thr3ads.net - Secure testing commits - [Secure-testing-commits] r10326

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2008-Nov-07 09:14 UTC
[Secure-testing-commits] r10326 - data/CVE

Author: joeyh
Date: 2008-11-07 09:14:16 +0000 (Fri, 07 Nov 2008)
New Revision: 10326

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-11-07 08:51:53 UTC (rev 10325)
+++ data/CVE/list	2008-11-07 09:14:16 UTC (rev 10326)
@@ -337,9 +337,9 @@
 CVE-2008-XXXX [htop display corruption]
 	- htop <unfixed> (unimportant; bug #504144)
 	NOTE: CVE id requested
-        NOTE: That scenario is too constructed to call it a security issue,
especially
-        NOTE: given that the standard top will display the maliciously hidden
processes
-        NOTE: just fine. 
+	NOTE: That scenario is too constructed to call it a security issue, especially
+	NOTE: given that the standard top will display the maliciously hidden
processes
+	NOTE: just fine. 
 CVE-2008-XXXX [dia: Python scripts load modules from current directory]
 	- dia <unfixed> (low; bug #504251)
 	[etch] - dia <no-dsa> (Minor issue, only vulnerable when called from
certain dir)
@@ -1011,7 +1011,7 @@
 	NOT-FOR-US: Adobe Flash Player
 CVE-2008-4482 (The XML parser in Xerces-C++ before 3.0.0 allows
context-dependent ...)
 	- xerces-c2 <unfixed> (low; bug #502102)
-        [lenny] - xerces-c2 <no-dsa> (Minor issue, too intrusive to
backport)
+	[lenny] - xerces-c2 <no-dsa> (Minor issue, too intrusive to backport)
 CVE-2008-4480 (Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.x
...)
 	NOT-FOR-US: Novell eDirectory
 CVE-2008-4479 (Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8
...)
@@ -1235,34 +1235,34 @@
 	NOT-FOR-US: CA ARCserve Backup
 CVE-2008-4396 (Stack-based buffer overflow in Safer Networking FileAlyzer
1.6.0.0 and ...)
 	NOT-FOR-US: Safer Networking FileAlyzer
-CVE-2008-4969 [ltp: insecure temp file]
+CVE-2008-4969 (ltp-network-test 20060918 allows local users to overwrite
arbitrary ...)
 	- ltp 20060918-3 (low; bug #496411)
 	[etch] - ltp <no-dsa> (Documented to be only suitable for single user
setups currently)
-CVE-2008-4954 [fml: insecure temp file]
+CVE-2008-4954 (mead.pl in fml 4.0.3 allows local users to overwrite arbitrary
files ...)
 	- fml <removed> (low; bug #496370)
 	[etch] - fml <no-dsa> (Minor issue)
-CVE-2008-4957 [gccxml: insecure temp file]
+CVE-2008-4957 (find_flags in gccxml 0.9.0 allows local users to overwrite
arbitrary ...)
 	- gccxml <unfixed> (unimportant; bug #496391)
 	NOTE: Only applies to a script used for an obscure SGI compiler
-CVE-2008-4943 [bulmages: insecure temp file]
+CVE-2008-4943 (bulmages-servers 0.11.1 allows local users to overwrite
arbitrary ...)
 	- bulmages <unfixed> (unimportant; bug #496382)
 	NOTE: Only present in example scripts
 CVE-2008-XXXX [printfilters-ppd: insecure temp file]
 	- printfilters-ppd <unfixed> (unimportant; bug #496417)
 	NOTE: Only exploitable when modifying master-filter by hand
-CVE-2008-4955 [freevo: insecure temp file]
+CVE-2008-4955 (freevo.real in freevo 1.8.1 allows local users to overwrite
arbitrary ...)
 	- freevo <unfixed> (unimportant; bug #496373)
 	NOTE: Only exploitable when modifying script by hand
-CVE-2008-4974 [netmrg: insecure temp file]
+CVE-2008-4974 (rrdedit in netmrg 0.20 allows local users to overwrite arbitrary
files ...)
