[Secure-testing-commits] r13511 - data/CVE
Raphael Geissert
geissert at alioth.debian.org
Fri Dec 11 05:48:02 UTC 2009
Author: geissert
Date: 2009-12-11 05:48:01 +0000 (Fri, 11 Dec 2009)
New Revision: 13511
Modified:
data/CVE/list
Log:
new coreutils and ruby issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-12-11 03:29:45 UTC (rev 13510)
+++ data/CVE/list 2009-12-11 05:48:01 UTC (rev 13511)
@@ -254,8 +254,12 @@
RESERVED
CVE-2009-4136
RESERVED
-CVE-2009-4135
+CVE-2009-4135 [distcheck insecure temp dirs handling]
RESERVED
+ - coreutils <unfixed>
+ TODO: check
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=545439
+ NOTE: does it really look like an issue affecting coreutils at build time?
CVE-2009-4134
RESERVED
CVE-2009-4133
@@ -285,8 +289,13 @@
RESERVED
CVE-2009-4125
RESERVED
-CVE-2009-4124
+CVE-2009-4124 [ruby heap overflow in String#ljust, String#center and String#rjust]
RESERVED
+ - ruby1.9.1 1.9.1.376-1
+ - ruby1.9 <unfixed>
+ - ruby1.8 <not-affected>
+ TODO: check, 1.9.0.* might be affected as well
+ NOTE: http://www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string/
CVE-2009-4123
RESERVED
CVE-2009-4122
More information about the Secure-testing-commits
mailing list