thr3ads.net - Secure testing commits - [Secure-testing-commits] r10312

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2008-Nov-06 21:14 UTC
[Secure-testing-commits] r10312 - data/CVE

Author: joeyh
Date: 2008-11-06 21:14:12 +0000 (Thu, 06 Nov 2008)
New Revision: 10312

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-11-06 20:25:44 UTC (rev 10311)
+++ data/CVE/list	2008-11-06 21:14:12 UTC (rev 10312)
@@ -1,3 +1,109 @@
+CVE-2008-4990
+	RESERVED
+CVE-2008-4989
+	RESERVED
+CVE-2008-4988 (pscal in xcal 4.1 allows local users to overwrite arbitrary
files via ...)
+	TODO: check
+CVE-2008-4987 (xastir 1.9.2 allows local users to overwrite arbitrary files via
a ...)
+	TODO: check
+CVE-2008-4986 (wims 3.62 allows local users to overwrite arbitrary files via a
...)
+	TODO: check
+CVE-2008-4985 (vdrleaktest in vdr 1.6.0 allows local users to overwrite
arbitrary ...)
+	TODO: check
+CVE-2008-4984 (scratchbox2 1.99.0.24 allows local users to overwrite arbitrary
files ...)
+	TODO: check
+CVE-2008-4983 (scilab-bin 4.1.2 allows local users to overwrite arbitrary files
via a ...)
+	TODO: check
+CVE-2008-4982 (rkhunter in rkhunter 1.3.2 allows local users to overwrite
arbitrary ...)
+	TODO: check
+CVE-2008-4981 (perl.robot in realtimebattle 1.0.8 allows local users to
overwrite ...)
+	TODO: check
+CVE-2008-4980 (delqueueask in rccp 0.9 allows local users to overwrite
arbitrary ...)
+	TODO: check
+CVE-2008-4979 (getipacctg in rancid 2.3.2~a8 allows local users to overwrite
...)
+	TODO: check
+CVE-2008-4978 (radiance 3R9+20080530 allows local users to overwrite arbitrary
files ...)
+	TODO: check
+CVE-2008-4977 (** DISPUTED ** ...)
+	TODO: check
+CVE-2008-4976 (ogle 0.9.2 and ogle-mmx 0.9.2 allow local users to overwrite
arbitrary ...)
+	TODO: check
+CVE-2008-4975 (mkmailpost in newsgate 1.6 allows local users to overwrite
arbitrary ...)
+	TODO: check
+CVE-2008-4974 (rrdedit in netmrg 0.20 allows local users to overwrite arbitrary
files ...)
+	TODO: check
+CVE-2008-4973 (i2myspell in myspell 3.1 allows local users to overwrite
arbitrary ...)
+	TODO: check
+CVE-2008-4972 (mailgo in mgt 2.31 allows local users to overwrite arbitrary
files via ...)
+	TODO: check
+CVE-2008-4971 (mafft-homologs in mafft 6.240 allows local users to overwrite
...)
+	TODO: check
+CVE-2008-4970 (runiozone in lustre 1.6.5 allows local users to overwrite
arbitrary ...)
+	TODO: check
+CVE-2008-4969 (ltp-network-test 20060918 allows local users to overwrite
arbitrary ...)
+	TODO: check
+CVE-2008-4968 (The (1) rccs and (2) STUFF scripts in lmbench 3.0-a7 allow local
users ...)
+	TODO: check
+CVE-2008-4967 (linuxtrade 3.65 allows local users to overwrite arbitrary files
via a ...)
+	TODO: check
+CVE-2008-4966 (linux-patch-openswan 2.4.12 allows local users to overwrite
arbitrary ...)
+	TODO: check
+CVE-2008-4965 (liguidsoap.py in liguidsoap 0.3.8.1+2 allows local users to
overwrite ...)
+	TODO: check
+CVE-2008-4964 (filters/any-UTF8 in konwert 1.8 allows local users to delete
arbitrary ...)
