[Secure-testing-commits] r11084 - data/CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Wed Jan 28 21:26:42 UTC 2009
Author: jmm-guest
Date: 2009-01-28 21:26:42 +0000 (Wed, 28 Jan 2009)
New Revision: 11084
Modified:
data/CVE/list
Log:
four python path issues fixed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-01-28 21:21:45 UTC (rev 11083)
+++ data/CVE/list 2009-01-28 21:26:42 UTC (rev 11084)
@@ -34,7 +34,6 @@
TODO: check
CVE-2009-0300
REJECTED
- TODO: check
CVE-2009-0299 (SQL injection vulnerability in index.php in Groone GLinks 2.1 allows ...)
TODO: check
CVE-2009-0298 (Heap-based buffer overflow in MW6 Technologies Barcode ActiveX control ...)
@@ -76,13 +75,18 @@
CVE-2009-0279 (SQL injection vulnerability in comentar.php in Pardal CMS 0.2.0 and ...)
TODO: check
CVE-2008-5987 (Untrusted search path vulnerability in the Python interface in eog ...)
- TODO: check
+ - eog 2.22.3-2 (bug #504352; low)
+ [etch] - eog <not-affected> (Vulnerable code not present)
CVE-2008-5986 (Untrusted search path vulnerability in the (1) "VST plugin with Python ...)
- TODO: check
+ - csound 5.08.2~dfsg-1.1 (bug #504359; low)
+ [lenny] - csound 1:5.08.0.dfsg2-8+lenny2 (bug #504359; low)
+ [etch] - csound <not-affected> (Vulnerable code not present)
CVE-2008-5985 (Untrusted search path vulnerability in the Python interface in ...)
- TODO: check
+ - epiphany-browser 2.22.3-7 (bug #504363; low)
+ [etch] - epiphany-browser <no-dsa> (Minor issue, only vulnerable when called from certain dir)
CVE-2008-5984 (Untrusted search path vulnerability in the Python plugin in Dia ...)
- TODO: check
+ - dia 0.96.1-7.1 (low; bug #504251)
+ [etch] - dia <no-dsa> (Minor issue, only vulnerable when called from certain dir)
CVE-2008-5983 (Untrusted search path vulnerability in the PySys_SetArgv API function ...)
TODO: check
CVE-2008-5982 (Format string vulnerability in BMC PATROL Agent before 3.7.30 allows ...)
@@ -3491,24 +3495,11 @@
- ktorrent 3.1.4+dfsg.1-1
[etch] - ktorrent <not-affected> (Doesn't include the web interface)
NOTE: CVE requested
-CVE-2008-XXXX [epiphany-browser: Python scripts load modules from current directory]
- - epiphany-browser 2.22.3-7 (bug #504363; low)
- [etch] - epiphany-browser <no-dsa> (Minor issue, only vulnerable when called from certain dir)
-CVE-2008-XXXX [csound: Python scripts load modules from current directory]
- - csound 5.08.2~dfsg-1.1 (bug #504359; low)
- [lenny] - csound 1:5.08.0.dfsg2-8+lenny2 (bug #504359; low)
- [etch] - csound <not-affected> (Vulnerable code not present)
-CVE-2008-XXXX [eog: Python scripts load modules from current directory]
- - eog 2.22.3-2 (bug #504352; low)
- [etch] - eog <not-affected> (Vulnerable code not present)
CVE-2008-5076 (htop 0.7 writes process names to a terminal without sanitizing ...)
- htop <unfixed> (unimportant; bug #504144)
NOTE: That scenario is too constructed to call it a security issue, especially
NOTE: given that the standard top will display the maliciously hidden processes
NOTE: just fine.
-CVE-2008-XXXX [dia: Python scripts load modules from current directory]
- - dia 0.96.1-7.1 (low; bug #504251)
- [etch] - dia <no-dsa> (Minor issue, only vulnerable when called from certain dir)
CVE-2008-5256 (The AcquireDaemonLock function in ipcdUnix.cpp in Sun Innotek ...)
- virtualbox-ose 1.6.6-dfsg-3 (low; bug #504149)
CVE-2008-4801 (Heap-based buffer overflow in the Data Protection for SQL CAD service ...)
More information about the Secure-testing-commits
mailing list