thijs at alioth.debian.org
2008-Aug-19 13:33 UTC
[Secure-testing-commits] r9610 - in data: CVE DTSA
Author: thijs
Date: 2008-08-19 13:33:40 +0000 (Tue, 19 Aug 2008)
New Revision: 9610
Modified:
data/CVE/list
data/DTSA/list
Log:
DTSA for postfix only addresses CVE-2008-2936, not CVE-2008-2937.
However, the latter will migrate to testing within a few days.
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-08-19 13:07:04 UTC (rev 9609)
+++ data/CVE/list 2008-08-19 13:33:40 UTC (rev 9610)
@@ -1580,7 +1580,6 @@
TODO: check
CVE-2008-2937 [postfix delivers to mailbox that is not owned by the recipient]
RESERVED
- {DTSA-155-1}
- postfix 2.5.4-1 (low)
[etch] - postfix <no-dsa> (minor issue)
CVE-2008-2936 [postfix hardlink to symlink priv esc]
Modified: data/DTSA/list
==================================================================---
data/DTSA/list 2008-08-19 13:07:04 UTC (rev 9609)
+++ data/DTSA/list 2008-08-19 13:33:40 UTC (rev 9610)
@@ -451,7 +451,7 @@
{CVE-2008-3533}
[lenny] - yelp 2.22.1-3+lenny2
[August 14th, 2008] DTSA-155-1 postfix - local privilege escalation
- {CVE-2008-2937 CVE-2008-2936}
+ {CVE-2008-2936}
[lenny] - postfix 2.5.2-2lenny1
[August 16th, 2008] DTSA-153-2 git-core - stack-based buffer overflow
{CVE-2008-3546}