thijs at alioth.debian.org
2008-Mar-06 18:53 UTC
[Secure-testing-commits] r8282 - data/CVE
Author: thijs Date: 2008-03-06 18:53:09 +0000 (Thu, 06 Mar 2008) New Revision: 8282 Modified: data/CVE/list Log: ruby issue can be exploited when used on e.g. ntfs mounted volumes, which seems like a corner case Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-03-06 13:49:15 UTC (rev 8281) +++ data/CVE/list 2008-03-06 18:53:09 UTC (rev 8282) @@ -1,6 +1,9 @@ CVE-2008-XXXX [File access vulnerability of WEBrick] - - ruby1.8 <not-affected> (bug #469475, Windows/Apple only) - - ruby1.9 <not-affected> (bug #469482, Windows/Apple only) + - ruby1.8 1.8.6.114-1 (low; bug #469475) + - ruby1.9 <unfixed> (low; bug #469482) + [sarge] - ruby1.8 <no-dsa> (case insensitive FS, corner case) + [etch] - ruby1.8 <no-dsa> (case insensitive FS, corner case) + [etch] - ruby1.9 <no-dsa> (case insensitive FS, corner case) NOTE: http://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/ CVE-2008-XXXX [file disclosure in dovecot] - dovecot <unfixed> (medium; bug #469457)
Nico Golde
2008-Mar-06 19:08 UTC
[Secure-testing-team] [Secure-testing-commits] r8282 - data/CVE
Hi, * thijs at alioth.debian.org <thijs at alioth.debian.org> [2008-03-06 20:04]:> Author: thijs > Date: 2008-03-06 18:53:09 +0000 (Thu, 06 Mar 2008) > New Revision: 8282 > > Modified: > data/CVE/list > Log: > ruby issue can be exploited when used on e.g. ntfs mounted > volumes, which seems like a corner case[...] Isn''t this a corner case (if it is, I doubt someone really uses such a setup) enough to mark it as unimportant? kind regards Nico -- Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20080306/7608c85d/attachment.pgp
Thijs Kinkhorst
2008-Mar-06 20:16 UTC
[Secure-testing-team] [Secure-testing-commits] r8282 - data/CVE
On Thursday 6 March 2008 20:08, Nico Golde wrote:> Isn''t this a corner case (if it is, I doubt someone really > uses such a setup) enough to mark it as unimportant?Yes, one could say that as well. Feel free to change it. Thijs