 	- netmrg 0.20-2 (low; bug #496384)
 	[etch] - netmrg <no-dsa> (Minor issue)
-CVE-2008-4960 [impose+: insecure temp file]
+CVE-2008-4960 (impose in impose+ 0.2 allows local users to overwrite arbitrary
files ...)
 	- impose+ 0.2-11.1 (low; bug #496435)
 	[etch] - impose+ <no-dsa> (Minor issue)
-CVE-2008-4964 [konwert: insecure temp file]
+CVE-2008-4964 (filters/any-UTF8 in konwert 1.8 allows local users to delete
arbitrary ...)
 	- konwert 1.8-11.2 (low; bug #496379)
 	[etch] - konwert <no-dsa> (Minor issue)
-CVE-2008-4986 [wims: insecure temp file]
+CVE-2008-4986 (wims 3.62 allows local users to overwrite arbitrary files via a
...)
 	- wims 3.62-13.1 (low; bug #496387)
 	[etch] - wims <no-dsa> (Minor issue)
 CVE-2008-4474 (freeradius-dialupadmin in freeradius 2.0.4 allows local users to
...)
@@ -1271,7 +1271,7 @@
 CVE-2008-XXXX [bk2site: insecure temp file]
 	- bk2site <unfixed> (unimportant; bug #496430)
 	NOTE: Only debug code, script needs to be edited to exploit this
-CVE-2008-4983 [scilab: insecure temp file]
+CVE-2008-4983 (scilab-bin 4.1.2 allows local users to overwrite arbitrary files
via a ...)
 	- scilab 4.1.2-6 (low; bug #496414)
 	[etch] - scilab <no-dsa> (Non-free not supported)
 CVE-2008-4395 (Multiple buffer overflows in the ndiswrapper module 1.53 for the
Linux ...)
@@ -1335,31 +1335,31 @@
 	NOT-FOR-US: Java on OSX
 CVE-2008-4367
 	RESERVED
-CVE-2008-4965 [liquidsoap: insecure temp file]
+CVE-2008-4965 (liguidsoap.py in liguidsoap 0.3.8.1+2 allows local users to
overwrite ...)
 	- liquidsoap <unfixed> (low; bug #496360)
-CVE-2008-4966 [openswan kernel patch: insecure temp file]
+CVE-2008-4966 (linux-patch-openswan 2.4.12 allows local users to overwrite
arbitrary ...)
 	- linux-patch-openswan <unfixed> (unimportant; bug #496376)
 	NOTE: Only unused packaging bits
-CVE-2008-4941 [arb: insecure temp file]
+CVE-2008-4941 (arb-common 0.0 allows local users to overwrite arbitrary files
via a ...)
 	- arb 0.0.20071207.1-5 (low; bug #496396)
-CVE-2008-4940 [aptoncd: insecure temp file]
+CVE-2008-4940 (xmlfile.py in aptoncd 0.1 allows local users to overwrite
arbitrary ...)
 	- aptoncd 0.1-1.2 (bug #496390; low)
-CVE-2008-4947 [dhis-server: insecure temp file]
+CVE-2008-4947 (dhis-dummy-log-engine in dhis-server 5.3 allows local users to
...)
 	- dhis-server 5.3-1.2 (bug #496388; unimportant)
-CVE-2008-4967 [linuxtrade: insecure temp file]
+CVE-2008-4967 (linuxtrade 3.65 allows local users to overwrite arbitrary files
via a ...)
 	- linuxtrade <removed> (unimportant; bug #496372)
 	NOTE: unimportant since the program is dysfunctional with the current
 	NOTE: trading website and thus not exploitable for practical purposes
-CVE-2008-4980 [rccp: insecure temp file]
+CVE-2008-4980 (delqueueask in rccp 0.9 allows local users to overwrite
arbitrary ...)
 	- rccp 0.9-2.1 (low; bug #496364)
 	[etch] - rccp <no-dsa> (Minor issue)
-CVE-2008-4948 [digitaldj: insecure temp file]
+CVE-2008-4948 (fest.pl in digitaldj 0.7.5 allows local users to overwrite
arbitrary ...)
