[Secure-testing-commits] r10111 - in data: . CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Fri Oct 17 17:51:12 UTC 2008 

Author: jmm-guest
Date: 2008-10-17 17:51:10 +0000 (Fri, 17 Oct 2008)
New Revision: 10111

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
gmanedit no-dsa
various minor updates


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-10-17 13:23:48 UTC (rev 10110)
+++ data/CVE/list	2008-10-17 17:51:10 UTC (rev 10111)
@@ -1443,10 +1443,11 @@
 	{DSA-1627-2}
 	- opensc 0.11.4-5
 CVE-2008-3971 (Heap-based buffer overflow in the open_man_file function in ...)
-	- gmanedit 0.4.1-1.1 (medium; bug #497835)
+	- gmanedit 0.4.1-1.1 (low; bug #497835)
+        [etch] - gmanedit <no-dsa> (Minor issue)
 CVE-2008-3970 (pam_mount 0.10 through 0.45, when luserconf is enabled, does not ...)
 	{DTSA-169-1}
-	- libpam-mount 0.48-1 (bug #499841)
+	- libpam-mount 0.48-1 (low; bug #499841)
 CVE-2008-3969 (Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow ...)
 	- bitlbee 1.2.3-1 (bug #498159)
 CVE-2008-3968 (Cross-site scripting (XSS) vulnerability in userlist.php in PunBB ...)
@@ -1485,6 +1486,8 @@
 	- emacs22 22.2+2-4 (low; bug #499568)
 	- emacs21 <not-affected> (doesn't provide the python functionality)
 	- xemacs21 <not-affected> (doesn't provide the python functionality)
+        NOTE: This can happen with any Python script, just because Emacs autoloads one
+        NOTE: doesn't make it much worse
 CVE-2008-3948 (SQL injection vulnerability in admin/users/self-2.php in XRMS allows ...)
 	NOT-FOR-US: XRMS
 CVE-2008-3947 (DCL (aka the CLI) in OpenVMS Alpha 8.3 allows local users to gain ...)
@@ -1555,6 +1558,7 @@
 	- linux-2.6 2.6.26-5
 	- linux-2.6.24 2.6.24-6~etchnhalf.5
 	[etch] - linux-2.6 <not-affected> (Vulnerable code was introduced in 2.6.19)
+        NOTE: 91b80969ba466ba4b915a4a1d03add8c297add3f
 CVE-2008-3911 (The proc_do_xprt function in net/sunrpc/sysctl.c in the Linux kernel ...)
 	- linux-2.6 2.6.26-5
 	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
@@ -1575,6 +1579,7 @@
 	{DSA-1653-1}
 	- linux-2.6 2.6.23-1
 	- linux-2.6.24 <not-affected> (Vulnerable code not present)
+        NOTE: 848c4dd5153c7a0de55470ce99a8e13a63b4703f
 CVE-2008-3962 (The from_format function in ssmtp.c in ssmtp 2.61 and 2.62, in certain ...)
 	- ssmtp 2.62-1.1 (low; bug #498366)
 	[etch] - ssmtp <no-dsa> (Minor issue, only affects rare corner cases)

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2008-10-17 13:23:48 UTC (rev 10110)
+++ data/spu-candidates.txt	2008-10-17 17:51:10 UTC (rev 10111)
@@ -176,6 +176,11 @@
 
 --
 
+gmanedit
+#497835
+
+--
+
 gpsdrive
 #496436
 notified maintainer

More information about the Secure-testing-commits mailing list