Author: geissert Date: 2009-12-11 05:48:01 +0000 (Fri, 11 Dec 2009) New Revision: 13511 Modified: data/CVE/list Log: new coreutils and ruby issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-12-11 03:29:45 UTC (rev 13510) +++ data/CVE/list 2009-12-11 05:48:01 UTC (rev 13511) @@ -254,8 +254,12 @@ RESERVED CVE-2009-4136 RESERVED -CVE-2009-4135 +CVE-2009-4135 [distcheck insecure temp dirs handling] RESERVED + - coreutils <unfixed> + TODO: check + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=545439 + NOTE: does it really look like an issue affecting coreutils at build time? CVE-2009-4134 RESERVED CVE-2009-4133 @@ -285,8 +289,13 @@ RESERVED CVE-2009-4125 RESERVED -CVE-2009-4124 +CVE-2009-4124 [ruby heap overflow in String#ljust, String#center and String#rjust] RESERVED + - ruby1.9.1 1.9.1.376-1 + - ruby1.9 <unfixed> + - ruby1.8 <not-affected> + TODO: check, 1.9.0.* might be affected as well + NOTE: http://www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string/ CVE-2009-4123 RESERVED CVE-2009-4122