Secure testing commits - Jan 2009 - r11084 - data/CVE

Author: jmm-guest
Date: 2009-01-28 21:26:42 +0000 (Wed, 28 Jan 2009)
New Revision: 11084

Modified:
   data/CVE/list
Log:
four python path issues fixed


Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-01-28 21:21:45 UTC (rev 11083)
+++ data/CVE/list	2009-01-28 21:26:42 UTC (rev 11084)
@@ -34,7 +34,6 @@
 	TODO: check
 CVE-2009-0300
 	REJECTED
-	TODO: check
 CVE-2009-0299 (SQL injection vulnerability in index.php in Groone GLinks 2.1
allows ...)
 	TODO: check
 CVE-2009-0298 (Heap-based buffer overflow in MW6 Technologies Barcode ActiveX
control ...)
@@ -76,13 +75,18 @@
 CVE-2009-0279 (SQL injection vulnerability in comentar.php in Pardal CMS 0.2.0
and ...)
 	TODO: check
 CVE-2008-5987 (Untrusted search path vulnerability in the Python interface in
eog ...)
-	TODO: check
+	- eog 2.22.3-2 (bug #504352; low)
+	[etch] - eog <not-affected> (Vulnerable code not present)
 CVE-2008-5986 (Untrusted search path vulnerability in the (1) &quot;VST
plugin with Python ...)
-	TODO: check
+	- csound 5.08.2~dfsg-1.1 (bug #504359; low)
+	[lenny] - csound 1:5.08.0.dfsg2-8+lenny2 (bug #504359; low)
+	[etch] - csound <not-affected> (Vulnerable code not present)
 CVE-2008-5985 (Untrusted search path vulnerability in the Python interface in
...)
-	TODO: check
+	- epiphany-browser 2.22.3-7 (bug #504363; low)
+	[etch] - epiphany-browser <no-dsa> (Minor issue, only vulnerable when
called from certain dir)
 CVE-2008-5984 (Untrusted search path vulnerability in the Python plugin in Dia
...)
-	TODO: check
+	- dia 0.96.1-7.1 (low; bug #504251)
+	[etch] - dia <no-dsa> (Minor issue, only vulnerable when called from
certain dir)
 CVE-2008-5983 (Untrusted search path vulnerability in the PySys_SetArgv API
function ...)
 	TODO: check
 CVE-2008-5982 (Format string vulnerability in BMC PATROL Agent before 3.7.30
allows ...)
@@ -3491,24 +3495,11 @@
 	- ktorrent 3.1.4+dfsg.1-1
 	[etch] - ktorrent <not-affected> (Doesn''t include the web
interface)
 	NOTE: CVE requested
-CVE-2008-XXXX [epiphany-browser: Python scripts load modules from current
directory]
-	- epiphany-browser 2.22.3-7 (bug #504363; low)
-	[etch] - epiphany-browser <no-dsa> (Minor issue, only vulnerable when
called from certain dir)
-CVE-2008-XXXX [csound: Python scripts load modules from current directory]
-	- csound 5.08.2~dfsg-1.1 (bug #504359; low)
-	[lenny] - csound 1:5.08.0.dfsg2-8+lenny2 (bug #504359; low)
-	[etch] - csound <not-affected> (Vulnerable code not present)
-CVE-2008-XXXX [eog: Python scripts load modules from current directory]
-	- eog 2.22.3-2 (bug #504352; low)
-	[etch] - eog <not-affected> (Vulnerable code not present)
 CVE-2008-5076 (htop 0.7 writes process names to a terminal without sanitizing
...)
 	- htop <unfixed> (unimportant; bug #504144)
 	NOTE: That scenario is too constructed to call it a security issue, especially
 	NOTE: given that the standard top will display the maliciously hidden
processes
 	NOTE: just fine. 
-CVE-2008-XXXX [dia: Python scripts load modules from current directory]
-	- dia 0.96.1-7.1 (low; bug #504251)
-	[etch] - dia <no-dsa> (Minor issue, only vulnerable when called from
certain dir)
 CVE-2008-5256 (The AcquireDaemonLock function in ipcdUnix.cpp in Sun Innotek
...)
 	- virtualbox-ose 1.6.6-dfsg-3 (low; bug #504149)
 CVE-2008-4801 (Heap-based buffer overflow in the Data Protection for SQL CAD
service ...)