[Secure-testing-commits] r11940 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Wed May 20 15:16:19 UTC 2009
Author: gilbert-guest
Date: 2009-05-20 15:16:19 +0000 (Wed, 20 May 2009)
New Revision: 11940
Modified:
data/CVE/list
Log:
is disregard the best course of action for weaknesses in security hardening features (e.g. memcached issue)?
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-05-20 15:04:06 UTC (rev 11939)
+++ data/CVE/list 2009-05-20 15:16:19 UTC (rev 11940)
@@ -1325,6 +1325,9 @@
[etch] - memcachedb <no-dsa> (Minor issue)
[lenny] - memcachedb <no-dsa> (Minor issue)
[squeeze] - memcachedb <no-dsa> (Minor issue)
+ NOTE: why are weaknesses in security hardening features like ASLR considered minor?
+ NOTE: even though this is not directly a vulnerability itself, part of this application's armor is now missing; making it easier for unknown vulnerabilities to be effective.
+ TODO: reevaluate debian's position on weaknesses in security hardening features
CVE-2008-6679 (Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and ...)
- ghostscript 8.64~dfsg-1 (medium; bug #524803)
CVE-2008-6678 (SQL injection vulnerability in asp/includes/contact.asp in QuickerSite ...)
More information about the Secure-testing-commits
mailing list