Author: nion Date: 2008-05-09 14:35:42 +0000 (Fri, 09 May 2008) New Revision: 8758 Modified: data/CVE/list Log: CVE-2008-1964 does not affect Debian new linux-2.6 issue (CVE-2008-1675) Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-05-09 11:58:40 UTC (rev 8757) +++ data/CVE/list 2008-05-09 14:35:42 UTC (rev 8758) @@ -306,7 +306,9 @@ CVE-2008-1965 (Argument injection vulnerability in the cai: URI handler in ...) NOT-FOR-US: Lotus Expeditor CVE-2008-1964 (** DISPUTED ** ...) - TODO: check + - xine-lib <not-affected> (nsf support disabled by maintainer) + NOTE: xine-lib (1.1.12) uses strndup to allocate the needed memory and limits it to 32 bytes + NOTE: while copyright is 100 bytes long (+ padding for chunks) CVE-2008-1963 (PHP remote file inclusion vulnerability in includes/functions.php in ...) NOT-FOR-US: Quate Grape Web Statistics CVE-2008-1962 (Multiple directory traversal vulnerabilities in Aterr 0.9.1 allow ...) @@ -962,7 +964,8 @@ CVE-2008-1676 RESERVED CVE-2008-1675 (The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux ...) - TODO: check + - linux-2.6 <unfixed> + NOTE: the cve id description states that 2.6.25 is fixed, this is wrong, it''s fixed in 2.6.25.1 CVE-2008-1674 RESERVED CVE-2008-1673