[Secure-testing-commits] r10458 - data/CVE
atomo64-guest at alioth.debian.org
atomo64-guest at alioth.debian.org
Sat Nov 22 20:18:27 UTC 2008
Author: atomo64-guest
Date: 2008-11-22 20:18:26 +0000 (Sat, 22 Nov 2008)
New Revision: 10458
Modified:
data/CVE/list
Log:
Track new issues and more info on the cups issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-11-22 14:23:17 UTC (rev 10457)
+++ data/CVE/list 2008-11-22 20:18:26 UTC (rev 10458)
@@ -1,3 +1,12 @@
+CVE-2008-XXXX [race condition in shadow could lead to gaining ownership or changing mode of arbitrary files]
+ - shadow 1:4.1.1-6 (bug #505271)
+ TODO: check version in etch
+CVE-2008-XXXX [verlihub remote command execution and the possibility of attack with the help of symlinks]
+ - verlihub <unfixed> (medium; bug #506530)
+ TODO: further investigation on this package is needed
+ NOTE: see http://asdfasdf.ethz.ch/~tar/lina/rats/verlihub.rats
+CVE-2008-XXXX [Quassel CTCP Handling Arbitrary Message Manipulation Vulnerability]
+ - quassel <unfixed> (bug #506550)
CVE-2008-5189 (CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows ...)
TODO: check
CVE-2008-5188 (The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and ...)
@@ -3,5 +12,6 @@
TODO: check
CVE-2008-5184 (The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the ...)
- TODO: check
+ - cups 1.3.8-1
+ TODO: check if version in etch is affected
CVE-2008-5182 (The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might ...)
TODO: check
@@ -755,8 +765,6 @@
CVE-2008-4829 [Streamripper Multiple Buffer Overflow Vulnerabilities]
RESERVED
- streamripper 1.63.5-2 (bug #506377)
- NOTE: http://secunia.com/secunia_research/2008-50/
- TODO: check version in etch
CVE-2008-4828
RESERVED
CVE-2008-4827
More information about the Secure-testing-commits
mailing list