atomo64-guest at alioth.debian.org
2008-Nov-22 20:18 UTC
[Secure-testing-commits] r10458 - data/CVE
Author: atomo64-guest Date: 2008-11-22 20:18:26 +0000 (Sat, 22 Nov 2008) New Revision: 10458 Modified: data/CVE/list Log: Track new issues and more info on the cups issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-11-22 14:23:17 UTC (rev 10457) +++ data/CVE/list 2008-11-22 20:18:26 UTC (rev 10458) @@ -1,3 +1,12 @@ +CVE-2008-XXXX [race condition in shadow could lead to gaining ownership or changing mode of arbitrary files] + - shadow 1:4.1.1-6 (bug #505271) + TODO: check version in etch +CVE-2008-XXXX [verlihub remote command execution and the possibility of attack with the help of symlinks] + - verlihub <unfixed> (medium; bug #506530) + TODO: further investigation on this package is needed + NOTE: see http://asdfasdf.ethz.ch/~tar/lina/rats/verlihub.rats +CVE-2008-XXXX [Quassel CTCP Handling Arbitrary Message Manipulation Vulnerability] + - quassel <unfixed> (bug #506550) CVE-2008-5189 (CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows ...) TODO: check CVE-2008-5188 (The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and ...) @@ -3,5 +12,6 @@ TODO: check CVE-2008-5184 (The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the ...) - TODO: check + - cups 1.3.8-1 + TODO: check if version in etch is affected CVE-2008-5182 (The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might ...) TODO: check @@ -755,8 +765,6 @@ CVE-2008-4829 [Streamripper Multiple Buffer Overflow Vulnerabilities] RESERVED - streamripper 1.63.5-2 (bug #506377) - NOTE: http://secunia.com/secunia_research/2008-50/ - TODO: check version in etch CVE-2008-4828 RESERVED CVE-2008-4827