nion at alioth.debian.org
2009-Mar-17 14:23 UTC
[Secure-testing-commits] r11429 - data/CVE
Author: nion
Date: 2009-03-17 14:23:28 +0000 (Tue, 17 Mar 2009)
New Revision: 11429
Modified:
data/CVE/list
Log:
- debian-installer issue non-issue
- new pam issue (CVE-2009-0887)
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-03-17 14:14:58 UTC (rev 11428)
+++ data/CVE/list 2009-03-17 14:23:28 UTC (rev 11429)
@@ -45,7 +45,7 @@
CVE-2009-0888
RESERVED
CVE-2009-0887 (Integer signedness error in the _pam_StrTok function in ...)
- TODO: check
+ - pam <unfixed> (low; bug #520115)
CVE-2009-0886 (Directory traversal vulnerability in login.php in OneOrZero
Helpdesk ...)
NOT-FOR-US: OneOrZero Helpdesk
CVE-2009-0885 (Multiple heap-based buffer overflows in Media Commands 1.0 allow
...)
@@ -1097,7 +1097,9 @@
[lenny] - thunar <no-dsa> (Minor issue)
NOTE: CVE needs to be requested
CVE-2009-XXXX [debian-installer: no-root option in expert installer exposes
locally exploitable security flaw]
- - debian-installer <unfixed> (bug #517018; low)
+ - debian-installer <unfixed> (bug #517018; unimportant)
+ NOTE: hardly a security issue, if an attacker has local access to the machine
and you
+ NOTE: don''t use encryption or something similar you have lost anyway
NOTE: should a CVE be requested for this problem?
CVE-2009-0753 (Absolute path traversal vulnerability in MLDonkey 2.8.4 through
2.9.7 ...)
{DSA-1739-1}