Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 12 Jan 2011 22:48:06 -0600
From: Raphael Geissert <geissert@...ian.org>
To: oss-security@...ts.openwall.com
Subject: CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3

Hi,

Could CVE ids be assigned for the following issues? Thanks in advance.

ftpls: XSS in directory listing
http://bugs.debian.org/607494

xdigger: buffer overflow when parsing CLI arguments
(it is SGID, at least in Debian)
http://bugs.debian.org/609096

lbreakout2: buffer overflow with overly long HOME env var
(it is SGID, at least in Debian)
http://bugs.debian.org/608980

calibre: XSS and file disclosure
http://www.waraxe.us/advisory-77.html
http://bugs.debian.org/608822

typo3: 8 vulnerabilities
http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-022/
http://seclists.org/fulldisclosure/2010/Dec/690
http://bugs.debian.org/607286


There are more issues without ids, will request them later.

Regards,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