Author: gilbert-guest
Date: 2009-12-07 00:40:39 +0000 (Mon, 07 Dec 2009)
New Revision: 13469
Modified:
data/CVE/list
Log:
info for tiff and wordpress issues
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-12-07 00:40:26 UTC (rev 13468)
+++ data/CVE/list 2009-12-07 00:40:39 UTC (rev 13469)
@@ -24138,7 +24138,8 @@
CVE-2008-1587
RESERVED
CVE-2008-1586 (ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for
iPod ...)
- TODO: check this is about tiff
+ - tiff <unfixed> (unimportant)
+ NOTE: application crashers are not considered security-relevant
CVE-2008-1585 (Apple QuickTime before 7.5 uses the url.dll!FileProtocolHandler
...)
NOT-FOR-US: Apple QuickTime
CVE-2008-1584 (Stack-based buffer overflow in Indeo.qtx in Apple QuickTime
before 7.5 ...)
@@ -26730,7 +26731,10 @@
[etch] - wordpress <not-affected> (vulnerable code not present)
NOTE: The blog has to provide user accounts
NOTE: A crafted XML-RPC request referring to a valid user can exploit this
- TODO: check if packages embedding xmlrpc share this code
+ NOTE: This is specific to wordpress'' implementation of xmlrpc.php,
which is
+ NOTE: not included in any other packages (except libwordpress-xmlrpc-perl).
+ - libwordpress-xmlrpc-perl <unfixed>
+ TODO: according to maintainer, this package is soon to be removed, remark when
that happens
CVE-2008-0553 (Stack-based buffer overflow in the ReadImage function in
tkImgGIF.c in ...)
{DSA-1598-1 DSA-1491-1 DSA-1490-1 DTSA-140-1}
- tk8.5 8.5.0-3