thijs at alioth.debian.org
2008-Mar-31 22:09 UTC
[Secure-testing-commits] r8459 - in data: CVE DSA
Author: thijs
Date: 2008-03-31 22:09:15 +0000 (Mon, 31 Mar 2008)
New Revision: 8459
Modified:
data/CVE/list
data/DSA/list
Log:
policyd-weight cveified
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-03-31 21:14:14 UTC (rev 8458)
+++ data/CVE/list 2008-03-31 22:09:15 UTC (rev 8459)
@@ -1,3 +1,8 @@
+CVE-2008-1570 [policyd-weight tempfile race]
+ - policyd-weight 0.1.14.17-1 (low)
+ NOTE:
http://www.mail-archive.com/policyd-weight-list%40ek-muc.de/msg00798.html
+CVE-2008-1569 [policyd-weight tempfile race]
+ - policyd-weight 0.1.14.17-1 (low)
CVE-2008-XXXX [code execution via crafted file name in comix]
- comix <unfixed> (low; bug #462840)
NOTE: comix can''t be used in a non-interactive setup thus the impact
level
@@ -97,11 +102,6 @@
NOT-FOR-US: ASUS Remote Console
CVE-2008-1490 (Buffer overflow in a certain Aurigma ActiveX control in ...)
NOT-FOR-US: ImageUploader4
-CVE-2008-XXXX [policyd-weight tempfile race]
- - policyd-weight 0.1.14.17-1 (low)
- [etch] - policyd-weight 0.1.14-beta-6etch2
- NOTE:
http://www.mail-archive.com/policyd-weight-list%40ek-muc.de/msg00798.html
- NOTE: CVE id pending
CVE-2008-1489 (Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c
for VLC ...)
{DTSA-119-1}
- vlc 0.8.6.e-1.1 (medium; bug #472635)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2008-03-31 21:14:14 UTC (rev 8458)
+++ data/DSA/list 2008-03-31 22:09:15 UTC (rev 8459)
@@ -15,8 +15,8 @@
{CVE-2007-4879 CVE-2008-1233 CVE-2008-1234 CVE-2008-1235 CVE-2008-1236
CVE-2008-1237 CVE-2008-1238 CVE-2008-1240 CVE-2008-1241}
[etch] - xulrunner 1.8.0.15~pre080323b-0etch1
[27 Mar 2008] DSA-1531-2 policyd-weight - insecure temporary files
+ {CVE-2008-1569 CVE-2008-1570}
[etch] - policyd-weight 0.1.14-beta-6etch2
- NOTE: CVE id still pending...
[25 Mar 2008] DSA-1530-1 cupsys - multiple vulnerabilities
{CVE-2008-0047 CVE-2008-0882}
[etch] - cupsys 1.2.7-4etch3