Author: nion Date: 2008-09-11 10:50:44 +0000 (Thu, 11 Sep 2008) New Revision: 9798 Modified: data/CVE/list Log: COMMAND issue in gmanedit non-issue, utf8 conversion overflow got CVE-2008-3971 Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-09-11 10:15:35 UTC (rev 9797) +++ data/CVE/list 2008-09-11 10:50:44 UTC (rev 9798) @@ -93,7 +93,7 @@ CVE-2008-3972 (pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to ...) TODO: check CVE-2008-3971 (Heap-based buffer overflow in the open_man_file function in ...) - TODO: check + - gmanedit <unfixed> (medium; bug #497835) CVE-2008-3970 (pam_mount 0.10 through 0.45, when luserconf is enabled, does not ...) TODO: check CVE-2008-3969 (Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow ...) @@ -228,11 +228,8 @@ CVE-2008-3914 (Multiple unspecified vulnerabilities in ClamAV before 0.94 have ...) - clamav 0.94.dfsg-1 CVE-2008-XXXX [buffer overflow via crafted configuration file (COMMAND)] - - gmanedit <unfixed> (low; bug #497835) - NOTE: CVE id requested -CVE-2008-XXXX [buffer overflow via crafted manual page caused by utf8 conversion] - - gmanedit <unfixed> (medium; bug #497835) - NOTE: CVE id requested + - gmanedit <unfixed> (unimportant; bug #497835) + NOTE: you can execute commands via this with a valid configuration string anyway CVE-2008-3934 (Unspecified vulnerability in Wireshark (formerly Ethereal) 0.99.6 ...) - wireshark <unfixed> (bug #497878) CVE-2008-3933 (Wireshark (formerly Ethereal) 0.10.14 through 1.0.2 allows attackers ...)