atomo64-guest at alioth.debian.org
2008-Nov-21 02:07 UTC
[Secure-testing-commits] r10446 - data/CVE
Author: atomo64-guest Date: 2008-11-21 02:07:18 +0000 (Fri, 21 Nov 2008) New Revision: 10446 Modified: data/CVE/list Log: CVEified some issues and clarified the situation of the two similar CVEs for smarty Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-11-21 02:00:24 UTC (rev 10445) +++ data/CVE/list 2008-11-21 02:07:18 UTC (rev 10446) @@ -1,3 +1,5 @@ +CVE-2008-5187 [buffer overflow in the XPM loader in imlib2] + - imlib2 <unfixed> (bug #505714) CVE-2008-XXXX [php5 safe mode bypass via php_value error_log in .htaccess] - php5 <unfixed> (unimportant) NOTE: http://securityreason.com/achievement_securityalert/57 @@ -112,7 +114,7 @@ TODO: check CVE-2008-5133 (ipnat in IP Filter in Sun Solaris 10 and OpenSolaris before snv_96, ...) TODO: check -CVE-2008-XXXX [cupsd crashes when more than 100 rss subscriptions are added] +CVE-2008-5183 [cupsd crashes when more than 100 rss subscriptions are added] - cups <unfixed> (bug #506180) [etch] - cupsys <not-affected> (RSS subscription code not yet present) CVE-2008-XXXX [no-ip DUC remote code execution] @@ -737,6 +739,7 @@ CVE-2008-4829 [Streamripper Multiple Buffer Overflow Vulnerabilities] - streamripper <unfixed> (bug #506377) NOTE: http://secunia.com/secunia_research/2008-50/ + TODO: check version in etch CVE-2008-4828 RESERVED CVE-2008-4827 @@ -775,14 +778,12 @@ - smarty <unfixed> (bug #504328) - moodle 1.8.2-2 (bug #504345) [etch] - gallery2 <unfixed> - NOTE: this issue is SA32329 - NOTE: trying to clarify on oss-sec, why there are two CVEs + NOTE: This attack vector is *not* fixed in r2797 CVE-2008-4810 (The _expand_quoted_text function in libs/Smarty_Compiler.class.php in ...) - smarty <unfixed> (bug #504328) - moodle 1.8.2-2 (bug #504345) [etch] - gallery2 <unfixed> - NOTE: this issue is SA32329 - NOTE: trying to clarify on oss-sec, why there are two CVEs + NOTE: This attack vector is fixed in r2797 CVE-2008-4809 (Multiple unspecified vulnerabilities in the Profiles search pages in ...) NOT-FOR-US: IBM Lotus Connections CVE-2008-4808 (IBM Lotus Connections 2.x before 2.0.1 allows attackers to discover ...)