jmm-guest at alioth.debian.org
2008-Apr-23 19:08 UTC
[Secure-testing-commits] r8602 - data/CVE
Author: jmm-guest Date: 2008-04-23 19:08:32 +0000 (Wed, 23 Apr 2008) New Revision: 8602 Modified: data/CVE/list Log: two m4 issues are non-issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-04-23 18:07:16 UTC (rev 8601) +++ data/CVE/list 2008-04-23 19:08:32 UTC (rev 8602) @@ -492,9 +492,13 @@ CVE-2008-1689 (Stack consumption vulnerability in WebContainer.exe 1.0.0.336 and ...) NOT-FOR-US: SLMail Pro CVE-2008-1688 (Unspecified vulnerability in GNU m4 before 1.4.11 might allow ...) - - m4 <unfixed> (low) + - m4 <unfixed> (unimportant) + NOTE: The file name is passed through a cmdline argument and m4 doesn''t run with + NOTE: elevated privileges. CVE-2008-1687 (The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before ...) - - m4 <unfixed> (low) + - m4 <unfixed> (unimportant) + NOTE: This is more a generic bug and not a security issue: the random output would + NOTE: need to match the name of an existing macro CVE-2008-1686 (Array index vulnerability in Speex 1.1.12 and earlier, as used in ...) - speex 1.2~beta2-1 (medium) - libfishsound 0.7.0-2.2 (medium; bug #475152)