Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 24 Jun 2010 12:16:37 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE requests: maradns, freeciv, rbot, gitolite,
 gource, shib, kvirc


On Thu, 10 Jun 2010, Moritz Muehlenhoff wrote:

> Hi,
> Please assign CVE IDs for these issues current present in the Debian
> Security Tracker, but for which no CVE IDs have been assigned so far:
>
> 1. maradns
> http://maradns.org/download/maradns-1.4.02-parse_segfault.patch
> Fixed in 1.4.03

Use CVE-2010-2444

> 2. freeciv
> http://gna.org/bugs/?15624
> Fixed in 2.2.1 and 2.3.0

Use CVE-2010-2445

> 3. rbot (http://ruby-rbot.org/)
> http://www.securityfocus.com/archive/1/509719/30/0/threaded

Use CVE-2010-2446

> 4. gitolite
> http://secunia.com/advisories/39587/
> http://github.com/sitaramc/gitolite/commit/1e06fea3b6959faeb72d8dca46cd4753ada48637
> http://github.com/sitaramc/gitolite/commit/5fd9328c1cd1e7c576b6530b3253061c68b159aa

These two appear to be about "not filtering src/ or hooks/ from pathnames"

Use CVE-2010-2447
> http://github.com/sitaramc/gitolite/commit/5deffee3cff5f9a13c59b8c1e357c5a32487d1c3

This is OS command injection

Use CVE-2010-2448

> 5. gource
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577958

Use CVE-2010-2449

> 6. Shibboleth:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=571631

Use CVE-2010-2450

> 7. kvirc
> http://lists.omnikron.net/pipermail/kvirc/2010-May/000867.html

format strings - CVE-2010-2451

directory traversal - CVE-2010-2452


All will be filled in later.

- Steve

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