[Secure-testing-commits] r10441 - data/CVE

atomo64-guest at alioth.debian.org atomo64-guest at alioth.debian.org
Thu Nov 20 21:38:53 UTC 2008


Author: atomo64-guest
Date: 2008-11-20 21:38:53 +0000 (Thu, 20 Nov 2008)
New Revision: 10441

Modified:
   data/CVE/list
Log:
Commented on some issues, filed some bugs, NFUs, and one new issue in mailscanner and another one in php5


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-11-20 21:14:15 UTC (rev 10440)
+++ data/CVE/list	2008-11-20 21:38:53 UTC (rev 10441)
@@ -1,3 +1,8 @@
+CVE-2008-XXXX [php5 safe mode bypass via php_value error_log in .htaccess]
+	- php5 <unfixed> (unimportant)
+	NOTE: http://securityreason.com/achievement_securityalert/57
+CVE-2008-XXXX [multiple insecure temp files issues in mailscanner]
+	- mailscanner <unfixed> (bug #506353)
 CVE-2008-5175 (Directory traversal vulnerability in the FTP client in AceFTP Freeware ...)
 	TODO: check
 CVE-2008-5174 (SQL injection vulnerability in joke.php in Jokes Complete Website ...)
@@ -21,9 +26,9 @@
 CVE-2008-5165 (Multiple SQL injection vulnerabilities in eTicket 1.5.7 allow remote ...)
 	TODO: check
 CVE-2008-5164 (Multiple cross-site scripting (XSS) vulnerabilities in The Rat CMS ...)
-	TODO: check
+	NOT-FOR-US: The Rat CMS
 CVE-2008-5163 (Multiple SQL injection vulnerabilities in The Rat CMS Pre-Alpha 2 ...)
-	TODO: check
+	NOT-FOR-US: The Rat CMS
 CVE-2008-5162
 	RESERVED
 CVE-2008-5161 (Error handling in the SSH protocol in (1) SSH Tectia Client and Server ...)
@@ -40,7 +45,7 @@
 CVE-2008-5158 (Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote ...)
 	TODO: check
 CVE-2008-5157 (tau 2.16.4 allows local users to overwrite arbitrary files via a ...)
-	- tau <unfixed>
+	- tau <unfixed> (bug #506348)
 CVE-2008-5156 (si_mkbootserver in systemimager-server 3.6.3 allows local users to ...)
 	- systemimager <unfixed> (bug #506269)
 CVE-2008-5155 (mail2sms.sh in smsclient 2.0.8z allows local users to overwrite ...)
@@ -75,24 +80,32 @@
 	- ltp <unfixed> (bug #506272)
 	NOTE: this is not the same as CVE-2008-4969
 CVE-2008-5144 (nvidia-cg-toolkit-installer in nvidia-cg-toolkit 2.0.0015 allows local ...)
-	- nvidia-cg-toolkit <unfixed>
+	- nvidia-cg-toolkit <unfixed> (unimportant)
+	NOTE: -installer can be run from postinst but unsafe code is only executed when a special option is used when manually running the installer
 CVE-2008-5143 (mgt-helper in multi-gnome-terminal 1.6.2 allows local users to ...)
 	[etch] - multi-gnome-terminal <unfixed>
 	- multi-gnome-terminal <removed>
 CVE-2008-5142 (sendbug in freebsd-sendpr 3.113+5.3 on Debian GNU/Linux allows local ...)
-	- freebsd-sendpr <unfixed>
+	- freebsd-sendpr <unfixed> (unimportant)
+	NOTE: code is only executed when the script to send bug reports fails
 CVE-2008-5141 (flamethrower in flamethrower 0.1.8 allows local users to overwrite ...)
-	- flamethrower <unfixed>
+	- flamethrower <unfixed> (bug #506350)
 CVE-2008-5140 (trend-autoupdate.new in mailscanner 4.55.10 allows local users to ...)
-	- mailscanner <unfixed>
+	[etch] - mailscanner <no-dsa> (unimportant)
+	- mailscanner <not-affected> (affected file no longer present)
+	NOTE: script should only be used when the private Trend Micro antivirus is installed
 CVE-2008-5139 (updatejail in jailer 0.4 allows local users to overwrite arbitrary ...)
 	- jailer <unfixed>
+	TODO: @raphael: comment on the issue
 CVE-2008-5138 (passwdehd in libpam-mount 0.43 allows local users to overwrite ...)
 	- libpam-mount <unfixed>
+	TODO: @raphael: comment on the issue
 CVE-2008-5137 (tkman in tkman 2.2 allows local users to overwrite arbitrary files via ...)
 	- tkman <unfixed>
+	TODO: @raphael: comment on the issue
 CVE-2008-5136 (tkusr in tkusr 0.82 allows local users to overwrite arbitrary files ...)
 	- tkusr <unfixed>
+	TODO: @raphael: comment on the issue
 CVE-2008-5135 (** DISPUTED ** ...)
 	- os-prober <unfixed> (unimportant)
 CVE-2008-5134 (Buffer overflow in the lbs_process_bss function in ...)




More information about the Secure-testing-commits mailing list