joeyh at alioth.debian.org
2008-Nov-21 21:14 UTC
[Secure-testing-commits] r10451 - data/CVE
Author: joeyh Date: 2008-11-21 21:14:18 +0000 (Fri, 21 Nov 2008) New Revision: 10451 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-11-21 11:56:02 UTC (rev 10450) +++ data/CVE/list 2008-11-21 21:14:18 UTC (rev 10451) @@ -1,4 +1,24 @@ -CVE-2008-5187 [buffer overflow in the XPM loader in imlib2] +CVE-2008-5189 (CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows ...) + TODO: check +CVE-2008-5188 (The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and ...) + TODO: check +CVE-2008-5184 (The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the ...) + TODO: check +CVE-2008-5182 (The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might ...) + TODO: check +CVE-2008-5181 (Microsoft Communicator allows remote attackers to cause a denial of ...) + TODO: check +CVE-2008-5180 (Microsoft Communicator allows remote attackers to cause a denial of ...) + TODO: check +CVE-2008-5179 (Unspecified vulnerability in Microsoft Office Communications Server ...) + TODO: check +CVE-2008-5178 (Heap-based buffer overflow in Opera 9.62 on Windows allows remote ...) + TODO: check +CVE-2008-5177 (Stack-based buffer overflow in the DtbClsLogin function in Yosemite ...) + TODO: check +CVE-2008-5176 (Multiple buffer overflows in Client Software WinCom LPD Total ...) + TODO: check +CVE-2008-5187 (The load function in the XPM loader for imlib2 1.4.2, and possibly ...) - imlib2 <unfixed> (bug #505714) CVE-2008-XXXX [php5 safe mode bypass via php_value error_log in .htaccess] - php5 <unfixed> (unimportant) @@ -35,7 +55,7 @@ RESERVED CVE-2008-5161 (Error handling in the SSH protocol in (1) SSH Tectia Client and Server ...) TODO: check -CVE-2008-5185 [geshi infinite loop] +CVE-2008-5185 (The highlighting functionality in geshi.php in GeSHi before 1.0.8 ...) - php-geshi <unfixed> (medium) NOTE: CVE id requested NOTE: the maintainer is aware of this @@ -114,7 +134,7 @@ TODO: check CVE-2008-5133 (ipnat in IP Filter in Sun Solaris 10 and OpenSolaris before snv_96, ...) TODO: check -CVE-2008-5183 [cupsd crashes when more than 100 rss subscriptions are added] +CVE-2008-5183 (cupsd in CUPS before 1.3.8 allows local users, and possibly remote ...) - cups <unfixed> (bug #506180) [etch] - cupsys <not-affected> (RSS subscription code not yet present) CVE-2008-XXXX [no-ip DUC remote code execution] @@ -327,7 +347,7 @@ - linux-2.6 2.6.26-11 [etch] - linux-2.6.24 <not-affected> (Vulnerable code not present; different ioctls3B) [etch] - linux-2.6 <not-affected> (Vulnerable code not present; different ioctls) -CVE-2008-5031 (Multiple integer overflows in Python 2.5.2 allow context-dependent ...) +CVE-2008-5031 (Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, ...) - python2.5 2.5.2-11.1 TODO: check python2.4 NOTE: definitely fixed in 2.5.2-11.1 for lenny/unstable (svn-updates.dpatch) @@ -600,7 +620,7 @@ CVE-2008-4907 (The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the ...) - dovecot <not-affected> (Vulnerable code not present prior to 1.1.4) TODO: check again if >= 1.1.4 gets uploaded -CVE-2008-5186 [GeSHi: Unspecified Code Execution Vulnerability] +CVE-2008-5186 (** DISPUTED ** ...) - geshi 1.0.8.1-1 (unimportant; bug #504445) NOTE: its rather an application bug if the input to set_language_path is unfiltered user input NOTE: http://comments.gmane.org/gmane.comp.security.oss.general/1152 @@ -735,6 +755,7 @@ CVE-2008-4830 RESERVED CVE-2008-4829 [Streamripper Multiple Buffer Overflow Vulnerabilities] + RESERVED - streamripper 1.63.5-2 (bug #506377) NOTE: http://secunia.com/secunia_research/2008-50/ TODO: check version in etch