thr3ads.net - Secure testing commits - [Secure-testing-commits] r10379

If this information is useful, please help other people find it:
Share via:
joeyh at alioth.debian.org
2008-Nov-12 21:14 UTC
[Secure-testing-commits] r10379 - data/CVE

Author: joeyh
Date: 2008-11-12 21:14:14 +0000 (Wed, 12 Nov 2008)
New Revision: 10379

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-11-12 16:18:31 UTC (rev 10378)
+++ data/CVE/list	2008-11-12 21:14:14 UTC (rev 10379)
@@ -1,3 +1,39 @@
+CVE-2008-5034 (** DISPUTED ** ...)
+	TODO: check
+CVE-2008-5033 (The chip_command function in drivers/media/video/tvaudio.c in
the ...)
+	TODO: check
+CVE-2008-5031 (Multiple integer overflows in Python 2.5.2 allow
context-dependent ...)
+	TODO: check
+CVE-2008-5030 (Heap-based buffer overflow in the cddb_read_disc_data function
in ...)
+	TODO: check
+CVE-2008-5024
+	RESERVED
+CVE-2008-5023
+	RESERVED
+CVE-2008-5022
+	RESERVED
+CVE-2008-5021
+	RESERVED
+CVE-2008-5020
+	RESERVED
+CVE-2008-5019
+	RESERVED
+CVE-2008-5018
+	RESERVED
+CVE-2008-5017
+	RESERVED
+CVE-2008-5016
+	RESERVED
+CVE-2008-5015
+	RESERVED
+CVE-2008-5014
+	RESERVED
+CVE-2008-5013
+	RESERVED
+CVE-2008-5012
+	RESERVED
+CVE-2008-5010 (in.dhcpd in the DHCP implementation in Sun Solaris 8 through 10,
and ...)
+	TODO: check
 CVE-2008-XXXX [OptiPNG BMP Reader Buffer Overflow]
 	- optipng <unfixed> (bug #505399)
 	NOTE: This is SA32651
@@ -3,16 +39,17 @@
 CVE-2008-XXXX [tor: changing user does not clear supplementary group entries]
 	- tor <unfixed> (bug #505178)
-CVE-2008-5035
+CVE-2008-5035 (The Resource Monitoring and Control (RMC) daemon in IBM Hardware
...)
 	NOT-FOR-US: IBM Hardware Management Console
-CVE-2008-5026
+CVE-2008-5026 (Microsoft SharePoint uses URLs with the same hostname and port
number ...)
 	NOT-FOR-US: Microsoft
-CVE-2008-5011
+CVE-2008-5011 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus
...)
 	NOT-FOR-US: IBM Lotus Quickr
-CVE-2008-5009
+CVE-2008-5009 (Race condition in the s_xout kernel module in Sun Solstice X.25
9.2, ...)
 	NOT-FOR-US: Sun Solstice X.25
 CVE-2008-5025 [kernel: one more hfsplus issue]
+	RESERVED
 	- linux-2.6 <unfixed>
 	- linux-2.6.24 <unfixed>
-CVE-2008-5029 [kernel: net/core/scm.c DoS]
+CVE-2008-5029 (The __scm_destroy function in net/core/scm.c in the Linux kernel
...)
 	- linux-2.6 <unfixed>
 	- linux-2.6.24 <unfixed>
@@ -22,8 +59,10 @@
 CVE-2008-5008 (Buffer overflow in src/src_sinc.c in Secret Rabbit Code (aka SRC
or ...)
 	- libsamplerate 0.1.4-1
 CVE-2008-5006 (smtp.c in the c-client library in University of Washington IMAP
...)
+	{DTSA-174-1}
 	- uw-imap 7:2007d~dfsg-1
 CVE-2008-5005 (Multiple stack-based buffer overflows in (1) University of
Washington ...)
+	{DTSA-174-1}
 	[lenny] - uw-imap 2007b~dfsg-4+lenny1
 	- uw-imap 7:2007d~dfsg-1
 	- alpine <not-affected> (vulnerable code present but tmail/dmail wont be
installed)
@@ -83,10 +122,10 @@
 	NOT-FOR-US: U-Mail Webmail server
 CVE-2008-XXXX [universalindentgui insecure usage of temp files]
 	- universalindentgui <unfixed> (low; bug #504726)
-CVE-2008-5032 [vlc buffer overflow in cue handling]
+CVE-2008-5032 (Stack-based buffer overflow in VideoLAN VLC media player 0.5.0
through ...)
 	{DTSA-176-1}
 	- vlc 0.8.6.h-5 (medium; bug #504639)
-CVE-2008-5036 [vlc buffer overflow in realtext subtitle parsing]
+CVE-2008-5036 (Stack-based buffer overflow in VideoLAN VLC media player 0.9.x
before ...)
 	- vlc <not-affected> (Vulnerable code not present in 0.8.x)
 	TODO: recheck if 0.9 gets uploaded to unstable
 CVE-2008-4931 (Cross-site scripting (XSS) vulnerability in the account module
in ...)
@@ -118,11 +157,11 @@
 	NOT-FOR-US: eXPert PDF Viewer X ActiveX
 CVE-2008-4918 (Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS
Enhanced ...)
 	NOT-FOR-US: SonicOS Enhanced
-CVE-2008-5027 [command injection in nagios]
+CVE-2008-5027 (The Nagios process in (1) Nagios before 3.0.5 and (2) op5
Monitor ...)
 	- nagios3 <unfixed> (unimportant)
 	NOTE: the nagios process shouldnt have rights to execute important commands
and non-trusted
 	NOTE: users shouldn''t have access to nagios anyway
-CVE-2008-5028 [CSRF in nagios]
+CVE-2008-5028 (Cross-site request forgery (CSRF) vulnerability in cmd.cgi in
(1) ...)
 	- nagios3 <unfixed> (low; bug #504894)
 	[etch] - nagios2 <no-dsa> (CSRF can only cause DoS and needs
admin''s browser)
 	TODO: check nagios2
@@ -1370,8 +1409,7 @@
 	RESERVED
 CVE-2008-4388
 	RESERVED
-CVE-2008-4387
-	RESERVED
+CVE-2008-4387 (Unspecified vulnerability in the Simba MDrmSap ActiveX control
in ...)
 	NOT-FOR-US: ActiveX
 CVE-2008-4386
 	RESERVED
@@ -1807,7 +1845,7 @@
 	- redhat-cluster 2.20081102-1 (bug #496410; low)
 CVE-2008-4191 (extract-table.pl in Emacspeak 26 and 28 allows local users to
...)
 	- emacspeak 28.0-2 (bug #496431; low)
-        [lenny] - emacspeak 26.0-3+lenny1 
+	[lenny] - emacspeak 26.0-3+lenny1 
 	[etch] - emacspeak <no-dsa> (Minor issue)
 CVE-2008-4190 (The IPSEC livetest tool in Openswan 2.4.12 and earlier, and
2.6.x ...)
 	- openswan 1:2.4.12+dfsg-1.3 (bug #496374; low)
Secure testing commits - Nov 2008 - r10379 - data/CVE

[Secure-testing-commits] r10379 - data/CVE