 	- digitaldj 0.7.5-6.1 (low; bug #496399)
 	[etch] - digitaldj <no-dsa> (Minor issue)
-CVE-2008-4945 [cdrw-taper: insecure temp file]
+CVE-2008-4945 (amlabel-cdrw in cdrw-taper 0.4 might allow local users to
overwrite ...)
 	- cdrw-taper 0.4-2.1 (low; bug #496380)
 	[etch] - cdrw-taper <no-dsa> (Minor issue)
-CVE-2008-4958 [gdrae: insecure temp file]
+CVE-2008-4958 (gdrae in gdrae 0.1 allows local users to overwrite arbitrary
files via ...)
 	- gdrae 0.1-1.1 (low; bug #496378)
 	[etch] - gdrae <no-dsa> (Minor issue)
 CVE-2008-4407 (XRunSabre in sabre (aka xsabre) 0.2.4b relies on the ability to
create ...)
@@ -1732,13 +1732,13 @@
 CVE-2008-XXXX [jumpnbump: insecure temp file]
 	- jumpnbump 1.50+dfsg1-1 (low; bug #500611)
 	[etch] - jumpnbump 1.50-6+etch1
-CVE-2008-4959 [gpsdrive: insecure temp file]
+CVE-2008-4959 (geo-code in gpsdrive-scripts 2.10~pre4 allows local users to
overwrite ...)
 	- gpsdrive 2.10~pre4-6.dfsg-1 (low; bug #496436)
 	[etch] - gpsdrive <no-dsa> (Minor issue)
 CVE-2008-4949 (dist 3.5 allows local users to overwrite arbitrary files via a
symlink ...)
 	- dist 1:3.5-17-2 (low; bug #496412)
 	[etch] - dist 3.70-31etch1
-CVE-2008-4970 [lustre: insecure temp files]
+CVE-2008-4970 (runiozone in lustre 1.6.5 allows local users to overwrite
arbitrary ...)
 	- lustre 1.6.5.1-1 (low; bug #496371)
 CVE-2008-4247 (ftpd in OpenBSD 4.3, FreeBSD 7.0, and NetBSD 4.0 interprets long
...)
 	- linux-ftpd-ssl 0.17.27+0.3-3 (bug #500518)
@@ -1957,6 +1957,7 @@
 	{DSA-1662-1}
 	- mysql-dfsg-5.0 5.0.67-1
 CVE-2008-4097 (MySQL 5.0.51a allows local users to bypass certain privilege
checks by ...)
+	{DSA-1608-1}
 	- mysql-dfsg-5.0 5.0.51a-10
 CVE-2008-4095 (Multiple unspecified vulnerabilities in the Importer in Flip4Mac
WMV ...)
 	NOT-FOR-US: Flip4Mac WMV
@@ -2609,7 +2610,7 @@
 CVE-2008-3920 (Unspecified vulnerability in BitlBee before 1.2.2 allows remote
...)
 	- bitlbee 1.2.2-1
 end claimed by white
-CVE-2008-4978 [radiance: insecure temp files]
+CVE-2008-4978 (radiance 3R9+20080530 allows local users to overwrite arbitrary
files ...)
 	- radiance 3R9+20080530-4 (low; bug #496423)
 CVE-2008-3844 (Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for
OpenSSH, ...)
 	NOT-FOR-US: Red Hat services issue
@@ -2821,10 +2822,10 @@
 	NOT-FOR-US: Banner Management Script
 CVE-2008-3748 (SQL injection vulnerability in view_group.php in Active PHP
Bookmarks ...)
 	NOT-FOR-US: Active PHP Bookmarks
-CVE-2008-4952 [emacs-jabber: insecure temp files]
+CVE-2008-4952 (emacs-jabber in emacs-jabber 0.7.91 allows local users to
overwrite ...)
 	- emacs-jabber 0.7.91-2 (low; bug #496428)
 	[etch] - emacs-jabber <no-dsa> (Minor issue)
-CVE-2008-4987 [xastir: insecure temp files]
+CVE-2008-4987 (xastir 1.9.2 allows local users to overwrite arbitrary files via
a ...)
