thijs at alioth.debian.org
2008-Sep-03 09:46 UTC
[Secure-testing-commits] r9731 - data/CVE
Author: thijs Date: 2008-09-03 09:46:29 +0000 (Wed, 03 Sep 2008) New Revision: 9731 Modified: data/CVE/list Log: ruby tuesday is over, postfixed Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-09-03 09:46:03 UTC (rev 9730) +++ data/CVE/list 2008-09-03 09:46:29 UTC (rev 9731) @@ -92,7 +92,7 @@ - nfdump <unfixed> (bug #497452) CVE-2008-3889 [postfix local DoS] RESERVED - - postfix <unfixed> (low) + - postfix 2.5.5-1 (low) [etch] - postfix <not-affected> (Vulnerable code not present) NOTE: http://www.postfix.org/announcements/20080902.html CVE-2008-XXXX [several overflows in wordnet] @@ -315,7 +315,7 @@ - mon <unfixed> (medium; bug #496398) CVE-2008-3790 (The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through ...) - ruby1.8 <unfixed> (bug #496808) - - ruby1.9 <unfixed> + - ruby1.9 1.9.0.2-6 (bug #497610) CVE-2008-XXXX [apertium: insecure temp files] - apertium <unfixed> (low; bug #496395) CVE-2008-XXXX [convirt: insecure temp files] @@ -640,15 +640,15 @@ TODO: check CVE-2008-3657 (The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, ...) - ruby1.8 <unfixed> (bug #494401) - - ruby1.9 <unfixed> (bug #494402) + - ruby1.9 1.9.0.2-6 (bug #494402) NOTE: http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/ CVE-2008-3656 (Algorithmic complexity vulnerability in ...) - ruby1.8 <unfixed> (bug #494401) - - ruby1.9 <unfixed> (bug #494402) + - ruby1.9 1.9.0.2-6 (bug #494402) NOTE: http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/ CVE-2008-3655 (Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through ...) - ruby1.8 <unfixed> (bug #494401) - - ruby1.9 <unfixed> (bug #494402) + - ruby1.9 1.9.0.2-6 (bug #494402) NOTE: http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/ CVE-2008-3654 (Unspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows ...) - tikiwiki <removed> @@ -1099,7 +1099,7 @@ NOTE: browser dos not treated as security issues CVE-2008-3443 (The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, ...) - ruby1.8 <unfixed> (bug #494401) - - ruby1.9 <unfixed> (bug #494401) + - ruby1.9 <unfixed> CVE-2008-3442 (WinZip before 11.0 does not properly verify the authenticity of ...) NOT-FOR-US: WinZip CVE-2008-3441 (Nullsoft Winamp before 5.24 does not properly verify the authenticity ...) @@ -5680,6 +5680,7 @@ - adns <unfixed> (unimportant; bug #492698) - udns <unfixed> (bug #493599) - libnet-dns-perl <unfixed> (low; bug #492700) + - ruby1.9 1.9.0.2-6 (low) NOTE: Unbound, djbdns, pdnsd and PowerDNS are affected by the underlying protocol issue, but NOTE: already use source port randomization. NOTE: Marking non-caching stub resolvers as low since these really should be fixed, but are much less vulnerable than a caching server.