[Secure-testing-commits] r9731 - data/CVE

thijs at alioth.debian.org thijs at alioth.debian.org
Wed Sep 3 09:46:30 UTC 2008 

Author: thijs
Date: 2008-09-03 09:46:29 +0000 (Wed, 03 Sep 2008)
New Revision: 9731

Modified:
   data/CVE/list
Log:
ruby tuesday is over, postfixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-09-03 09:46:03 UTC (rev 9730)
+++ data/CVE/list	2008-09-03 09:46:29 UTC (rev 9731)
@@ -92,7 +92,7 @@
 	- nfdump <unfixed> (bug #497452)
 CVE-2008-3889 [postfix local DoS]
 	RESERVED
-	- postfix <unfixed> (low)
+	- postfix 2.5.5-1 (low)
 	[etch] - postfix <not-affected> (Vulnerable code not present)
 	NOTE: http://www.postfix.org/announcements/20080902.html
 CVE-2008-XXXX [several overflows in wordnet]
@@ -315,7 +315,7 @@
 	- mon <unfixed> (medium; bug #496398)
 CVE-2008-3790 (The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through ...)
 	- ruby1.8 <unfixed> (bug #496808)
-	- ruby1.9 <unfixed>
+	- ruby1.9 1.9.0.2-6 (bug #497610)
 CVE-2008-XXXX [apertium: insecure temp files]
 	- apertium <unfixed> (low; bug #496395)
 CVE-2008-XXXX [convirt: insecure temp files]
@@ -640,15 +640,15 @@
 	TODO: check
 CVE-2008-3657 (The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, ...)
 	- ruby1.8 <unfixed> (bug #494401)
-	- ruby1.9 <unfixed> (bug #494402)
+	- ruby1.9 1.9.0.2-6 (bug #494402)
 	NOTE: http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
 CVE-2008-3656 (Algorithmic complexity vulnerability in ...)
 	- ruby1.8 <unfixed> (bug #494401)
-	- ruby1.9 <unfixed> (bug #494402)
+	- ruby1.9 1.9.0.2-6 (bug #494402)
 	NOTE: http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
 CVE-2008-3655 (Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through ...)
 	- ruby1.8 <unfixed> (bug #494401)
-	- ruby1.9 <unfixed> (bug #494402)
+	- ruby1.9 1.9.0.2-6 (bug #494402)
 	NOTE: http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
 CVE-2008-3654 (Unspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows ...)
 	- tikiwiki <removed>
@@ -1099,7 +1099,7 @@
 	NOTE: browser dos not treated as security issues
 CVE-2008-3443 (The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, ...)
 	- ruby1.8 <unfixed> (bug #494401)
-	- ruby1.9 <unfixed> (bug #494401)
+	- ruby1.9 <unfixed>
 CVE-2008-3442 (WinZip before 11.0 does not properly verify the authenticity of ...)
 	NOT-FOR-US: WinZip
 CVE-2008-3441 (Nullsoft Winamp before 5.24 does not properly verify the authenticity ...)
@@ -5680,6 +5680,7 @@
 	- adns <unfixed> (unimportant; bug #492698)
 	- udns <unfixed> (bug #493599)
 	- libnet-dns-perl <unfixed> (low; bug #492700)
+	- ruby1.9 1.9.0.2-6 (low)
 	NOTE: Unbound, djbdns, pdnsd and PowerDNS are affected by the underlying protocol issue, but
 	NOTE: already use source port randomization.
 	NOTE: Marking non-caching stub resolvers as low since these really should be fixed, but are much less vulnerable than a caching server.

More information about the Secure-testing-commits mailing list