Author: nion
Date: 2009-03-17 14:23:28 +0000 (Tue, 17 Mar 2009)
New Revision: 11429
Modified:
data/CVE/list
Log:
- debian-installer issue non-issue
- new pam issue (CVE-2009-0887)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-03-17 14:14:58 UTC (rev 11428)
+++ data/CVE/list 2009-03-17 14:23:28 UTC (rev 11429)
@@ -45,7 +45,7 @@
CVE-2009-0888
RESERVED
CVE-2009-0887 (Integer signedness error in the _pam_StrTok function in ...)
- TODO: check
+ - pam <unfixed> (low; bug #520115)
CVE-2009-0886 (Directory traversal vulnerability in login.php in OneOrZero
Helpdesk ...)
NOT-FOR-US: OneOrZero Helpdesk
CVE-2009-0885 (Multiple heap-based buffer overflows in Media Commands 1.0
allow ...)
@@ -1097,7 +1097,9 @@
[lenny] - thunar <no-dsa> (Minor issue)
NOTE: CVE needs to be requested
CVE-2009-XXXX [debian-installer: no-root option in expert installer exposes
locally exploitable security flaw]
- - debian-installer <unfixed> (bug #517018; low)
+ - debian-installer <unfixed> (bug #517018; unimportant)
+ NOTE: hardly a security issue, if an attacker has local access to the
machine and you
+ NOTE: don't use encryption or something similar you have lost anyway
NOTE: should a CVE be requested for this problem?
CVE-2009-0753 (Absolute path traversal vulnerability in MLDonkey 2.8.4 through
2.9.7 ...)
{DSA-1739-1}
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
