nion at alioth.debian.org
2008-Nov-21 02:00 UTC
[Secure-testing-commits] r10445 - data/CVE
Author: nion Date: 2008-11-21 02:00:24 +0000 (Fri, 21 Nov 2008) New Revision: 10445 Modified: data/CVE/list Log: cveified geshi, CVE-2008-5186 non-issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-11-21 00:37:14 UTC (rev 10444) +++ data/CVE/list 2008-11-21 02:00:24 UTC (rev 10445) @@ -33,7 +33,7 @@ RESERVED CVE-2008-5161 (Error handling in the SSH protocol in (1) SSH Tectia Client and Server ...) TODO: check -CVE-2008-XXXX [geshi infinite loop] +CVE-2008-5185 [geshi infinite loop] - php-geshi <unfixed> (medium) NOTE: CVE id requested NOTE: the maintainer is aware of this @@ -598,8 +598,9 @@ CVE-2008-4907 (The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the ...) - dovecot <not-affected> (Vulnerable code not present prior to 1.1.4) TODO: check again if >= 1.1.4 gets uploaded -CVE-2008-XXXX [GeSHi: Unspecified Code Execution Vulnerability] - - geshi 1.0.8.1-1 (bug #504445) +CVE-2008-5186 [GeSHi: Unspecified Code Execution Vulnerability] + - geshi 1.0.8.1-1 (unimportant; bug #504445) + NOTE: its rather an application bug if the input to set_language_path is unfiltered user input NOTE: http://comments.gmane.org/gmane.comp.security.oss.general/1152 [lenny] - geshi <no-dsa> (Should be sanitised from the app using geshi) [etch] - geshi <no-dsa> (Should be sanitised from the app using geshi)