[Secure-testing-commits] r11429 - data/CVE
nion at alioth.debian.org
nion at alioth.debian.org
Tue Mar 17 14:23:28 UTC 2009
Author: nion
Date: 2009-03-17 14:23:28 +0000 (Tue, 17 Mar 2009)
New Revision: 11429
Modified:
data/CVE/list
Log:
- debian-installer issue non-issue
- new pam issue (CVE-2009-0887)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-03-17 14:14:58 UTC (rev 11428)
+++ data/CVE/list 2009-03-17 14:23:28 UTC (rev 11429)
@@ -45,7 +45,7 @@
CVE-2009-0888
RESERVED
CVE-2009-0887 (Integer signedness error in the _pam_StrTok function in ...)
- TODO: check
+ - pam <unfixed> (low; bug #520115)
CVE-2009-0886 (Directory traversal vulnerability in login.php in OneOrZero Helpdesk ...)
NOT-FOR-US: OneOrZero Helpdesk
CVE-2009-0885 (Multiple heap-based buffer overflows in Media Commands 1.0 allow ...)
@@ -1097,7 +1097,9 @@
[lenny] - thunar <no-dsa> (Minor issue)
NOTE: CVE needs to be requested
CVE-2009-XXXX [debian-installer: no-root option in expert installer exposes locally exploitable security flaw]
- - debian-installer <unfixed> (bug #517018; low)
+ - debian-installer <unfixed> (bug #517018; unimportant)
+ NOTE: hardly a security issue, if an attacker has local access to the machine and you
+ NOTE: don't use encryption or something similar you have lost anyway
NOTE: should a CVE be requested for this problem?
CVE-2009-0753 (Absolute path traversal vulnerability in MLDonkey 2.8.4 through 2.9.7 ...)
{DSA-1739-1}
More information about the Secure-testing-commits
mailing list