Author: jmm
Date: 2011-12-23 12:56:35 +0000 (Fri, 23 Dec 2011)
New Revision: 17859
Modified:
data/CVE/list
data/spu-candidates.txt
Log:
rt issue a non-issue
updates on rsyslog
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-12-23 12:38:25 UTC (rev 17858)
+++ data/CVE/list 2011-12-23 12:56:35 UTC (rev 17859)
@@ -5170,7 +5170,9 @@
CVE-2011-3201
RESERVED
CVE-2011-3200 (Stack-based buffer overflow in the parseLegacySyslogMsg
function in ...)
- - rsyslog 5.8.5-1
+ - rsyslog 5.8.5-1 (low)
+ [squeeze] - rsyslog <no-dsa> (Minor issue)
+ [lenny] - rsyslog <no-dsa> (Minor issue)
NOTE: off-by-one/-two limited to 0 or :0
CVE-2011-3199
RESERVED
@@ -11566,8 +11568,9 @@
[squeeze] - request-tracker3.8 3.8.8-7+squeeze1
[lenny] - request-tracker3.6 3.6.7-5+lenny6
CVE-2011-1007 (Best Practical Solutions RT before 3.8.9 does not perform
certain ...)
- - request-tracker3.6 <removed>
- - request-tracker3.8 3.8.10-1
+ - request-tracker3.6 <removed> (unimportant)
+ - request-tracker3.8 3.8.10-1 (unimportant)
+ NOTE: A physically proximate attacker can do far more damage anyway
CVE-2011-1006 (Heap-based buffer overflow in the parse_cgroup_spec function in
...)
{DSA-2193-1}
- libcgroup 0.37.1-1
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2011-12-23 12:38:25 UTC (rev 17858)
+++ data/spu-candidates.txt 2011-12-23 12:56:35 UTC (rev 17859)
@@ -213,7 +213,10 @@
rsyslog (CVE-2011-1488, CVE-2011-1489, CVE-2011-1490)
http://marc.info/?l=oss-security&m=130194141413125&w=2
+CVE-2011-3200
+https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3200
+
--
ruby1.8 (CVE-2011-1004, CVE-2011-1005)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