 	- xastir 1.9.2-1.1 (low; bug #496383)
 	[etch] - xastir <no-dsa> (Minor issue)
 CVE-2008-4477 (alert.d/test.alert in mon 0.99.2 allows local users to overwrite
...)
@@ -2839,19 +2840,19 @@
 	[etch] - apertium <no-dsa> (Minor issue)
 CVE-2008-4946 (convirt 0.8.2 allows local users to overwrite arbitrary files
via a ...)
 	- convirt <unfixed> (medium; bug #496419)
-CVE-2008-4942 [audiolink: insecure temp files]
+CVE-2008-4942 (audiolink in audiolink 0.05 allows local users to overwrite
arbitrary ...)
 	- audiolink 0.05-1.1 (low; bug #496433)
 	[etch] - audiolink <no-dsa> (Minor issue)
-CVE-2008-4968 [lmbench: insecure temp files]
+CVE-2008-4968 (The (1) rccs and (2) STUFF scripts in lmbench 3.0-a7 allow local
users ...)
 	- lmbench <unfixed> (low; bug #496427)
 	[etch] - lmbench <no-dsa> (Non-free not supported)
-CVE-2008-4975 [newsgate: insecure temp files]
+CVE-2008-4975 (mkmailpost in newsgate 1.6 allows local users to overwrite
arbitrary ...)
 	- newsgate <removed> (low; bug #496437)
 	[etch] - newsgate <no-dsa> (Non-free not supported)
-CVE-2008-4973 [myspell: insecure temp files]
+CVE-2008-4973 (i2myspell in myspell 3.1 allows local users to overwrite
arbitrary ...)
 	- myspell 1:3.0+pre3.1-21 (low; bug #496392)
 	[etch] - myspell <no-dsa> (Minor issue)
-CVE-2008-4976 [insecure temp file in ogle]
+CVE-2008-4976 (ogle 0.9.2 and ogle-mmx 0.9.2 allow local users to overwrite
arbitrary ...)
 	- ogle <unfixed> (unimportant; bug #496420; bug #496425)
 	NOTE: This only affects debugging scripts not present in standard path
 CVE-2008-3789 (Samba 3.2.0 uses weak permissions (0666) for the (1)
group_mapping.tdb ...)
@@ -2861,20 +2862,20 @@
 CVE-2008-XXXX [insecure temp file in nvi]
 	- nvi 1.81.6-4 (low; bug #496462)
 	[etch] - nvi <no-dsa> (Minor issue, only exploitable in postinst)
-CVE-2008-4982 [rkhunter: insecure temp file]
+CVE-2008-4982 (rkhunter in rkhunter 1.3.2 allows local users to overwrite
arbitrary ...)
 	- rkhunter 1.3.2-6 (low; bug #496375)
 	[etch] - rkhunter <no-dsa> (Minor issue, only in debug mode)
-CVE-2008-4984 [scratchbox2: insecure temp file]
+CVE-2008-4984 (scratchbox2 1.99.0.24 allows local users to overwrite arbitrary
files ...)
 	- scratchbox2 1.99.0.24-2 (low; bug #496409)
-CVE-2008-4981 [realtimebattle: insecure temp file]
+CVE-2008-4981 (perl.robot in realtimebattle 1.0.8 allows local users to
overwrite ...)
 	- realtimebattle 1.0.8-8 (low; bug #496385)
 	[etch] - realtimebattle <no-dsa> (Minor issue)
-CVE-2008-4972 [mgt: insecure temp file]
+CVE-2008-4972 (mailgo in mgt 2.31 allows local users to overwrite arbitrary
files via ...)
 	- mgt 2.31-6 (low; bug #496434)
 	[etch] - mgt <no-dsa> (Minor issue)
 CVE-2008-XXXX [twiki: insecure temp file]
 	- twiki 1:4.1.2-4 (low; bug #494648)
-CVE-2008-4971 [mafft: insecure temp file]
+CVE-2008-4971 (mafft-homologs in mafft 6.240 allows local users to overwrite
...)
