Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 28 Nov 2008 15:58:48 +0100
From: Jan Lieskovsky <>
To: "Steven M. Christey" <>
Subject: CVE Request - cups, dovecot-managesieve, perl,

Hello Steve,

  could you please allocate a new CVE ids for the following


cups  -- buffer overflow in the PNG image read
      -- incomplete fix for CVE-2008-1722 (
      -- advisory:
      -- patch:
      -- affects: cups-1.1.17 <= x <= cups-1.3.9
      -- references:
            (Part "- SECURITY:")


dovecot-managesieve -- virtual users can edit sieve scripts of other 
                       virtual users of the same uid
                    -- advisory:
                    -- affects: all versions of dovecot-managesieve till  dovecot-1.2-managesieve-0.11.0
                    -- references:


perl -- perl-File-Path rmtree race condition (CVE-2005-0448 was assigned to address this)
     -- from below posted proposed fix: "This vulnerability was fixed in 5.8.4-7 but re-introduced in 5.8.8-1.
                                         It's also present in File::Path 2.xx, up to and including 2.07 which
                                         has only a partial fix."
     -- affects all upstream 5.8.8-1 based perl releases (have checked perl-5.8.8-1+ is reaffected, perl-5.8.10 already contains the fix)
     -- needs a new CVE id
     -- references:


wireshark -- DoS (infinite loop) in SMTP dissector via large SMTP request
          -- affects: All versions of Wireshark <= 1.0.4
          -- references:

         -- upstream patches:


Thanks!, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.