[Secure-testing-commits] r10446 - data/CVE

atomo64-guest at alioth.debian.org atomo64-guest at alioth.debian.org
Fri Nov 21 02:07:18 UTC 2008 

Author: atomo64-guest
Date: 2008-11-21 02:07:18 +0000 (Fri, 21 Nov 2008)
New Revision: 10446

Modified:
   data/CVE/list
Log:
CVEified some issues and clarified the situation of the two similar CVEs for smarty


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-11-21 02:00:24 UTC (rev 10445)
+++ data/CVE/list	2008-11-21 02:07:18 UTC (rev 10446)
@@ -1,3 +1,5 @@
+CVE-2008-5187 [buffer overflow in the XPM loader in imlib2]
+	- imlib2 <unfixed> (bug #505714)
 CVE-2008-XXXX [php5 safe mode bypass via php_value error_log in .htaccess]
 	- php5 <unfixed> (unimportant)
 	NOTE: http://securityreason.com/achievement_securityalert/57
@@ -112,7 +114,7 @@
 	TODO: check
 CVE-2008-5133 (ipnat in IP Filter in Sun Solaris 10 and OpenSolaris before snv_96, ...)
 	TODO: check
-CVE-2008-XXXX [cupsd crashes when more than 100 rss subscriptions are added]
+CVE-2008-5183 [cupsd crashes when more than 100 rss subscriptions are added]
 	- cups <unfixed> (bug #506180)
 	[etch] - cupsys <not-affected> (RSS subscription code not yet present)
 CVE-2008-XXXX [no-ip DUC remote code execution]
@@ -737,6 +739,7 @@
 CVE-2008-4829 [Streamripper Multiple Buffer Overflow Vulnerabilities]
 	- streamripper <unfixed> (bug #506377)
 	NOTE: http://secunia.com/secunia_research/2008-50/
+	TODO: check version in etch
 CVE-2008-4828
 	RESERVED
 CVE-2008-4827
@@ -775,14 +778,12 @@
 	- smarty <unfixed> (bug #504328)
 	- moodle 1.8.2-2 (bug #504345)
 	[etch] - gallery2 <unfixed>
-	NOTE: this issue is SA32329
-	NOTE: trying to clarify on oss-sec, why there are two CVEs
+	NOTE: This attack vector is *not* fixed in r2797
 CVE-2008-4810 (The _expand_quoted_text function in libs/Smarty_Compiler.class.php in ...)
 	- smarty <unfixed> (bug #504328)
 	- moodle 1.8.2-2 (bug #504345)
 	[etch] - gallery2 <unfixed>
-	NOTE: this issue is SA32329
-	NOTE: trying to clarify on oss-sec, why there are two CVEs
+	NOTE: This attack vector is fixed in r2797
 CVE-2008-4809 (Multiple unspecified vulnerabilities in the Profiles search pages in ...)
 	NOT-FOR-US: IBM Lotus Connections
 CVE-2008-4808 (IBM Lotus Connections 2.x before 2.0.1 allows attackers to discover ...)

More information about the Secure-testing-commits mailing list