nion at alioth.debian.org
2008-Dec-08 09:05 UTC
[Secure-testing-commits] r10657 - data/CVE
Author: nion Date: 2008-12-08 09:05:54 +0000 (Mon, 08 Dec 2008) New Revision: 10657 Modified: data/CVE/list Log: CVE-2008-5245 fixed in xine-lib 1.1.14-3 CVE-2008-5028 fixed in nagios3 3.0.6-1 Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-12-07 21:14:11 UTC (rev 10656) +++ data/CVE/list 2008-12-08 09:05:54 UTC (rev 10657) @@ -258,7 +258,7 @@ CVE-2008-5246 (Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow ...) - xine-lib <unfixed> (low; bug #507184; bug #498243) CVE-2008-5245 (xine-lib before 1.1.15 performs V4L video frame preallocation before ...) - TODO: check + - xine-lib 1.1.14-3 (low) CVE-2008-5244 (Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact ...) - xine-lib 1.1.14-3 - faad2 2.6.1-1 @@ -963,7 +963,7 @@ NOTE: the nagios process shouldnt have rights to execute important commands and non-trusted NOTE: users shouldn''t have access to nagios anyway CVE-2008-5028 (Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) ...) - - nagios3 <unfixed> (low; bug #504894) + - nagios3 3.0.6-1 (low; bug #504894) [etch] - nagios2 <no-dsa> (CSRF can only cause DoS and needs admin''s browser) CVE-2008-4917 RESERVED