nion at alioth.debian.org
2008-May-08 09:12 UTC
[Secure-testing-commits] r8731 - in data: CVE DTSA
Author: nion
Date: 2008-05-08 09:12:09 +0000 (Thu, 08 May 2008)
New Revision: 8731
Modified:
data/CVE/list
data/DTSA/list
Log:
releasing DTSA-129-1 (speex)
3 new rdesktop issues (CVE-2008-180[1-3])
cveified php printf integer overflow and added patch information
CVE-2007-6039 fixed in php5 5.2.5-1
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-05-08 09:04:16 UTC (rev 8730)
+++ data/CVE/list 2008-05-08 09:12:09 UTC (rev 8731)
@@ -1,7 +1,3 @@
-CVE-2008-XXXX [php integer overflow in printf]
- - php5 <unfixed>
- NOTE: http://www.php.net/ChangeLog-5.php
- NOTE: Needs further details
CVE-2008-XXXX [php suboptimal seeding]
- php5 <unfixed> (low)
- php4 <unfixed> (low)
@@ -525,12 +521,15 @@
RESERVED
CVE-2008-1804
RESERVED
-CVE-2008-1803
+CVE-2008-1803 [rdesktop signedness error in xrealloc]
RESERVED
-CVE-2008-1802
+ - rdesktop <unfixed> (bug #480135)
+CVE-2008-1802 [rdesktop heap overflow via RDP redirect request]
RESERVED
-CVE-2008-1801
+ - rdesktop <unfixed> (bug #480134)
+CVE-2008-1801 [rdesktop heap overflow]
RESERVED
+ - rdesktop <unfixed> (bug #480133)
CVE-2008-1800 (Multiple cross-site scripting (XSS) vulnerabilities in index.php
in ...)
NOT-FOR-US: DivXDB
CVE-2008-1799 (Directory traversal vulnerability in thumbnails.php in sabros.us
1.75 ...)
@@ -1474,6 +1473,7 @@
- php5 5.2.6-1 (unimportant)
NOTE: http://securityreason.com/achievement_securityalert/52
NOTE: Only exploitable through malicious script
+ NOTE:
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/formatted_print.c?r1=1.104&r2=1.105&diff_format=u
CVE-2008-1383 (The docert function in ssl-cert.eclass, when used by src_compile
or ...)
NOT-FOR-US: Gentoo Linux Ebuilds
CVE-2008-1382 (libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and
1.4.0beta01 ...)
@@ -6208,7 +6208,7 @@
CVE-2007-6040 (The Belkin F5D7230-4 Wireless G Router allows remote attackers
to ...)
NOT-FOR-US: Belkin F5D7230-4 Wireless G Router
CVE-2007-6039 (PHP 5.2.5 and earlier allows context-dependent attackers to
cause a ...)
- - php5 <unfixed> (unimportant; bug #453295)
+ - php5 5.2.5-1 (unimportant; bug #453295)
NOTE: Not a vulnerability per Debian PHP security policy, requires malicious
NOTE: script to trigger this issue
CVE-2007-6077 (The session fixation protection mechanism in cgi_process.rb in
Rails ...)
Modified: data/DTSA/list
==================================================================---
data/DTSA/list 2008-05-08 09:04:16 UTC (rev 8730)
+++ data/DTSA/list 2008-05-08 09:12:09 UTC (rev 8731)
@@ -372,3 +372,6 @@
[May 5th, 2008] DTSA-128-1 xine-lib - multiple vulnerabilities
{CVE-2008-1878 CVE-2008-1686 CVE-2008-0073}
[lenny] - xine-lib 1.1.10.1-2+lenny2
+[May 8th, 2008] DTSA-129-1 speex - insufficient boundary check
+ {CVE-2008-1686}
+ [lenny] - speex 1.1.12-3+lenny1