[Secure-testing-commits] r10432 - data/CVE
atomo64-guest at alioth.debian.org
atomo64-guest at alioth.debian.org
Thu Nov 20 02:27:47 UTC 2008
Author: atomo64-guest
Date: 2008-11-20 02:27:46 +0000 (Thu, 20 Nov 2008)
New Revision: 10432
Modified:
data/CVE/list
Log:
Processed in detail some of the recent issues, and marked the previous ltp issue as unfixed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-11-20 01:41:10 UTC (rev 10431)
+++ data/CVE/list 2008-11-20 02:27:46 UTC (rev 10432)
@@ -1,5 +1,5 @@
CVE-2008-5160 (Unspecified vulnerability in MyServer 0.8.11 allows remote attackers ...)
- TODO: check
+ - msp-webserver <unfixed> (bug #506268)
CVE-2008-5159 (Integer overflow in the remote administration protocol processing in ...)
TODO: check
CVE-2008-5158 (Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote ...)
@@ -7,29 +7,38 @@
CVE-2008-5157 (tau 2.16.4 allows local users to overwrite arbitrary files via a ...)
- tau <unfixed>
CVE-2008-5156 (si_mkbootserver in systemimager-server 3.6.3 allows local users to ...)
- - systemimager <unfixed>
+ - systemimager <unfixed> (bug #506269)
CVE-2008-5155 (mail2sms.sh in smsclient 2.0.8z allows local users to overwrite ...)
- smsclient <unfixed> (bug #498901)
CVE-2008-5154 (bluetooth.rc in p3nfs 5.19 allows local users to overwrite arbitrary ...)
- - p3nfs <unfixed>
+ - p3nfs <unfixed> (bug #506270)
CVE-2008-5153 (spell-check-logic.cgi in Moodle 1.8.2 allows local users to overwrite ...)
- - moodle <unfixed>
+ - moodle <unfixed> (unimportant)
+ NOTE: manual editing of file is required to run the unsafe code
CVE-2008-5152 (inmail-show in mh-book 200605 allows local users to overwrite ...)
- - mh-book <unfixed>
+ - mh-book <unfixed> (low)
+ NOTE: unsafe code is in example script
CVE-2008-5151 (test_parser.py in mayavi 1.5 allows local users to overwrite arbitrary ...)
- - mayavi <unfixed>
+ - mayavi <unfixed> (unimportant)
+ NOTE: just a comment, not code
CVE-2008-5150 (sample.sh in maildirsync 1.1 allows local users to append data to ...)
- - maildirsync <unfixed>
+ - maildirsync <unfixed> (low)
+ NOTE: unsafe code is in example script
CVE-2008-5149 (fwd_check.sh in libncbi6 6.1.20080302 allows local users to overwrite ...)
- - ncbi-tools6 <unfixed>
+ - ncbi-tools6 <unfixed> (low)
+ NOTE: unsafe code is in example script
CVE-2008-5148 (sch2eaglepos.sh in geda-gnetlist 1.4.0 allows local users to overwrite ...)
- - geda-gnetlist <unfixed>
+ - geda-gnetlist <unfixed> (low)
+ NOTE: unsafe code is in example script
CVE-2008-5147 (test-pipe-to-pyodconverter.org.sh in docvert 2.4 allows local users to ...)
- - docvert <unfixed>
+ - docvert <unfixed> (unimportant)
+ NOTE: unsafe code is in test script with multiple hardcoded files
CVE-2008-5146 (add-accession-numbers in ctn 3.0.6 allows local users to overwrite ...)
- - ctn <unfixed>
+ - ctn <unfixed> (low)
+ NOTE: unsafe code is in example script
CVE-2008-5145 (ltpmenu in ltp 20060918 allows local users to overwrite arbitrary ...)
- - ltp <unfixed>
+ - ltp <unfixed> (bug #506272)
+ NOTE: this is not the same as CVE-2008-4969
CVE-2008-5144 (nvidia-cg-toolkit-installer in nvidia-cg-toolkit 2.0.0015 allows local ...)
- nvidia-cg-toolkit <unfixed>
CVE-2008-5143 (mgt-helper in multi-gnome-terminal 1.6.2 allows local users to ...)
@@ -1656,7 +1665,7 @@
CVE-2008-4396 (Stack-based buffer overflow in Safer Networking FileAlyzer 1.6.0.0 and ...)
NOT-FOR-US: Safer Networking FileAlyzer
CVE-2008-4969 (ltp-network-test 20060918 allows local users to overwrite arbitrary ...)
- - ltp 20060918-3 (low; bug #496411)
+ - ltp <unfixed> (low; bug #496411)
[etch] - ltp <no-dsa> (Documented to be only suitable for single user setups currently)
CVE-2008-4954 (mead.pl in fml 4.0.3 allows local users to overwrite arbitrary files ...)
- fml <removed> (low; bug #496370)
More information about the Secure-testing-commits
mailing list