[Secure-testing-commits] r9963 - data/CVE

nion at alioth.debian.org nion at alioth.debian.org
Fri Oct 3 12:44:51 UTC 2008


Author: nion
Date: 2008-10-03 12:44:49 +0000 (Fri, 03 Oct 2008)
New Revision: 9963

Modified:
   data/CVE/list
Log:
add note on impact of CVE-2008-3521

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-10-03 12:25:19 UTC (rev 9962)
+++ data/CVE/list	2008-10-03 12:44:49 UTC (rev 9963)
@@ -2104,6 +2104,7 @@
 	- jasper <unfixed> (medium; bug #501021)
 CVE-2008-3521 (The jas_stream_tmpfile function in libjasper/base/jas_stream.c in ...)
 	- jasper <unfixed> (unimportant; bug #501021)
+	NOTE: file is opened with O_EXCL even if tmpnam is used in this case
 CVE-2008-3520 (Multiple integer overflows in JasPer 1.900.1 might allow ...)
 	- jasper <unfixed> (medium; bug #501021)
 CVE-2008-3519 (The default configuration of the JBossAs component in Red Hat JBoss ...)




More information about the Secure-testing-commits mailing list