thr3ads.net - Secure testing commits - [Secure-testing-commits] r10321

If this information is useful, please help other people find it:
Share via:
atomo64-guest at alioth.debian.org
2008-Nov-06 23:48 UTC
[Secure-testing-commits] r10321 - data/CVE

Author: atomo64-guest
Date: 2008-11-06 23:48:45 +0000 (Thu, 06 Nov 2008)
New Revision: 10321

Modified:
   data/CVE/list
Log:
Processed some, claimed even more


Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-11-06 23:37:48 UTC (rev 10320)
+++ data/CVE/list	2008-11-06 23:48:45 UTC (rev 10321)
@@ -2,38 +2,15 @@
 	RESERVED
 CVE-2008-4989
 	RESERVED
-begin claimed by atomo64-guest
-CVE-2008-4988 (pscal in xcal 4.1 allows local users to overwrite arbitrary
files via ...)
-	TODO: check
-CVE-2008-4983 (scilab-bin 4.1.2 allows local users to overwrite arbitrary files
via a ...)
-	TODO: check
-CVE-2008-4977 (** DISPUTED ** ...)
-	TODO: check
-CVE-2008-4971 (mafft-homologs in mafft 6.240 allows local users to overwrite
...)
-	TODO: check
-CVE-2008-4970 (runiozone in lustre 1.6.5 allows local users to overwrite
arbitrary ...)
-	TODO: check
-CVE-2008-4969 (ltp-network-test 20060918 allows local users to overwrite
arbitrary ...)
-	TODO: check
-CVE-2008-4968 (The (1) rccs and (2) STUFF scripts in lmbench 3.0-a7 allow local
users ...)
-	TODO: check
-CVE-2008-4967 (linuxtrade 3.65 allows local users to overwrite arbitrary files
via a ...)
-	TODO: check
-CVE-2008-4966 (linux-patch-openswan 2.4.12 allows local users to overwrite
arbitrary ...)
-	TODO: check
-CVE-2008-4965 (liguidsoap.py in liguidsoap 0.3.8.1+2 allows local users to
overwrite ...)
-	TODO: check
-end claimed by atomo64-guest
 CVE-2008-4963 (Unspecified vulnerability in the VLAN Trunking Protocol (VTP)
...)
 	TODO: check
 CVE-2008-4962
 	RESERVED
 CVE-2008-4961
 	RESERVED
+begin claimed by atomo64-guest
 CVE-2008-4960 (impose in impose+ 0.2 allows local users to overwrite arbitrary
files ...)
 	TODO: check
-CVE-2008-4959 (geo-code in gpsdrive-scripts 2.10~pre4 allows local users to
overwrite ...)
-	TODO: check
 CVE-2008-4958 (gdrae in gdrae 0.1 allows local users to overwrite arbitrary
files via ...)
 	TODO: check
 CVE-2008-4957 (find_flags in gccxml 0.9.0 allows local users to overwrite
arbitrary ...)
@@ -68,8 +45,7 @@
 	TODO: check
 CVE-2008-4938 (aegis 4.24 and aegis-web 4.24 allow local users to overwrite
arbitrary ...)
 	TODO: check
-CVE-2008-4937 (senddoc in OpenOffice.org (OOo) 2.4.1 allows local users to
overwrite ...)
-	TODO: check
+end claimed by atomo64-guest
 CVE-2008-4934 (The hfsplus_block_allocate function in fs/hfsplus/bitmap.c in
the ...)
 	TODO: check
 CVE-2008-4933 (Buffer overflow in the hfsplus_find_cat function in ...)
@@ -1287,7 +1263,7 @@
 	NOT-FOR-US: CA ARCserve Backup
 CVE-2008-4396 (Stack-based buffer overflow in Safer Networking FileAlyzer
1.6.0.0 and ...)
 	NOT-FOR-US: Safer Networking FileAlyzer
-CVE-2008-XXXX [ltp: insecure temp file]
+CVE-2008-4969 [ltp: insecure temp file]
 	- ltp 20060918-3 (low; bug #496411)
 	[etch] - ltp <no-dsa> (Documented to be only suitable for single user
setups currently)
 CVE-2008-XXXX [fml: insecure temp file]
@@ -1323,7 +1299,7 @@
 CVE-2008-XXXX [bk2site: insecure temp file]
 	- bk2site <unfixed> (unimportant; bug #496430)
 	NOTE: Only debug code, script needs to be edited to exploit this
-CVE-2008-XXXX [scilab: insecure temp file]
+CVE-2008-4983 [scilab: insecure temp file]
 	- scilab 4.1.2-6 (low; bug #496414)
 	[etch] - scilab <no-dsa> (Non-free not supported)
 CVE-2008-4395 (Multiple buffer overflows in the ndiswrapper module 1.53 for the
Linux ...)
@@ -1387,9 +1363,9 @@
 	NOT-FOR-US: Java on OSX
 CVE-2008-4367
 	RESERVED
-CVE-2008-XXXX [liquidsoap: insecure temp file]
