[Secure-testing-commits] r13511 - data/CVE

Raphael Geissert geissert at alioth.debian.org
Fri Dec 11 05:48:02 UTC 2009


Author: geissert
Date: 2009-12-11 05:48:01 +0000 (Fri, 11 Dec 2009)
New Revision: 13511

Modified:
   data/CVE/list
Log:
new coreutils and ruby issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-12-11 03:29:45 UTC (rev 13510)
+++ data/CVE/list	2009-12-11 05:48:01 UTC (rev 13511)
@@ -254,8 +254,12 @@
 	RESERVED
 CVE-2009-4136
 	RESERVED
-CVE-2009-4135
+CVE-2009-4135 [distcheck insecure temp dirs handling]
 	RESERVED
+	- coreutils <unfixed>
+	TODO: check
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=545439
+	NOTE: does it really look like an issue affecting coreutils at build time?
 CVE-2009-4134
 	RESERVED
 CVE-2009-4133
@@ -285,8 +289,13 @@
 	RESERVED
 CVE-2009-4125
 	RESERVED
-CVE-2009-4124
+CVE-2009-4124 [ruby heap overflow in String#ljust, String#center and String#rjust]
 	RESERVED
+	- ruby1.9.1 1.9.1.376-1
+	- ruby1.9 <unfixed>
+	- ruby1.8 <not-affected>
+	TODO: check, 1.9.0.* might be affected as well
+	NOTE: http://www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string/
 CVE-2009-4123
 	RESERVED
 CVE-2009-4122




More information about the Secure-testing-commits mailing list