atomo64-guest at alioth.debian.org
2008-Nov-20 02:27 UTC
[Secure-testing-commits] r10432 - data/CVE
Author: atomo64-guest Date: 2008-11-20 02:27:46 +0000 (Thu, 20 Nov 2008) New Revision: 10432 Modified: data/CVE/list Log: Processed in detail some of the recent issues, and marked the previous ltp issue as unfixed Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-11-20 01:41:10 UTC (rev 10431) +++ data/CVE/list 2008-11-20 02:27:46 UTC (rev 10432) @@ -1,5 +1,5 @@ CVE-2008-5160 (Unspecified vulnerability in MyServer 0.8.11 allows remote attackers ...) - TODO: check + - msp-webserver <unfixed> (bug #506268) CVE-2008-5159 (Integer overflow in the remote administration protocol processing in ...) TODO: check CVE-2008-5158 (Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote ...) @@ -7,29 +7,38 @@ CVE-2008-5157 (tau 2.16.4 allows local users to overwrite arbitrary files via a ...) - tau <unfixed> CVE-2008-5156 (si_mkbootserver in systemimager-server 3.6.3 allows local users to ...) - - systemimager <unfixed> + - systemimager <unfixed> (bug #506269) CVE-2008-5155 (mail2sms.sh in smsclient 2.0.8z allows local users to overwrite ...) - smsclient <unfixed> (bug #498901) CVE-2008-5154 (bluetooth.rc in p3nfs 5.19 allows local users to overwrite arbitrary ...) - - p3nfs <unfixed> + - p3nfs <unfixed> (bug #506270) CVE-2008-5153 (spell-check-logic.cgi in Moodle 1.8.2 allows local users to overwrite ...) - - moodle <unfixed> + - moodle <unfixed> (unimportant) + NOTE: manual editing of file is required to run the unsafe code CVE-2008-5152 (inmail-show in mh-book 200605 allows local users to overwrite ...) - - mh-book <unfixed> + - mh-book <unfixed> (low) + NOTE: unsafe code is in example script CVE-2008-5151 (test_parser.py in mayavi 1.5 allows local users to overwrite arbitrary ...) - - mayavi <unfixed> + - mayavi <unfixed> (unimportant) + NOTE: just a comment, not code CVE-2008-5150 (sample.sh in maildirsync 1.1 allows local users to append data to ...) - - maildirsync <unfixed> + - maildirsync <unfixed> (low) + NOTE: unsafe code is in example script CVE-2008-5149 (fwd_check.sh in libncbi6 6.1.20080302 allows local users to overwrite ...) - - ncbi-tools6 <unfixed> + - ncbi-tools6 <unfixed> (low) + NOTE: unsafe code is in example script CVE-2008-5148 (sch2eaglepos.sh in geda-gnetlist 1.4.0 allows local users to overwrite ...) - - geda-gnetlist <unfixed> + - geda-gnetlist <unfixed> (low) + NOTE: unsafe code is in example script CVE-2008-5147 (test-pipe-to-pyodconverter.org.sh in docvert 2.4 allows local users to ...) - - docvert <unfixed> + - docvert <unfixed> (unimportant) + NOTE: unsafe code is in test script with multiple hardcoded files CVE-2008-5146 (add-accession-numbers in ctn 3.0.6 allows local users to overwrite ...) - - ctn <unfixed> + - ctn <unfixed> (low) + NOTE: unsafe code is in example script CVE-2008-5145 (ltpmenu in ltp 20060918 allows local users to overwrite arbitrary ...) - - ltp <unfixed> + - ltp <unfixed> (bug #506272) + NOTE: this is not the same as CVE-2008-4969 CVE-2008-5144 (nvidia-cg-toolkit-installer in nvidia-cg-toolkit 2.0.0015 allows local ...) - nvidia-cg-toolkit <unfixed> CVE-2008-5143 (mgt-helper in multi-gnome-terminal 1.6.2 allows local users to ...) @@ -1656,7 +1665,7 @@ CVE-2008-4396 (Stack-based buffer overflow in Safer Networking FileAlyzer 1.6.0.0 and ...) NOT-FOR-US: Safer Networking FileAlyzer CVE-2008-4969 (ltp-network-test 20060918 allows local users to overwrite arbitrary ...) - - ltp 20060918-3 (low; bug #496411) + - ltp <unfixed> (low; bug #496411) [etch] - ltp <no-dsa> (Documented to be only suitable for single user setups currently) CVE-2008-4954 (mead.pl in fml 4.0.3 allows local users to overwrite arbitrary files ...) - fml <removed> (low; bug #496370)