[Secure-testing-commits] r10451 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Fri Nov 21 21:14:18 UTC 2008
Author: joeyh
Date: 2008-11-21 21:14:18 +0000 (Fri, 21 Nov 2008)
New Revision: 10451
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-11-21 11:56:02 UTC (rev 10450)
+++ data/CVE/list 2008-11-21 21:14:18 UTC (rev 10451)
@@ -1,4 +1,24 @@
-CVE-2008-5187 [buffer overflow in the XPM loader in imlib2]
+CVE-2008-5189 (CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows ...)
+ TODO: check
+CVE-2008-5188 (The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and ...)
+ TODO: check
+CVE-2008-5184 (The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the ...)
+ TODO: check
+CVE-2008-5182 (The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might ...)
+ TODO: check
+CVE-2008-5181 (Microsoft Communicator allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2008-5180 (Microsoft Communicator allows remote attackers to cause a denial of ...)
+ TODO: check
+CVE-2008-5179 (Unspecified vulnerability in Microsoft Office Communications Server ...)
+ TODO: check
+CVE-2008-5178 (Heap-based buffer overflow in Opera 9.62 on Windows allows remote ...)
+ TODO: check
+CVE-2008-5177 (Stack-based buffer overflow in the DtbClsLogin function in Yosemite ...)
+ TODO: check
+CVE-2008-5176 (Multiple buffer overflows in Client Software WinCom LPD Total ...)
+ TODO: check
+CVE-2008-5187 (The load function in the XPM loader for imlib2 1.4.2, and possibly ...)
- imlib2 <unfixed> (bug #505714)
CVE-2008-XXXX [php5 safe mode bypass via php_value error_log in .htaccess]
- php5 <unfixed> (unimportant)
@@ -35,7 +55,7 @@
RESERVED
CVE-2008-5161 (Error handling in the SSH protocol in (1) SSH Tectia Client and Server ...)
TODO: check
-CVE-2008-5185 [geshi infinite loop]
+CVE-2008-5185 (The highlighting functionality in geshi.php in GeSHi before 1.0.8 ...)
- php-geshi <unfixed> (medium)
NOTE: CVE id requested
NOTE: the maintainer is aware of this
@@ -114,7 +134,7 @@
TODO: check
CVE-2008-5133 (ipnat in IP Filter in Sun Solaris 10 and OpenSolaris before snv_96, ...)
TODO: check
-CVE-2008-5183 [cupsd crashes when more than 100 rss subscriptions are added]
+CVE-2008-5183 (cupsd in CUPS before 1.3.8 allows local users, and possibly remote ...)
- cups <unfixed> (bug #506180)
[etch] - cupsys <not-affected> (RSS subscription code not yet present)
CVE-2008-XXXX [no-ip DUC remote code execution]
@@ -327,7 +347,7 @@
- linux-2.6 2.6.26-11
[etch] - linux-2.6.24 <not-affected> (Vulnerable code not present; different ioctls3B)
[etch] - linux-2.6 <not-affected> (Vulnerable code not present; different ioctls)
-CVE-2008-5031 (Multiple integer overflows in Python 2.5.2 allow context-dependent ...)
+CVE-2008-5031 (Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, ...)
- python2.5 2.5.2-11.1
TODO: check python2.4
NOTE: definitely fixed in 2.5.2-11.1 for lenny/unstable (svn-updates.dpatch)
@@ -600,7 +620,7 @@
CVE-2008-4907 (The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the ...)
- dovecot <not-affected> (Vulnerable code not present prior to 1.1.4)
TODO: check again if >= 1.1.4 gets uploaded
-CVE-2008-5186 [GeSHi: Unspecified Code Execution Vulnerability]
+CVE-2008-5186 (** DISPUTED ** ...)
- geshi 1.0.8.1-1 (unimportant; bug #504445)
NOTE: its rather an application bug if the input to set_language_path is unfiltered user input
NOTE: http://comments.gmane.org/gmane.comp.security.oss.general/1152
@@ -735,6 +755,7 @@
CVE-2008-4830
RESERVED
CVE-2008-4829 [Streamripper Multiple Buffer Overflow Vulnerabilities]
+ RESERVED
- streamripper 1.63.5-2 (bug #506377)
NOTE: http://secunia.com/secunia_research/2008-50/
TODO: check version in etch
More information about the Secure-testing-commits
mailing list