jmm-guest at alioth.debian.org
2008-Feb-17 13:59 UTC
[Secure-testing-commits] r8176 - data/CVE
Author: jmm-guest
Date: 2008-02-17 13:59:43 +0000 (Sun, 17 Feb 2008)
New Revision: 8176
Modified:
data/CVE/list
Log:
new am-utils issue not affecting Debian
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-02-17 13:31:09 UTC (rev 8175)
+++ data/CVE/list 2008-02-17 13:59:43 UTC (rev 8176)
@@ -1,3 +1,7 @@
+CVE-2008-XXXX [am-utils insecure temp file /tmp/expn$$ ]
+ - am-utils <not-affected> (Affected code not present in the binary
package)
+ NOTE: sendmail includes a copy of the script, which has been fixed since
+ NOTE: several years
CVE-2008-XXXX [unauthenticated remote code execution in festival server]
- festival <unfixed> (medium; bug #466146)
NOTE: CVE id pending
@@ -2895,7 +2899,7 @@
CVE-2008-0003 (Stack-based buffer overflow in the
PAMBasicAuthenticator::PAMCallback ...)
NOT-FOR-US: OpenPegasus CIM management server
CVE-2008-0002 (Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the
context ...)
- - tomcat5.5 <not-affected> (referring to upstream)
+ - tomcat5.5 <not-affected> (Only Tomcat 6 is affected, according to
upstream)
CVE-2008-0001 (VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before
...)
{DSA-1479-1}
- linux-2.6 <unfixed>