[Secure-testing-commits] r10110 - in data: . CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Fri Oct 17 13:23:50 UTC 2008 

Author: jmm-guest
Date: 2008-10-17 13:23:48 +0000 (Fri, 17 Oct 2008)
New Revision: 10110

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
two new kernel issues
new minor graphiv issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-10-17 12:28:21 UTC (rev 10109)
+++ data/CVE/list	2008-10-17 13:23:48 UTC (rev 10110)
@@ -28,7 +28,8 @@
 CVE-2008-4577 (The ACL plugin in Dovecot before 1.1.4 treats negative access rights ...)
 	TODO: check
 CVE-2008-4576 (sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause ...)
-	TODO: check
+	- linux-2.6 <unfixed>
+	- linux-2.6.24 <unfixed>
 CVE-2008-4575 (Buffer overflow in the DoCommand function in jhead before 2.84 might ...)
 	- jhead 2.84-1 (bug #502353; low)
 CVE-2008-4571 (Cross-site scripting (XSS) vulnerability in the LiveSearch module in ...)
@@ -68,9 +69,11 @@
 CVE-2008-4556 (Stack-based buffer overflow in the adm_build_path function in sadmind ...)
 	NOT-FOR-US: Sun Solstice AdminSuite
 CVE-2008-4555 (Stack-based buffer overflow in the push_subg function in parser.y ...)
-	TODO: check
+	- graphviz 2.20.3-2 (low)
+	[etch] - graphviz <no-dsa> (Minor issue)
 CVE-2008-4554 (The do_splice_from function in fs/splice.c in the Linux kernel before ...)
-	TODO: check
+	- linux-2.6 <unfixed>
+	- linux-2.6.24 <unfixed>
 CVE-2008-4553 (qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local ...)
 	- qemu 0.9.1-6 (low; bug #496394)
 CVE-2008-4552 (nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the ...)
@@ -3168,7 +3171,6 @@
 	{DSA-1653-1 DSA-1636-1}
 	- linux-2.6 2.6.26-4
 	- linux-2.6.24 2.6.24-6~etchnhalf.5
-	[etch] - linux-2.6 <unfixed>
 CVE-2008-3275 (The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in ...)
 	{DSA-1636-1 DSA-1630-1}
 	- linux-2.6.24 2.6.24-6~etchnhalf.5

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2008-10-17 12:28:21 UTC (rev 10109)
+++ data/spu-candidates.txt	2008-10-17 13:23:48 UTC (rev 10110)
@@ -182,6 +182,11 @@
 
 --
 
+graphviz (CVE-2008-4555)
+notified maintainer
+
+--
+
 ipsec-tools (CVE-2008-3651)
 http://sourceforge.net/mailarchive/forum.php?thread_name=48a0c7a0.qPeWZAE0PY8bDDq%2B%25olel%40ans.pl&forum_name=ipsec-tools-devel
 notified maintainer

More information about the Secure-testing-commits mailing list