gilbert-guest at alioth.debian.org
2009-Feb-25 06:16 UTC
[Secure-testing-commits] r11262 - data/CVE
Author: gilbert-guest Date: 2009-02-25 06:16:44 +0000 (Wed, 25 Feb 2009) New Revision: 11262 Modified: data/CVE/list Log: set imlib2 severity to high since problem has unknown impact and a high nvd severity Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-02-25 06:09:12 UTC (rev 11261) +++ data/CVE/list 2009-02-25 06:16:44 UTC (rev 11262) @@ -744,7 +744,7 @@ CVE-2008-6080 (Directory traversal vulnerability in download.php in the ionFiles ...) NOT-FOR-US: Joomla CVE-2008-6079 (Multiple unspecified vulnerabilities in imlib2 before 1.4.2 have ...) - - imlib2 1.4.2-1 + - imlib2 1.4.2-1 (high) NOTE: poked upstream for more details CVE-2008-6078 (SQL injection vulnerability in open.php in the Private Messaging ...) NOT-FOR-US: Limbo CMS
Hi Michael> Modified: > data/CVE/list > Log: > set imlib2 severity to high since problem has unknown impact and a high nvd > severityYou shouldn''t trust the severity levels of all the various securiy webpages. We need to verify this by ourselves. Also I contacted upstream about the imlib issue and he said he''s not actively tracking security issues, but fixing them when they arrive. So someone needs to go through the upstream VCS to check for security issues and then access them. By the way, if you are not sure about the severity, then just leave it open. I do that a lot of times, especially with these vague descriptions. Please adjust the imlib2 severity (or as said remove it :) ). Cheers Steffen -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. Url : http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20090225/fa67990d/attachment.pgp