eaglepos.sh in geda-gnetlist 1.4.0 allows local users to overwrite ...)
-	- geda-gnetlist <unfixed>
+	- geda-gnetlist <unfixed> (low)
+	NOTE: unsafe code is in example script
 CVE-2008-5147 (test-pipe-to-pyodconverter.org.sh in docvert 2.4 allows local users to ...)
-	- docvert <unfixed>
+	- docvert <unfixed> (unimportant)
+	NOTE: unsafe code is in test script with multiple hardcoded files
 CVE-2008-5146 (add-accession-numbers in ctn 3.0.6 allows local users to overwrite ...)
-	- ctn <unfixed>
+	- ctn <unfixed> (low)
+	NOTE: unsafe code is in example script
 CVE-2008-5145 (ltpmenu in ltp 20060918 allows local users to overwrite arbitrary ...)
-	- ltp <unfixed>
+	- ltp <unfixed> (bug #506272)
+	NOTE: this is not the same as CVE-2008-4969
 CVE-2008-5144 (nvidia-cg-toolkit-installer in nvidia-cg-toolkit 2.0.0015 allows local ...)
 	- nvidia-cg-toolkit <unfixed>
 CVE-2008-5143 (mgt-helper in multi-gnome-terminal 1.6.2 allows local users to ...)
@@ -1656,7 +1665,7 @@
 CVE-2008-4396 (Stack-based buffer overflow in Safer Networking FileAlyzer 1.6.0.0 and ...)
 	NOT-FOR-US: Safer Networking FileAlyzer
 CVE-2008-4969 (ltp-network-test 20060918 allows local users to overwrite arbitrary ...)
-	- ltp 20060918-3 (low; bug #496411)
+	- ltp <unfixed> (low; bug #496411)
 	[etch] - ltp <no-dsa> (Documented to be only suitable for single user setups currently)
 CVE-2008-4954 (mead.pl in fml 4.0.3 allows local users to overwrite arbitrary files ...)
 	- fml <removed> (low; bug #496370)




More information about the Secure-testing-commits mailing list