Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 28 Nov 2008 15:58:48 +0100
From: Jan Lieskovsky <>
To: "Steven M. Christey" <>
Subject: CVE Request - cups, dovecot-managesieve, perl,

Hello Steve,

  could you please allocate a new CVE ids for the following


cups  -- buffer overflow in the PNG image read
      -- incomplete fix for CVE-2008-1722 (
      -- advisory:
      -- patch:
      -- affects: cups-1.1.17 <= x <= cups-1.3.9
      -- references:
            (Part "- SECURITY:")


dovecot-managesieve -- virtual users can edit sieve scripts of other 
                       virtual users of the same uid
                    -- advisory:
                    -- affects: all versions of dovecot-managesieve till  dovecot-1.2-managesieve-0.11.0
                    -- references:


perl -- perl-File-Path rmtree race condition (CVE-2005-0448 was assigned to address this)
     -- from below posted proposed fix: "This vulnerability was fixed in 5.8.4-7 but re-introduced in 5.8.8-1.
                                         It's also present in File::Path 2.xx, up to and including 2.07 which
                                         has only a partial fix."
     -- affects all upstream 5.8.8-1 based perl releases (have checked perl-5.8.8-1+ is reaffected, perl-5.8.10 already contains the fix)
     -- needs a new CVE id
     -- references:


wireshark -- DoS (infinite loop) in SMTP dissector via large SMTP request
          -- affects: All versions of Wireshark <= 1.0.4
          -- references:

         -- upstream patches:


Thanks!, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