[Secure-testing-commits] r10445 - data/CVE
nion at alioth.debian.org
nion at alioth.debian.org
Fri Nov 21 02:00:25 UTC 2008
Author: nion
Date: 2008-11-21 02:00:24 +0000 (Fri, 21 Nov 2008)
New Revision: 10445
Modified:
data/CVE/list
Log:
cveified geshi, CVE-2008-5186 non-issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-11-21 00:37:14 UTC (rev 10444)
+++ data/CVE/list 2008-11-21 02:00:24 UTC (rev 10445)
@@ -33,7 +33,7 @@
RESERVED
CVE-2008-5161 (Error handling in the SSH protocol in (1) SSH Tectia Client and Server ...)
TODO: check
-CVE-2008-XXXX [geshi infinite loop]
+CVE-2008-5185 [geshi infinite loop]
- php-geshi <unfixed> (medium)
NOTE: CVE id requested
NOTE: the maintainer is aware of this
@@ -598,8 +598,9 @@
CVE-2008-4907 (The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the ...)
- dovecot <not-affected> (Vulnerable code not present prior to 1.1.4)
TODO: check again if >= 1.1.4 gets uploaded
-CVE-2008-XXXX [GeSHi: Unspecified Code Execution Vulnerability]
- - geshi 1.0.8.1-1 (bug #504445)
+CVE-2008-5186 [GeSHi: Unspecified Code Execution Vulnerability]
+ - geshi 1.0.8.1-1 (unimportant; bug #504445)
+ NOTE: its rather an application bug if the input to set_language_path is unfiltered user input
NOTE: http://comments.gmane.org/gmane.comp.security.oss.general/1152
[lenny] - geshi <no-dsa> (Should be sanitised from the app using geshi)
[etch] - geshi <no-dsa> (Should be sanitised from the app using geshi)
More information about the Secure-testing-commits
mailing list