Bug#632923: [oss-security] CVE request: perf: may parse user-controlled config file

- Original Message - > This was reported by Christian Ohm at: > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632923 > > The perf command, provided as part of the Linux kernel source, looks > for and honors configuration settings in ./config. A local user could > obtain elevated privi

Bug#629511: [oss-security] CVE Request -- Data-FormValidator -- Reports invalid field as valid when untaint_all_constraints used

- Original Message - > Hello, Josh, Steve, vendors, > > It was found that perl-Data-FormValidator, a HTML form user input > validator, used to treat certain invalid fields as valid, when the > untaint_all_constraints directive was used (default for majority of > Data-FormValidator routin

Bug#629938: [oss-security] CVE Request -- dbus -- Local DoS via messages with non-native byte order

- Original Message - > Hello, Josh, Steve, vendors, > > It was found that D-BUS message bus service / messaging facility did > not update the byte-order flag of the message properly by swapping the > byte order of incoming messages into their native endiannes. A local, > authenticated us

Bug#626281: [oss-security] CVE request: keepalived pid file permissions issue

Please use CVE-2011-1784 for this. Thanks. -- JB - Original Message - > Hey, > > it was reported that keepalived (and some other daemons) store their > pid > file with permission 666. A bug was opened for keepalived in Debian, > could a CVE be assigned to the issue? > > Bug text w

Bug#583435: [oss-security] CVE Request -- rpcbind -- Insecure (predictable) temporary file use

Please use CVE-2010-2061 for this. Thanks. -- JB - "Jan Lieskovsky" wrote: > Hi Steve, vendors, > >Guillem Jover pointed out: >[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583435#5 > > a deficiency in the way rpcbind gathered / saved registrations from / > to > dump