white at alioth.debian.org
2008-Dec-22 20:23 UTC
[Secure-testing-commits] r10778 - data/CVE
Author: white Date: 2008-12-22 20:23:50 +0000 (Mon, 22 Dec 2008) New Revision: 10778 Modified: data/CVE/list Log: muttprint/ppp temp file issues, one non-issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-12-22 17:20:46 UTC (rev 10777) +++ data/CVE/list 2008-12-22 20:23:50 UTC (rev 10778) @@ -756,11 +756,13 @@ NOTE: script if it is used to debug with strace and a missing check for mkstemp failing NOTE: but these situations are really corner cases CVE-2008-5368 (muttprint in muttprint 0.72d allows local users to overwrite arbitrary ...) - TODO: check + - muttprint <unfixed> (low; bug #509487) + [etch] - muttprint <no-dsa> (Minor issue) CVE-2008-5367 (ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to ...) - TODO: check + - ppp <unfixed> (unimportant) + NOTE: insecure temp file handling in udeb is not an issue, since it is during the installation CVE-2008-5366 (The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local ...) - TODO: check + - ppp <unfixed> (low; bug #509488) CVE-2008-5365 (SQL injection vulnerability in VoteHistory.asp in ActiveWebSoftwares ...) NOT-FOR-US: ActiveWebSoftwares CVE-2008-5364 (Stack-based buffer overflow in the getPlus ActiveX control in gp.ocx ...)