+	TODO: check
+CVE-2008-4963 (Unspecified vulnerability in the VLAN Trunking Protocol (VTP)
...)
+	TODO: check
+CVE-2008-4962
+	RESERVED
+CVE-2008-4961
+	RESERVED
+CVE-2008-4960 (impose in impose+ 0.2 allows local users to overwrite arbitrary
files ...)
+	TODO: check
+CVE-2008-4959 (geo-code in gpsdrive-scripts 2.10~pre4 allows local users to
overwrite ...)
+	TODO: check
+CVE-2008-4958 (gdrae in gdrae 0.1 allows local users to overwrite arbitrary
files via ...)
+	TODO: check
+CVE-2008-4957 (find_flags in gccxml 0.9.0 allows local users to overwrite
arbitrary ...)
+	TODO: check
+CVE-2008-4956 (fwb_install in fwbuilder 2.1.19 allows local users to overwrite
...)
+	TODO: check
+CVE-2008-4955 (freevo.real in freevo 1.8.1 allows local users to overwrite
arbitrary ...)
+	TODO: check
+CVE-2008-4954 (mead.pl in fml 4.0.3 allows local users to overwrite arbitrary
files ...)
+	TODO: check
+CVE-2008-4953 (** DISPUTED ** ...)
+	TODO: check
+CVE-2008-4952 (emacs-jabber in emacs-jabber 0.7.91 allows local users to
overwrite ...)
+	TODO: check
+CVE-2008-4951 (dtc 0.29.6 allows local users to overwrite arbitrary files via a
...)
+	TODO: check
+CVE-2008-4950 (** DISPUTED ** gccross in dpkg-cross 2.3.0 allows local users to
...)
+	TODO: check
+CVE-2008-4948 (fest.pl in digitaldj 0.7.5 allows local users to overwrite
arbitrary ...)
+	TODO: check
+CVE-2008-4947 (dhis-dummy-log-engine in dhis-server 5.3 allows local users to
...)
+	TODO: check
+CVE-2008-4945 (amlabel-cdrw in cdrw-taper 0.4 might allow local users to
overwrite ...)
+	TODO: check
+CVE-2008-4943 (bulmages-servers 0.11.1 allows local users to overwrite
arbitrary ...)
+	TODO: check
+CVE-2008-4942 (audiolink in audiolink 0.05 allows local users to overwrite
arbitrary ...)
+	TODO: check
+CVE-2008-4941 (arb-common 0.0 allows local users to overwrite arbitrary files
via a ...)
+	TODO: check
+CVE-2008-4940 (xmlfile.py in aptoncd 0.1 allows local users to overwrite
arbitrary ...)
+	TODO: check
+CVE-2008-4938 (aegis 4.24 and aegis-web 4.24 allow local users to overwrite
arbitrary ...)
+	TODO: check
+CVE-2008-4937 (senddoc in OpenOffice.org (OOo) 2.4.1 allows local users to
overwrite ...)
+	TODO: check
+CVE-2008-4934 (The hfsplus_block_allocate function in fs/hfsplus/bitmap.c in
the ...)
+	TODO: check
+CVE-2008-4933 (Buffer overflow in the hfsplus_find_cat function in ...)
+	TODO: check
+CVE-2008-4932 (webmail/modules/filesystem/edit.php in U-Mail Webmail server
4.91 ...)
+	TODO: check
 CVE-2008-XXXX [universalindentgui insecure usage of temp files]
 	- universalindentgui <unfixed> (bug #504726)
 CVE-2008-XXXX [vlc buffer overflow in cue handling]
@@ -6,8 +112,8 @@
 CVE-2008-XXXX [vlc buffer overflow in realtext subtitle parsing]
 	- vlc <not-affected> (Vulnerable code not present in 0.8.x)
 	TODO: recheck if 0.9 gets uploaded to unstable
-CVE-2008-4931
-	RESERVED
+CVE-2008-4931 (Cross-site scripting (XSS) vulnerability in the account module
in ...)
+	TODO: check
 CVE-2008-4930 (MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an
uploaded ...)
