thijs at alioth.debian.org
2008-Aug-19 06:03 UTC
[Secure-testing-commits] r9607 - data/CVE
Author: thijs
Date: 2008-08-19 06:03:54 +0000 (Tue, 19 Aug 2008)
New Revision: 9607
Modified:
data/CVE/list
Log:
postfix mailbox ownership issue also fixed in sid, is more like extra hardening
than a direct vulnerability
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-08-18 21:14:09 UTC (rev 9606)
+++ data/CVE/list 2008-08-19 06:03:54 UTC (rev 9607)
@@ -305,20 +305,17 @@
RESERVED
CVE-2008-3523
RESERVED
-CVE-2008-3522 [jasper - buffer overflow]
+CVE-2008-3522
RESERVED
- - jasper <unfixed>
-CVE-2008-3521 [jasper - tmp race]
+CVE-2008-3521
RESERVED
- - jasper <unfixed> (low)
-CVE-2008-3520 [jasper - various potential integer overflows]
+CVE-2008-3520
RESERVED
- - jasper <unfixed>
CVE-2008-3519
RESERVED
CVE-2008-3518
RESERVED
-CVE-2008-3517 [rejected libjasper issue]
+CVE-2008-3517
RESERVED
CVE-2008-3516 (Multiple cross-site scripting (XSS) vulnerabilities in files
generated ...)
NOT-FOR-US: Adobe Presenter
@@ -1584,9 +1581,11 @@
- apache <not-affected> (vulnerable code not present)
CVE-2008-2938 (Directory traversal vulnerability in Apache Tomcat 6.0.0 through
...)
TODO: check
-CVE-2008-2937
+CVE-2008-2937 [postfix delivers to mailbox that is not owned by the recipient]
RESERVED
{DTSA-155-1}
+ - postfix 2.5.4-1 (low)
+ [etch] - postfix <no-dsa> (minor issue)
CVE-2008-2936 [postfix hardlink to symlink priv esc]
RESERVED
{DSA-1629-1 DTSA-155-1}