[Secure-testing-commits] r10441 - data/CVE
atomo64-guest at alioth.debian.org
atomo64-guest at alioth.debian.org
Thu Nov 20 21:38:53 UTC 2008
Author: atomo64-guest
Date: 2008-11-20 21:38:53 +0000 (Thu, 20 Nov 2008)
New Revision: 10441
Modified:
data/CVE/list
Log:
Commented on some issues, filed some bugs, NFUs, and one new issue in mailscanner and another one in php5
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-11-20 21:14:15 UTC (rev 10440)
+++ data/CVE/list 2008-11-20 21:38:53 UTC (rev 10441)
@@ -1,3 +1,8 @@
+CVE-2008-XXXX [php5 safe mode bypass via php_value error_log in .htaccess]
+ - php5 <unfixed> (unimportant)
+ NOTE: http://securityreason.com/achievement_securityalert/57
+CVE-2008-XXXX [multiple insecure temp files issues in mailscanner]
+ - mailscanner <unfixed> (bug #506353)
CVE-2008-5175 (Directory traversal vulnerability in the FTP client in AceFTP Freeware ...)
TODO: check
CVE-2008-5174 (SQL injection vulnerability in joke.php in Jokes Complete Website ...)
@@ -21,9 +26,9 @@
CVE-2008-5165 (Multiple SQL injection vulnerabilities in eTicket 1.5.7 allow remote ...)
TODO: check
CVE-2008-5164 (Multiple cross-site scripting (XSS) vulnerabilities in The Rat CMS ...)
- TODO: check
+ NOT-FOR-US: The Rat CMS
CVE-2008-5163 (Multiple SQL injection vulnerabilities in The Rat CMS Pre-Alpha 2 ...)
- TODO: check
+ NOT-FOR-US: The Rat CMS
CVE-2008-5162
RESERVED
CVE-2008-5161 (Error handling in the SSH protocol in (1) SSH Tectia Client and Server ...)
@@ -40,7 +45,7 @@
CVE-2008-5158 (Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote ...)
TODO: check
CVE-2008-5157 (tau 2.16.4 allows local users to overwrite arbitrary files via a ...)
- - tau <unfixed>
+ - tau <unfixed> (bug #506348)
CVE-2008-5156 (si_mkbootserver in systemimager-server 3.6.3 allows local users to ...)
- systemimager <unfixed> (bug #506269)
CVE-2008-5155 (mail2sms.sh in smsclient 2.0.8z allows local users to overwrite ...)
@@ -75,24 +80,32 @@
- ltp <unfixed> (bug #506272)
NOTE: this is not the same as CVE-2008-4969
CVE-2008-5144 (nvidia-cg-toolkit-installer in nvidia-cg-toolkit 2.0.0015 allows local ...)
- - nvidia-cg-toolkit <unfixed>
+ - nvidia-cg-toolkit <unfixed> (unimportant)
+ NOTE: -installer can be run from postinst but unsafe code is only executed when a special option is used when manually running the installer
CVE-2008-5143 (mgt-helper in multi-gnome-terminal 1.6.2 allows local users to ...)
[etch] - multi-gnome-terminal <unfixed>
- multi-gnome-terminal <removed>
CVE-2008-5142 (sendbug in freebsd-sendpr 3.113+5.3 on Debian GNU/Linux allows local ...)
- - freebsd-sendpr <unfixed>
+ - freebsd-sendpr <unfixed> (unimportant)
+ NOTE: code is only executed when the script to send bug reports fails
CVE-2008-5141 (flamethrower in flamethrower 0.1.8 allows local users to overwrite ...)
- - flamethrower <unfixed>
+ - flamethrower <unfixed> (bug #506350)
CVE-2008-5140 (trend-autoupdate.new in mailscanner 4.55.10 allows local users to ...)
- - mailscanner <unfixed>
+ [etch] - mailscanner <no-dsa> (unimportant)
+ - mailscanner <not-affected> (affected file no longer present)
+ NOTE: script should only be used when the private Trend Micro antivirus is installed
CVE-2008-5139 (updatejail in jailer 0.4 allows local users to overwrite arbitrary ...)
- jailer <unfixed>
+ TODO: @raphael: comment on the issue
CVE-2008-5138 (passwdehd in libpam-mount 0.43 allows local users to overwrite ...)
- libpam-mount <unfixed>
+ TODO: @raphael: comment on the issue
CVE-2008-5137 (tkman in tkman 2.2 allows local users to overwrite arbitrary files via ...)
- tkman <unfixed>
+ TODO: @raphael: comment on the issue
CVE-2008-5136 (tkusr in tkusr 0.82 allows local users to overwrite arbitrary files ...)
- tkusr <unfixed>
+ TODO: @raphael: comment on the issue
CVE-2008-5135 (** DISPUTED ** ...)
- os-prober <unfixed> (unimportant)
CVE-2008-5134 (Buffer overflow in the lbs_process_bss function in ...)
More information about the Secure-testing-commits
mailing list