[Secure-testing-commits] r13469 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Mon Dec 7 00:40:40 UTC 2009
Author: gilbert-guest
Date: 2009-12-07 00:40:39 +0000 (Mon, 07 Dec 2009)
New Revision: 13469
Modified:
data/CVE/list
Log:
info for tiff and wordpress issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-12-07 00:40:26 UTC (rev 13468)
+++ data/CVE/list 2009-12-07 00:40:39 UTC (rev 13469)
@@ -24138,7 +24138,8 @@
CVE-2008-1587
RESERVED
CVE-2008-1586 (ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod ...)
- TODO: check this is about tiff
+ - tiff <unfixed> (unimportant)
+ NOTE: application crashers are not considered security-relevant
CVE-2008-1585 (Apple QuickTime before 7.5 uses the url.dll!FileProtocolHandler ...)
NOT-FOR-US: Apple QuickTime
CVE-2008-1584 (Stack-based buffer overflow in Indeo.qtx in Apple QuickTime before 7.5 ...)
@@ -26730,7 +26731,10 @@
[etch] - wordpress <not-affected> (vulnerable code not present)
NOTE: The blog has to provide user accounts
NOTE: A crafted XML-RPC request referring to a valid user can exploit this
- TODO: check if packages embedding xmlrpc share this code
+ NOTE: This is specific to wordpress' implementation of xmlrpc.php, which is
+ NOTE: not included in any other packages (except libwordpress-xmlrpc-perl).
+ - libwordpress-xmlrpc-perl <unfixed>
+ TODO: according to maintainer, this package is soon to be removed, remark when that happens
CVE-2008-0553 (Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in ...)
{DSA-1598-1 DSA-1491-1 DSA-1490-1 DTSA-140-1}
- tk8.5 8.5.0-3
More information about the Secure-testing-commits
mailing list