 	- mafft 6.240-2 (low; bug #496366)
 CVE-2008-XXXX [xen-3: insecure temp file]
 	- xen-3 <unfixed> (low; bug #496367)
@@ -2891,13 +2892,13 @@
 CVE-2008-4935 (asciiview in aview 1.3.0 allows local users to overwrite
arbitrary ...)
 	- aview 1.3.0rc1-8.1 (low; bug #496422)
 	[etch] - aview <no-dsa> (Minor issue)
-CVE-2008-4956 [fwbuilder: insecure temp file]
+CVE-2008-4956 (fwb_install in fwbuilder 2.1.19 allows local users to overwrite
...)
 	- fwbuilder 2.1.19-5 (low; bug #496406)
 	[etch] - fwbuilder <no-dsa> (Minor issue)
 CVE-2008-4440 (The to-upgrade plugin in feta 1.4.16 allows local users to
overwrite ...)
 	{DSA-1643-1}
 	- feta 1.4.16+nmu1 (low; bug #496397)
-CVE-2008-4977 [postfix: insecure temp file]
+CVE-2008-4977 (** DISPUTED ** ...)
 	- postfix <unfixed> (unimportant; bug #496401)
 	NOTE: Not enabled by default, needs manual modification of a script
 CVE-2008-4944 (writtercontrol in cdcontrol 1.90 allows local users to overwrite
...)
@@ -2906,14 +2907,14 @@
 CVE-2008-XXXX [sgml2x: insecure temp file]
 	- sgml2x 1.0.0-11.2 (low; bug #496368)
 	[etch] - sgml2x <no-dsa> (Minor issue)
-CVE-2008-4951 [dtc-common: insecure temp file]
+CVE-2008-4951 (dtc 0.29.6 allows local users to overwrite arbitrary files via a
...)
 	- dtc 0.29.10-1 (low; bug #496362)
 CVE-2008-XXXX [liguidsoap: insecure temp file]
 	- liguidsoap <unfixed> (low; bug #496360)
 CVE-2008-XXXX [xmcd: insecure temp file]
 	- xmcd 2.6-21 (low; bug #496416)
 	[etch] - xmcd <no-dsa> (Minor issue)
-CVE-2008-4988 [xcal: insecure temp file]
+CVE-2008-4988 (pscal in xcal 4.1 allows local users to overwrite arbitrary
files via ...)
 	- xcal 4.1-19 (low; bug #496393)
 	[etch] - xcal <no-dsa> (Minor issue)
 CVE-2008-3791 (src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop ...)
@@ -2929,14 +2930,14 @@
 	NOTE:
http://sourceforge.net/tracker/index.php?func=detail&aid=2019492&group_id=180858&atid=894869
 	NOTE: non-issue, not exploitable by other users
 	NOTE: CVE id requested
-CVE-2008-4937 [openoffice: insecure temp file]
+CVE-2008-4937 (senddoc in OpenOffice.org (OOo) 2.4.1 allows local users to
overwrite ...)
 	- openoffice.org 1:2.4.1-8 (low; bug #496361)
 	[etch] - openoffice.org <not-affected> (Vulnerable code not present)
 	NOTE: also not present in 3.0.0, only in 2.4.1. Fix pending upload.
-CVE-2008-4979 [rancid: insecure temp file]
+CVE-2008-4979 (getipacctg in rancid 2.3.2~a8 allows local users to overwrite
...)
 	- rancid 2.3.2~a8-2 (low; bug #496426)
 	[etch] - rancid <no-dsa> (Minor issue)
-CVE-2008-4985 [vdr: insecure temp file]
+CVE-2008-4985 (vdrleaktest in vdr 1.6.0 allows local users to overwrite
arbitrary ...)
 	- vdr 1.6.0-6 (low; bug #496421)
 	[etch] - vdr <not-affected> (Vulnerable code not present)
 CVE-2008-XXXX [lazarus: insecure temp file]
Secure testing commits - Nov 2008 - r10326 - data/CVE

[Secure-testing-commits] r10326 - data/CVE
