Author: nion Date: 2009-06-09 13:45:02 +0000 (Tue, 09 Jun 2009) New Revision: 12087 Modified: data/CVE/list Log: pgp4pine issue medium, unlike the description says it''s not only an off-by-one but a classic stack-based buffer overflow as well Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-06-09 13:25:51 UTC (rev 12086) +++ data/CVE/list 2009-06-09 13:45:02 UTC (rev 12087) @@ -55,10 +55,11 @@ CVE-2008-6825 (Directory traversal vulnerability in user/index.php in Fonality ...) NOT-FOR-US: trixbox CVE-2009-XXXX [pgp4pine off-by-one] - - pgp4pine <unfixed> (bug #457947; low) + - pgp4pine <unfixed> (bug #457947; medium) [etch] - pgp4pine <no-dsa> (Contrib not supported) [lenny] - pgp4pine <no-dsa> (Contrib not supported) NOTE: http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0122.html + NOTE: unlike the note states this is not just an off-by-one, classic stack-based buffer overflow CVE-2009-1932 (Multiple integer overflows in the (1) user_info_callback, (2) ...) - gst-plugins-good0.10 0.10.15-2 (medium; bug #531631; bug #532352) CVE-2009-1931