 	NOT-FOR-US: MyBB
 CVE-2008-4929 (MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to
...)
@@ -28,7 +134,8 @@
 	NOT-FOR-US: DjVu ActiveX
 CVE-2008-4921 (board/admin/reguser.php in Chipmunk CMS 1.3 allows remote
attackers to ...)
 	NOT-FOR-US: Chipmunk CMS
-CVE-2008-4920 (Directory traversal vulnerability in Agavi 1.0.0 beta 5 and
earlier ...)
+CVE-2008-4920
+	REJECTED
 	NOT-FOR-US: Agavi
 CVE-2008-4919 (Insecure method vulnerability in VISAGESOFT eXPert PDF Viewer X
...)
 	NOT-FOR-US: eXPert PDF Viewer X ActiveX
@@ -250,18 +357,18 @@
 	RESERVED
 CVE-2008-4818
 	RESERVED
-CVE-2008-4817
-	RESERVED
-CVE-2008-4816
-	RESERVED
-CVE-2008-4815
-	RESERVED
-CVE-2008-4814
-	RESERVED
-CVE-2008-4813
-	RESERVED
-CVE-2008-4812
-	RESERVED
+CVE-2008-4817 (The Download Manager in Adobe Acrobat Professional and Reader
8.1.2 ...)
+	TODO: check
+CVE-2008-4816 (Unspecified vulnerability in the Download Manager in Adobe
Reader ...)
+	TODO: check
+CVE-2008-4815 (Untrusted search path vulnerability in Adobe Reader and Acrobat
8.1.2 ...)
+	TODO: check
+CVE-2008-4814 (Unspecified vulnerability in a JavaScript method in Adobe Reader
and ...)
+	TODO: check
+CVE-2008-4813 (Adobe Reader and Acrobat 8.1.2 and earlier allow remote
attackers to ...)
+	TODO: check
+CVE-2008-4812 (Array index error in Adobe Reader and Acrobat, and the Explorer
...)
+	TODO: check
 CVE-2008-4811 (The _expand_quoted_text function in
libs/Smarty_Compiler.class.php in ...)
 	- smarty <unfixed> (bug #504328)
 	- moodle <unfixed> (bug #504345)
@@ -1243,8 +1350,7 @@
 CVE-2008-XXXX [scilab: insecure temp file]
 	- scilab 4.1.2-6 (low; bug #496414)
 	[etch] - scilab <no-dsa> (Non-free not supported)
-CVE-2008-4395
-	RESERVED
+CVE-2008-4395 (Multiple buffer overflows in the ndiswrapper module 1.53 for the
Linux ...)
 	- ndiswrapper-source 1.53-2 (medium; bug #504696)
 CVE-2008-4394 (Multiple untrusted search path vulnerabilities in Portage before
...)
 	NOT-FOR-US: Gentoo package manager Portage
@@ -1705,7 +1811,7 @@
 CVE-2008-XXXX [gpsdrive: insecure temp file]
 	- gpsdrive 2.10~pre4-6.dfsg-1 (low; bug #496436)
 	[etch] - gpsdrive <no-dsa> (Minor issue)
-CVE-2008-4949 [dist: insecure temp file]
+CVE-2008-4949 (dist 3.5 allows local users to overwrite arbitrary files via a
symlink ...)
 	- dist 1:3.5-17-2 (low; bug #496412)
 	[etch] - dist 3.70-31etch1
 CVE-2008-XXXX [lustre: insecure temp files]
@@ -1924,6 +2030,7 @@
 	- vim 2:7.2.010-1 (bug #500381)
 	[lenny] - vim 1:7.1.314-3+lenny1
 CVE-2008-4098 (MySQL before 5.0.67 allows local users to bypass certain
privilege ...)
+	{DSA-1662-1}
 	- mysql-dfsg-5.0 5.0.67-1
 CVE-2008-4097 (MySQL 5.0.51a allows local users to bypass certain privilege
checks by ...)