+CVE-2008-4965 [liquidsoap: insecure temp file]
 	- liquidsoap <unfixed> (low; bug #496360)
-CVE-2008-XXXX [openswan kernel patch: insecure temp file]
+CVE-2008-4966 [openswan kernel patch: insecure temp file]
 	- linux-patch-openswan <unfixed> (unimportant; bug #496376)
 	NOTE: Only unused packaging bits
 CVE-2008-XXXX [arb: insecure temp file]
@@ -1398,7 +1374,7 @@
 	- aptoncd 0.1-1.2 (bug #496390; low)
 CVE-2008-XXXX [dhis-server: insecure temp file]
 	- dhis-server 5.3-1.2 (bug #496388; unimportant)
-CVE-2008-XXXX [linuxtrade: insecure temp file]
+CVE-2008-4967 [linuxtrade: insecure temp file]
 	- linuxtrade <removed> (unimportant; bug #496372)
 	NOTE: unimportant since the program is dysfunctional with the current
 	NOTE: trading website and thus not exploitable for practical purposes
@@ -1784,13 +1760,13 @@
 CVE-2008-XXXX [jumpnbump: insecure temp file]
 	- jumpnbump 1.50+dfsg1-1 (low; bug #500611)
 	[etch] - jumpnbump 1.50-6+etch1
-CVE-2008-XXXX [gpsdrive: insecure temp file]
+CVE-2008-4959 [gpsdrive: insecure temp file]
 	- gpsdrive 2.10~pre4-6.dfsg-1 (low; bug #496436)
 	[etch] - gpsdrive <no-dsa> (Minor issue)
 CVE-2008-4949 (dist 3.5 allows local users to overwrite arbitrary files via a
symlink ...)
 	- dist 1:3.5-17-2 (low; bug #496412)
 	[etch] - dist 3.70-31etch1
-CVE-2008-XXXX [lustre: insecure temp files]
+CVE-2008-4970 [lustre: insecure temp files]
 	- lustre 1.6.5.1-1 (low; bug #496371)
 CVE-2008-4247 (ftpd in OpenBSD 4.3, FreeBSD 7.0, and NetBSD 4.0 interprets long
...)
 	- linux-ftpd-ssl 0.17.27+0.3-3 (bug #500518)
@@ -2894,7 +2870,7 @@
 CVE-2008-XXXX [audiolink: insecure temp files]
 	- audiolink 0.05-1.1 (low; bug #496433)
 	[etch] - audiolink <no-dsa> (Minor issue)
-CVE-2008-XXXX [lmbench: insecure temp files]
+CVE-2008-4968 [lmbench: insecure temp files]
 	- lmbench <unfixed> (low; bug #496427)
 	[etch] - lmbench <no-dsa> (Non-free not supported)
 CVE-2008-4975 [newsgate: insecure temp files]
@@ -2926,7 +2902,7 @@
 	[etch] - mgt <no-dsa> (Minor issue)
 CVE-2008-XXXX [twiki: insecure temp file]
 	- twiki 1:4.1.2-4 (low; bug #494648)
-CVE-2008-XXXX [mafft: insecure temp file]
+CVE-2008-4971 [mafft: insecure temp file]
 	- mafft 6.240-2 (low; bug #496366)
 CVE-2008-XXXX [xen-3: insecure temp file]
 	- xen-3 <unfixed> (low; bug #496367)
@@ -2949,7 +2925,7 @@
 CVE-2008-4440 (The to-upgrade plugin in feta 1.4.16 allows local users to
overwrite ...)
 	{DSA-1643-1}
 	- feta 1.4.16+nmu1 (low; bug #496397)
-CVE-2008-XXXX [postfix: insecure temp file]
+CVE-2008-4977 [postfix: insecure temp file]
 	- postfix <unfixed> (unimportant; bug #496401)
 	NOTE: Not enabled by default, needs manual modification of a script
 CVE-2008-4944 (writtercontrol in cdcontrol 1.90 allows local users to overwrite
...)
@@ -2965,7 +2941,7 @@
 CVE-2008-XXXX [xmcd: insecure temp file]
 	- xmcd 2.6-21 (low; bug #496416)
 	[etch] - xmcd <no-dsa> (Minor issue)
-CVE-2008-XXXX [xcal: insecure temp file]
+CVE-2008-4988 [xcal: insecure temp file]
 	- xcal 4.1-19 (low; bug #496393)
 	[etch] - xcal <no-dsa> (Minor issue)
 CVE-2008-3791 (src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop ...)
@@ -2981,7 +2957,7 @@
 	NOTE:
http://sourceforge.net/tracker/index.php?func=detail&aid=2019492&group_id=180858&atid=894869
 	NOTE: non-issue, not exploitable by other users
 	NOTE: CVE id requested
-CVE-2008-XXXX [openoffice: insecure temp file]
+CVE-2008-4937 [openoffice: insecure temp file]
 	- openoffice.org 1:2.4.1-8 (low; bug #496361)
 	[etch] - openoffice.org <not-affected> (Vulnerable code not present)
 	NOTE: also not present in 3.0.0, only in 2.4.1. Fix pending upload.
Secure testing commits - Nov 2008 - r10321 - data/CVE

[Secure-testing-commits] r10321 - data/CVE
