jmm-guest at alioth.debian.org
2008-Jul-08 22:55 UTC
[Secure-testing-commits] r9264 - data/CVE
Author: jmm-guest Date: 2008-07-08 22:55:52 +0000 (Tue, 08 Jul 2008) New Revision: 9264 Modified: data/CVE/list Log: sudo issue CVEfied (I''m keeping the original fix information, since they were coming directly from upstream, please indicate with a NOTE entry if you come to different results) Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-07-08 22:36:48 UTC (rev 9263) +++ data/CVE/list 2008-07-08 22:55:52 UTC (rev 9264) @@ -1,7 +1,8 @@ CVE-2008-3068 (Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, ...) NOT-FOR-US: Microsoft Crypto API CVE-2008-3067 (sudo in SUSE openSUSE 10.3 does not clear the stdin buffer when ...) - - sudo 1.6.8p12-2 (low) + - sudo 1.6.9p12-1 + [etch] - sudo <not-affected> (Issue was introduced in 1.6.9) CVE-2008-3066 RESERVED CVE-2008-3065 @@ -468,9 +469,6 @@ CVE-2008-XXXX [werkzeug hashes its secret instead of using hmac] - python-werkzeug 0.3.1-1 (unknown) NOTE: http://lucumr.pocoo.org/cogitations/2008/06/24/werkzeug-031-released/ -CVE-2008-XXXX [sudo does not flush stdin on timeout] - - sudo 1.6.9p12-1 - [etch] - sudo <not-affected> (Issue was introduced in 1.6.9) CVE-2008-2841 (Argument injection vulnerability in XChat 2.8.7b and earlier on ...) - xchat <not-affected> (Windows specific problem) CVE-2008-2840 (Multiple directory traversal vulnerabilities in Exero CMS 1.0.0 and ...)