 	- mysql-dfsg-5.0 5.0.51a-10
@@ -2803,10 +2910,10 @@
 	{DSA-1652-1 DSA-1651-1}
 	- ruby1.8 1.8.7.72-1 (bug #496808)
 	- ruby1.9 1.9.0.2-6 (bug #497610)
-CVE-2008-4939 [apertium: insecure temp files]
+CVE-2008-4939 (apertium 3.0.7 allows local users to overwrite arbitrary files
via a ...)
 	- apertium 3.0.7+1-1.1 (low; bug #496395)
 	[etch] - apertium <no-dsa> (Minor issue)
-CVE-2008-4946 [convirt: insecure temp files]
+CVE-2008-4946 (convirt 0.8.2 allows local users to overwrite arbitrary files
via a ...)
 	- convirt <unfixed> (medium; bug #496419)
 CVE-2008-XXXX [audiolink: insecure temp files]
 	- audiolink 0.05-1.1 (low; bug #496433)
@@ -2848,7 +2955,7 @@
 CVE-2008-XXXX [xen-3: insecure temp file]
 	- xen-3 <unfixed> (low; bug #496367)
 	[etch] - xen-3 <no-dsa> (Minor issue)
-CVE-2008-4936 [mgetty: insecure temp files]
+CVE-2008-4936 (faxspool in mgetty 1.1.36 allows local users to overwrite
arbitrary ...)
 	- mgetty 1.1.36-1.3 (low; bug #496403)
 	[etch] - mgetty <no-dsa> (Minor issue)
 CVE-2008-4476 (sympa.pl in sympa 5.3.4 allows local users to overwrite
arbitrary ...)
@@ -2857,7 +2964,7 @@
 CVE-2008-XXXX [sng: insecure temp file]
 	- sng 1.0.2-6 (low; bug #496407)
 	[etch] - sng <no-dsa> (Minor issue)
-CVE-2008-4935 [aview: insecure temp file]
+CVE-2008-4935 (asciiview in aview 1.3.0 allows local users to overwrite
arbitrary ...)
 	- aview 1.3.0rc1-8.1 (low; bug #496422)
 	[etch] - aview <no-dsa> (Minor issue)
 CVE-2008-XXXX [fwbuilder: insecure temp file]
@@ -2869,7 +2976,7 @@
 CVE-2008-XXXX [postfix: insecure temp file]
 	- postfix <unfixed> (unimportant; bug #496401)
 	NOTE: Not enabled by default, needs manual modification of a script
-CVE-2008-4944 [cdcontrol: insecure temp file]
+CVE-2008-4944 (writtercontrol in cdcontrol 1.90 allows local users to overwrite
...)
 	- cdcontrol <removed> (low; bug #496438)
 	[etch] - cdcontrol <no-dsa> (Minor issue)
 CVE-2008-XXXX [sgml2x: insecure temp file]
@@ -3445,8 +3552,8 @@
 	NOTE: cdbf6dba28e8e6268c8420857696309470009fd9 (ext3)
 	NOTE: bd39597cbd42a784105a04010100e27267481c67 (ext2)
 	NOTE: 9d9f177572d9e4eba0f2e18523b44f90dd51fe74 (ext4)
-CVE-2008-3527
-	RESERVED
+CVE-2008-3527 (arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared
Objects ...)
+	TODO: check
 CVE-2008-3526 (Integer overflow in the sctp_setsockopt_auth_key function in
...)
 	{DSA-1636-1}
 	- linux-2.6 2.6.26-4
@@ -4667,7 +4774,7 @@
 	NOT-FOR-US: PHPEasyData
 CVE-2008-2993 (Multiple directory traversal vulnerabilities in index.php in FOG
Forum ...)
 	NOT-FOR-US: FOG Forum
-CVE-2008-2992 (Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2
allows ...)
+CVE-2008-2992 (Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2
and ...)
 	TODO: check
 CVE-2008-2991 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp
Server 6 ...)
 	NOT-FOR-US: Adobe RoboHelp Server 7
Secure testing commits - Nov 2008 - r10312 - data/CVE

[Secure-testing-commits] r10312 - data/CVE
