[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE requests: maradns, freeciv, rbot, gitolite,
From: "Steven M. Christey" <coley () linus ! mitre ! org>
Date: 2010-06-24 16:16:37
Message-ID: Pine.GSO.4.64.1006241208380.19279 () faron ! mitre ! org
[Download RAW message or body]
On Thu, 10 Jun 2010, Moritz Muehlenhoff wrote:
> Hi,
> Please assign CVE IDs for these issues current present in the Debian
> Security Tracker, but for which no CVE IDs have been assigned so far:
>
> 1. maradns
> http://maradns.org/download/maradns-1.4.02-parse_segfault.patch
> Fixed in 1.4.03
Use CVE-2010-2444
> 2. freeciv
> http://gna.org/bugs/?15624
> Fixed in 2.2.1 and 2.3.0
Use CVE-2010-2445
> 3. rbot (http://ruby-rbot.org/)
> http://www.securityfocus.com/archive/1/509719/30/0/threaded
Use CVE-2010-2446
> 4. gitolite
> http://secunia.com/advisories/39587/
> http://github.com/sitaramc/gitolite/commit/1e06fea3b6959faeb72d8dca46cd4753ada48637
> http://github.com/sitaramc/gitolite/commit/5fd9328c1cd1e7c576b6530b3253061c68b159aa
These two appear to be about "not filtering src/ or hooks/ from pathnames"
Use CVE-2010-2447
> http://github.com/sitaramc/gitolite/commit/5deffee3cff5f9a13c59b8c1e357c5a32487d1c3
This is OS command injection
Use CVE-2010-2448
> 5. gource
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577958
Use CVE-2010-2449
> 6. Shibboleth:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=571631
Use CVE-2010-2450
> 7. kvirc
> http://lists.omnikron.net/pipermail/kvirc/2010-May/000867.html
format strings - CVE-2010-2451
directory traversal - CVE-2010-2452
All will be filled in later.
- Steve
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic