thijs at alioth.debian.org
2008-Sep-16 06:53 UTC
[Secure-testing-commits] r9831 - in data: CVE DSA
Author: thijs
Date: 2008-09-16 06:53:40 +0000 (Tue, 16 Sep 2008)
New Revision: 9831
Modified:
data/CVE/list
data/DSA/list
Log:
some new assignments:
phpmyadmin - working on it
adns & python-dns - no action needed
python example - cveified
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-09-15 21:14:15 UTC (rev 9830)
+++ data/CVE/list 2008-09-16 06:53:40 UTC (rev 9831)
@@ -1,7 +1,14 @@
+CVE-2008-4100 [adns predictable transaction id''s and source port]
+ - adns <unfixed> (unimportant; bug #492698)
+ NOTE: adns is not supported in untrusted contexts, see BR
+CVE-2008-4099 [pydns predictable transaction id''s and source port]
+ - python-dns 2.3.1-5 (low; bug #490217)
+CVE-2008-4096 [phpmyadmin code execution PMASA-2008-7]
+ - phpmyadmin <unfixed> (medium)
CVE-2008-XXXX [unsafe use of tempfile in ssmclient]
- smsclient <unfixed> (unimportant; bug #498901)
NOTE: script is not in use and only a suggestion for users
-CVE-2008-XXXX [unsafe use of tempfile in python]
+CVE-2008-4108 [unsafe use of tempfile in python]
- python-defaults <unfixed> (unimportant; bug #498899)
NOTE: script is an example, which can be used by users
CVE-2008-4018 (swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows
local ...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2008-09-15 21:14:15 UTC (rev 9830)
+++ data/DSA/list 2008-09-16 06:53:40 UTC (rev 9831)
@@ -58,7 +58,7 @@
{CVE-2007-2052 CVE-2007-4965 CVE-2008-1679 CVE-2008-1721 CVE-2008-1887}
[etch] - python2.5 2.5-5+etch1
[27 Jul 2008] DSA-1619-1 python-dns - DNS response spoofing
- {CVE-2008-1447}
+ {CVE-2008-1447 CVE-2008-4099}
[etch] - python-dns 2.3.0-5.2+etch1
[26 Jul 2008] DSA-1618-1 ruby1.9 - several vulnerabilities
{CVE-2008-2376 CVE-2008-2662 CVE-2008-2663 CVE-2008-2664 CVE-2008-2725
CVE-2008-2726}