[Secure-testing-commits] r8467 - in data: . CVE

Tue, 01 Apr 2008 21:37:42 -0700 

Author: devin-guest
Date: 2008-04-02 04:37:33 +0000 (Wed, 02 Apr 2008)
New Revision: 8467

Modified:
   data/CVE/list
   data/README
Log:
etch not vulnerable to filename buffer overrun.  Expand documentation on
formatting of these lines.


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2008-04-01 22:07:34 UTC (rev 8466)
+++ data/CVE/list       2008-04-02 04:37:33 UTC (rev 8467)
@@ -15589,8 +15589,9 @@
        [etch] - mixmaster 3.0b2-4.etch1
        [sarge] - mixmaster <not-affected> (Code generation in Sarge pads over 
this)
 CVE-2007-XXXX [heap-based buffer overflow in git-blame with long file names]
+       [etch] - git-core <not-affected> (1.4.4.4 tagged 2007-1-8, bug 
introduced 2007-1-30)
        - git-core 1:1.5.1.2-1 (low)
-       NOTE: 
http://git.kernel.org/?p=git/git.git;a=commit;h=1bb88be99e4fdedcd5cc5292c11b566a00028deb
+       NOTE: 
http://git.kernel.org/?p=git/git.git;a=commit;h=1bb88be99e4fdedcd5cc5292c11b566a00028deb,
 
http://git.kernel.org/?p=git/git.git;a=commitdiff;h=1cfe77333f274c9ba9879c2eb61057a790eb050f,
 
http://git.kernel.org/?p=git/git.git;a=tag;h=ae9ced19800491a5d80de5ee36bc07d68868a4dd
 CVE-2007-2138 (Untrusted search path vulnerability in PostgreSQL before 
7.3.19, 7.4.x ...)
        {DSA-1311-1 DSA-1309-1}
        - postgresql-8.2 8.2.4-1

Modified: data/README
===================================================================
--- data/README 2008-04-01 22:07:34 UTC (rev 8466)
+++ data/README 2008-04-02 04:37:33 UTC (rev 8467)
@@ -41,7 +41,9 @@
        use "<not-affected>" as the version. If the problem only affects
        shipped releases, for which the stable security team provides
        security support and the affected package has meanwhile been removed
-       from the archive use "<removed>" as the version.
+       from the archive use "<removed>" as the version.  If the problem
+       affects a particular release, prepend "[release]" before the
+       "- package" to reflect as much.
 
        The notes can be freeform, but some are understood by the tools,
        including "bug #nnnnn", "bug filed", and "high",


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to