Author: derevko-guest
Date: 2010-04-03 13:20:56 +0000 (Sat, 03 Apr 2010)
New Revision: 14389
Modified:
data/CVE/list
Log:
CVE-2008-1391: glibc is affected
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-04-03 12:53:25 UTC (rev 14388)
+++ data/CVE/list 2010-04-03 13:20:56 UTC (rev 14389)
@@ -29571,6 +29571,13 @@
CVE-2008-1391 (Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x
and 7.x, ...)
- kfreebsd-6 <not-affected> (see bug #483152)
- kfreebsd-7 <not-affected> (see bug #483152)
+ - glibc <removed> (low)
+ - eglibc 2.11-0exp6 (low)
+ [lenny] - glibc <no-dsa> (minor issue)
+ NOTE: not sure if it is a security bug, an attacker should not be able
to change the format string
+ NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=199eb0de8d
+ NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=10600
+ NOTE: PoC php -r 'money_format("%.1073741821i",1);' I can reproduce on
32bit, not 64bit
CVE-2008-1390 (The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x
before ...)
- asterisk 1:1.4.19.1~dfsg-1 (low)
[etch] - asterisk <not-affected> (Only 1.4.x affected)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
