[Secure-testing-commits] r27817 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Fri Jul 18 18:53:01 UTC 2014
Author: carnil
Date: 2014-07-18 18:53:01 +0000 (Fri, 18 Jul 2014)
New Revision: 27817
Modified:
data/CVE/list
Log:
Add CVE-2014-5008/libphp-snoopy issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-07-18 18:50:10 UTC (rev 27816)
+++ data/CVE/list 2014-07-18 18:53:01 UTC (rev 27817)
@@ -1,5 +1,9 @@
CVE-2014-XXXX [basic http authentication bypass]
- bozohttpd <unfixed> (bug #755197)
+CVE-2014-5008 [Incorrect fix for CVE-2008-4796, escapeshellarg required]
+ - libphp-snoopy <unfixed>
+ NOTE: http://mstrokin.com/sec/feed2js-magpierss-0day-vulnerability-not-really-it-is-actually-cve-2005-3330-cve-2008-4796/
+ NOTE: This issue exists because of an incorrect fix for CVE-2008-4796 (i.e., use of escapeshellcmd where escapeshellarg was required).
CVE-2014-5004 [Ruby Gem brbackup-0.1.1: exposes the database password to the command line]
NOT-FOR-US: Ruby Gem brbackup
CVE-2014-5003 [Ruby Gem ciborg-3.0.0: race condition when creating /tmp/perlbrew-installer]
More information about the Secure-testing-commits
mailing list