atomo64-guest at alioth.debian.org
2008-Nov-20 21:38 UTC
[Secure-testing-commits] r10441 - data/CVE
Author: atomo64-guest Date: 2008-11-20 21:38:53 +0000 (Thu, 20 Nov 2008) New Revision: 10441 Modified: data/CVE/list Log: Commented on some issues, filed some bugs, NFUs, and one new issue in mailscanner and another one in php5 Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-11-20 21:14:15 UTC (rev 10440) +++ data/CVE/list 2008-11-20 21:38:53 UTC (rev 10441) @@ -1,3 +1,8 @@ +CVE-2008-XXXX [php5 safe mode bypass via php_value error_log in .htaccess] + - php5 <unfixed> (unimportant) + NOTE: http://securityreason.com/achievement_securityalert/57 +CVE-2008-XXXX [multiple insecure temp files issues in mailscanner] + - mailscanner <unfixed> (bug #506353) CVE-2008-5175 (Directory traversal vulnerability in the FTP client in AceFTP Freeware ...) TODO: check CVE-2008-5174 (SQL injection vulnerability in joke.php in Jokes Complete Website ...) @@ -21,9 +26,9 @@ CVE-2008-5165 (Multiple SQL injection vulnerabilities in eTicket 1.5.7 allow remote ...) TODO: check CVE-2008-5164 (Multiple cross-site scripting (XSS) vulnerabilities in The Rat CMS ...) - TODO: check + NOT-FOR-US: The Rat CMS CVE-2008-5163 (Multiple SQL injection vulnerabilities in The Rat CMS Pre-Alpha 2 ...) - TODO: check + NOT-FOR-US: The Rat CMS CVE-2008-5162 RESERVED CVE-2008-5161 (Error handling in the SSH protocol in (1) SSH Tectia Client and Server ...) @@ -40,7 +45,7 @@ CVE-2008-5158 (Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote ...) TODO: check CVE-2008-5157 (tau 2.16.4 allows local users to overwrite arbitrary files via a ...) - - tau <unfixed> + - tau <unfixed> (bug #506348) CVE-2008-5156 (si_mkbootserver in systemimager-server 3.6.3 allows local users to ...) - systemimager <unfixed> (bug #506269) CVE-2008-5155 (mail2sms.sh in smsclient 2.0.8z allows local users to overwrite ...) @@ -75,24 +80,32 @@ - ltp <unfixed> (bug #506272) NOTE: this is not the same as CVE-2008-4969 CVE-2008-5144 (nvidia-cg-toolkit-installer in nvidia-cg-toolkit 2.0.0015 allows local ...) - - nvidia-cg-toolkit <unfixed> + - nvidia-cg-toolkit <unfixed> (unimportant) + NOTE: -installer can be run from postinst but unsafe code is only executed when a special option is used when manually running the installer CVE-2008-5143 (mgt-helper in multi-gnome-terminal 1.6.2 allows local users to ...) [etch] - multi-gnome-terminal <unfixed> - multi-gnome-terminal <removed> CVE-2008-5142 (sendbug in freebsd-sendpr 3.113+5.3 on Debian GNU/Linux allows local ...) - - freebsd-sendpr <unfixed> + - freebsd-sendpr <unfixed> (unimportant) + NOTE: code is only executed when the script to send bug reports fails CVE-2008-5141 (flamethrower in flamethrower 0.1.8 allows local users to overwrite ...) - - flamethrower <unfixed> + - flamethrower <unfixed> (bug #506350) CVE-2008-5140 (trend-autoupdate.new in mailscanner 4.55.10 allows local users to ...) - - mailscanner <unfixed> + [etch] - mailscanner <no-dsa> (unimportant) + - mailscanner <not-affected> (affected file no longer present) + NOTE: script should only be used when the private Trend Micro antivirus is installed CVE-2008-5139 (updatejail in jailer 0.4 allows local users to overwrite arbitrary ...) - jailer <unfixed> + TODO: @raphael: comment on the issue CVE-2008-5138 (passwdehd in libpam-mount 0.43 allows local users to overwrite ...) - libpam-mount <unfixed> + TODO: @raphael: comment on the issue CVE-2008-5137 (tkman in tkman 2.2 allows local users to overwrite arbitrary files via ...) - tkman <unfixed> + TODO: @raphael: comment on the issue CVE-2008-5136 (tkusr in tkusr 0.82 allows local users to overwrite arbitrary files ...) - tkusr <unfixed> + TODO: @raphael: comment on the issue CVE-2008-5135 (** DISPUTED ** ...) - os-prober <unfixed> (unimportant) CVE-2008-5134 (Buffer overflow in the lbs_process_bss function in ...)