[Secure-testing-commits] r17859 - in data: . CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Fri Dec 23 12:56:35 UTC 2011


Author: jmm
Date: 2011-12-23 12:56:35 +0000 (Fri, 23 Dec 2011)
New Revision: 17859

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
rt issue a non-issue
updates on rsyslog


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-12-23 12:38:25 UTC (rev 17858)
+++ data/CVE/list	2011-12-23 12:56:35 UTC (rev 17859)
@@ -5170,7 +5170,9 @@
 CVE-2011-3201
 	RESERVED
 CVE-2011-3200 (Stack-based buffer overflow in the parseLegacySyslogMsg function in ...)
-	- rsyslog 5.8.5-1
+	- rsyslog 5.8.5-1 (low)
+	[squeeze] - rsyslog <no-dsa> (Minor issue)
+	[lenny] - rsyslog <no-dsa> (Minor issue)
 	NOTE: off-by-one/-two limited to 0 or :0
 CVE-2011-3199
 	RESERVED
@@ -11566,8 +11568,9 @@
 	[squeeze] - request-tracker3.8 3.8.8-7+squeeze1
 	[lenny] - request-tracker3.6 3.6.7-5+lenny6
 CVE-2011-1007 (Best Practical Solutions RT before 3.8.9 does not perform certain ...)
-	- request-tracker3.6 <removed>
-	- request-tracker3.8 3.8.10-1
+	- request-tracker3.6 <removed> (unimportant)
+	- request-tracker3.8 3.8.10-1 (unimportant)
+	NOTE: A physically proximate attacker can do far more damage anyway
 CVE-2011-1006 (Heap-based buffer overflow in the parse_cgroup_spec function in ...)
 	{DSA-2193-1}
 	- libcgroup 0.37.1-1

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2011-12-23 12:38:25 UTC (rev 17858)
+++ data/spu-candidates.txt	2011-12-23 12:56:35 UTC (rev 17859)
@@ -213,7 +213,10 @@
 
 rsyslog (CVE-2011-1488, CVE-2011-1489, CVE-2011-1490)
 http://marc.info/?l=oss-security&m=130194141413125&w=2
+CVE-2011-3200
+https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3200
 
+
 --
 
 ruby1.8 (CVE-2011-1004, CVE-2011-1005)




More information about the Secure-testing-commits mailing list