Author: nion Date: 2008-04-22 11:17:08 +0000 (Tue, 22 Apr 2008) New Revision: 8595 Modified: data/CVE/list Log: aptlinex cveified Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-04-22 09:14:13 UTC (rev 8594) +++ data/CVE/list 2008-04-22 11:17:08 UTC (rev 8595) @@ -23,9 +23,11 @@ CVE-2008-1903 (PHP remote file inclusion vulnerability in news_show.php in Newanz ...) TODO: check CVE-2008-1902 (The GUI for aptlinex before 0.91 does not sufficiently warn the user ...) - TODO: check + - aptlinex 0.91-1 (low; bug #476572) + NOTE: the user gets a confirmation dialog CVE-2008-1901 (aptlinex before 0.91 allows local users to overwrite arbitrary files ...) - TODO: check + - aptlinex 0.91-1 (medium; bug #476588) + NOTE: code execution via /tmp/gambas-apt-exec is also possible, maintainer confirmed this CVE-2008-1900 (option_Update.asp in Carbon Communities 2.4 and earlier allows remote ...) TODO: check CVE-2008-1899 @@ -165,14 +167,6 @@ - dbmail 2.2.9 CVE-2008-1878 (Stack-based buffer overflow in the demux_nsf_send_chunk function in ...) - xine-lib <unfixed> (medium; bug #476990) -CVE-2008-XXXX [insecure tmp file handling in aptlinex] - - aptlinex 0.91-1 (medium; bug #476588) - NOTE: code execution via /tmp/gambas-apt-exec is also possible, maintainer confirmed this - NOTE: CVE id requested -CVE-2008-XXXX [remove/install packages via crafted links or run] - - aptlinex 0.91-1 (low; bug #476572) - NOTE: the user gets a confirmation dialog - NOTE: CVE id requested CVE-2008-1831 (Multiple unspecified vulnerabilities in the Siebel SimBuilder ...) NOT-FOR-US: Oracle Siebel Enterprise CVE-2008-1830 (Unspecified vulnerability in the PeopleSoft HCM ePerformance component ...)