[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE requests: maradns, freeciv, rbot, gitolite,
From:       "Steven M. Christey" <coley () linus ! mitre ! org>
Date:       2010-06-24 16:16:37
Message-ID: Pine.GSO.4.64.1006241208380.19279 () faron ! mitre ! org
[Download RAW message or body]


On Thu, 10 Jun 2010, Moritz Muehlenhoff wrote:

> Hi,
> Please assign CVE IDs for these issues current present in the Debian
> Security Tracker, but for which no CVE IDs have been assigned so far:
>
> 1. maradns
> http://maradns.org/download/maradns-1.4.02-parse_segfault.patch
> Fixed in 1.4.03

Use CVE-2010-2444

> 2. freeciv
> http://gna.org/bugs/?15624
> Fixed in 2.2.1 and 2.3.0

Use CVE-2010-2445

> 3. rbot (http://ruby-rbot.org/)
> http://www.securityfocus.com/archive/1/509719/30/0/threaded

Use CVE-2010-2446

> 4. gitolite
> http://secunia.com/advisories/39587/
> http://github.com/sitaramc/gitolite/commit/1e06fea3b6959faeb72d8dca46cd4753ada48637
> http://github.com/sitaramc/gitolite/commit/5fd9328c1cd1e7c576b6530b3253061c68b159aa

These two appear to be about "not filtering src/ or hooks/ from pathnames"

Use CVE-2010-2447
> http://github.com/sitaramc/gitolite/commit/5deffee3cff5f9a13c59b8c1e357c5a32487d1c3

This is OS command injection

Use CVE-2010-2448

> 5. gource
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577958

Use CVE-2010-2449

> 6. Shibboleth:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=571631

Use CVE-2010-2450

> 7. kvirc
> http://lists.omnikron.net/pipermail/kvirc/2010-May/000867.html

format strings - CVE-2010-2451

directory traversal - CVE-2010-2452


All will be filled in later.

- Steve
[prev in list] [next in list] [prev in thread] [next in thread]