thr3ads.net - Secure testing commits - [Secure-testing-commits] r10322

If this information is useful, please help other people find it:
Share via:
atomo64-guest at alioth.debian.org
2008-Nov-07 00:26 UTC
[Secure-testing-commits] r10322 - data/CVE

Author: atomo64-guest
Date: 2008-11-07 00:26:05 +0000 (Fri, 07 Nov 2008)
New Revision: 10322

Modified:
   data/CVE/list
Log:
Processed the rest of claimed CVEs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-11-06 23:48:45 UTC (rev 10321)
+++ data/CVE/list	2008-11-07 00:26:05 UTC (rev 10322)
@@ -8,44 +8,14 @@
 	RESERVED
 CVE-2008-4961
 	RESERVED
-begin claimed by atomo64-guest
-CVE-2008-4960 (impose in impose+ 0.2 allows local users to overwrite arbitrary
files ...)
-	TODO: check
-CVE-2008-4958 (gdrae in gdrae 0.1 allows local users to overwrite arbitrary
files via ...)
-	TODO: check
-CVE-2008-4957 (find_flags in gccxml 0.9.0 allows local users to overwrite
arbitrary ...)
-	TODO: check
-CVE-2008-4956 (fwb_install in fwbuilder 2.1.19 allows local users to overwrite
...)
-	TODO: check
-CVE-2008-4955 (freevo.real in freevo 1.8.1 allows local users to overwrite
arbitrary ...)
-	TODO: check
-CVE-2008-4954 (mead.pl in fml 4.0.3 allows local users to overwrite arbitrary
files ...)
-	TODO: check
 CVE-2008-4953 (** DISPUTED ** ...)
-	TODO: check
-CVE-2008-4952 (emacs-jabber in emacs-jabber 0.7.91 allows local users to
overwrite ...)
-	TODO: check
-CVE-2008-4951 (dtc 0.29.6 allows local users to overwrite arbitrary files via a
...)
-	TODO: check
+	- firehol <unfixed> (unimportant; bug #496424)
+	NOTE: attack unfeasible because of $$-${RANDOM}-${RANDOM}
 CVE-2008-4950 (** DISPUTED ** gccross in dpkg-cross 2.3.0 allows local users to
...)
-	TODO: check
-CVE-2008-4948 (fest.pl in digitaldj 0.7.5 allows local users to overwrite
arbitrary ...)
-	TODO: check
-CVE-2008-4947 (dhis-dummy-log-engine in dhis-server 5.3 allows local users to
...)
-	TODO: check
-CVE-2008-4945 (amlabel-cdrw in cdrw-taper 0.4 might allow local users to
overwrite ...)
-	TODO: check
-CVE-2008-4943 (bulmages-servers 0.11.1 allows local users to overwrite
arbitrary ...)
-	TODO: check
-CVE-2008-4942 (audiolink in audiolink 0.05 allows local users to overwrite
arbitrary ...)
-	TODO: check
-CVE-2008-4941 (arb-common 0.0 allows local users to overwrite arbitrary files
via a ...)
-	TODO: check
-CVE-2008-4940 (xmlfile.py in aptoncd 0.1 allows local users to overwrite
arbitrary ...)
-	TODO: check
+	- dpkg-cross <unfixed> (unimportant; bug #496413)
+	NOTE: executed under a chroot when a package failed to cross-build
 CVE-2008-4938 (aegis 4.24 and aegis-web 4.24 allow local users to overwrite
arbitrary ...)
 	TODO: check
-end claimed by atomo64-guest
 CVE-2008-4934 (The hfsplus_block_allocate function in fs/hfsplus/bitmap.c in
the ...)
 	TODO: check
 CVE-2008-4933 (Buffer overflow in the hfsplus_find_cat function in ...)
@@ -1266,25 +1236,25 @@
 CVE-2008-4969 [ltp: insecure temp file]
 	- ltp 20060918-3 (low; bug #496411)
 	[etch] - ltp <no-dsa> (Documented to be only suitable for single user
setups currently)
-CVE-2008-XXXX [fml: insecure temp file]
+CVE-2008-4954 [fml: insecure temp file]
 	- fml <removed> (low; bug #496370)
 	[etch] - fml <no-dsa> (Minor issue)
-CVE-2008-XXXX [gccxml: insecure temp file]
+CVE-2008-4957 [gccxml: insecure temp file]
 	- gccxml <unfixed> (unimportant; bug #496391)
 	NOTE: Only applies to a script used for an obscure SGI compiler
-CVE-2008-XXXX [bulmages: insecure temp file]
+CVE-2008-4943 [bulmages: insecure temp file]
 	- bulmages <unfixed> (unimportant; bug #496382)
 	NOTE: Only present in example scripts
 CVE-2008-XXXX [printfilters-ppd: insecure temp file]
 	- printfilters-ppd <unfixed> (unimportant; bug #496417)
 	NOTE: Only exploitable when modifying master-filter by hand
-CVE-2008-XXXX [freevo: insecure temp file]
+CVE-2008-4955 [freevo: insecure temp file]
 	- freevo <unfixed> (unimportant; bug #496373)
 	NOTE: Only exploitable when modifying script by hand
 CVE-2008-4974 [netmrg: insecure temp file]
 	- netmrg 0.20-2 (low; bug #496384)
 	[etch] - netmrg <no-dsa> (Minor issue)
-CVE-2008-XXXX [impose+: insecure temp file]
+CVE-2008-4960 [impose+: insecure temp file]
 	- impose+ 0.2-11.1 (low; bug #496435)
 	[etch] - impose+ <no-dsa> (Minor issue)
 CVE-2008-4964 [konwert: insecure temp file]
@@ -1368,11 +1338,11 @@
 CVE-2008-4966 [openswan kernel patch: insecure temp file]
 	- linux-patch-openswan <unfixed> (unimportant; bug #496376)
 	NOTE: Only unused packaging bits
-CVE-2008-XXXX [arb: insecure temp file]
+CVE-2008-4941 [arb: insecure temp file]
 	- arb 0.0.20071207.1-5 (low; bug #496396)
-CVE-2008-XXXX [aptoncd: insecure temp file]
+CVE-2008-4940 [aptoncd: insecure temp file]
 	- aptoncd 0.1-1.2 (bug #496390; low)
-CVE-2008-XXXX [dhis-server: insecure temp file]
+CVE-2008-4947 [dhis-server: insecure temp file]
 	- dhis-server 5.3-1.2 (bug #496388; unimportant)
 CVE-2008-4967 [linuxtrade: insecure temp file]
 	- linuxtrade <removed> (unimportant; bug #496372)
@@ -1381,13 +1351,13 @@
 CVE-2008-4980 [rccp: insecure temp file]
 	- rccp 0.9-2.1 (low; bug #496364)
 	[etch] - rccp <no-dsa> (Minor issue)
-CVE-2008-XXXX [digitaldj: insecure temp file]
+CVE-2008-4948 [digitaldj: insecure temp file]
 	- digitaldj 0.7.5-6.1 (low; bug #496399)
 	[etch] - digitaldj <no-dsa> (Minor issue)
-CVE-2008-XXXX [cdrw-taper: insecure temp file]
+CVE-2008-4945 [cdrw-taper: insecure temp file]
 	- cdrw-taper 0.4-2.1 (low; bug #496380)
 	[etch] - cdrw-taper <no-dsa> (Minor issue)
-CVE-2008-XXXX [gdrae: insecure temp file]
+CVE-2008-4958 [gdrae: insecure temp file]
 	- gdrae 0.1-1.1 (low; bug #496378)
 	[etch] - gdrae <no-dsa> (Minor issue)
 CVE-2008-4407 (XRunSabre in sabre (aka xsabre) 0.2.4b relies on the ability to
create ...)
@@ -2638,7 +2608,7 @@
 	- bitlbee 1.2.2-1
 end claimed by white
 CVE-2008-4978 [radiance: insecure temp files]
-	- radiance 3R9+20080530-4 (low; bug #496433)
+	- radiance 3R9+20080530-4 (low; bug #496423)
 CVE-2008-3844 (Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for
OpenSSH, ...)
 	NOT-FOR-US: Red Hat services issue
 CVE-2008-3843 (Request Validation (aka the ValidateRequest filters) in ASP.NET
in ...)
@@ -2849,7 +2819,7 @@
 	NOT-FOR-US: Banner Management Script
 CVE-2008-3748 (SQL injection vulnerability in view_group.php in Active PHP
Bookmarks ...)
 	NOT-FOR-US: Active PHP Bookmarks
-CVE-2008-XXXX [emacs-jabber: insecure temp files]
+CVE-2008-4952 [emacs-jabber: insecure temp files]
 	- emacs-jabber 0.7.91-2 (low; bug #496428)
 	[etch] - emacs-jabber <no-dsa> (Minor issue)
 CVE-2008-4987 [xastir: insecure temp files]
@@ -2867,7 +2837,7 @@
 	[etch] - apertium <no-dsa> (Minor issue)
 CVE-2008-4946 (convirt 0.8.2 allows local users to overwrite arbitrary files
via a ...)
 	- convirt <unfixed> (medium; bug #496419)
-CVE-2008-XXXX [audiolink: insecure temp files]
+CVE-2008-4942 [audiolink: insecure temp files]
 	- audiolink 0.05-1.1 (low; bug #496433)
 	[etch] - audiolink <no-dsa> (Minor issue)
 CVE-2008-4968 [lmbench: insecure temp files]
@@ -2919,7 +2889,7 @@
 CVE-2008-4935 (asciiview in aview 1.3.0 allows local users to overwrite
arbitrary ...)
 	- aview 1.3.0rc1-8.1 (low; bug #496422)
 	[etch] - aview <no-dsa> (Minor issue)
-CVE-2008-XXXX [fwbuilder: insecure temp file]
+CVE-2008-4956 [fwbuilder: insecure temp file]
 	- fwbuilder 2.1.19-5 (low; bug #496406)
 	[etch] - fwbuilder <no-dsa> (Minor issue)
 CVE-2008-4440 (The to-upgrade plugin in feta 1.4.16 allows local users to
overwrite ...)
@@ -2934,7 +2904,7 @@
 CVE-2008-XXXX [sgml2x: insecure temp file]
 	- sgml2x 1.0.0-11.2 (low; bug #496368)
 	[etch] - sgml2x <no-dsa> (Minor issue)
-CVE-2008-XXXX [dtc-common: insecure temp file]
+CVE-2008-4951 [dtc-common: insecure temp file]
 	- dtc 0.29.10-1 (low; bug #496362)
 CVE-2008-XXXX [liguidsoap: insecure temp file]
 	- liguidsoap <unfixed> (low; bug #496360)
Secure testing commits - Nov 2008 - r10322 - data/CVE

[Secure-testing-commits] r10322 - data/CVE
