Bug#523027: [oss-security] incorrect upstream fix for CVE-2009-0840 (mapserver)

On Mon, 22 Jun 2009, Nico Golde wrote: > I'm not sure if this should get a new CVE id but the versions in the CVE id > description should be adjusted and the upstream patch revised. This looks like even though there was a source code modification, the previous issue was not fixed at all. That i

Bug#498243: [oss-security] xine-lib and ocert-2008-008

On Sat, 22 Nov 2008, Thomas Viehmann wrote: > I am not quite sure whether I can agree with Will Drewry's analysis[1] > accompanying ocert advisory 2008-008[1]. Looking at item 1A, which Will > says is fixed in 1.1.5, attached .mov seems to fit the case description > and will still corrupt the mem

Bug#479039: CVE-2008-1959: Potential security problems

On Fri, 2 May 2008, Nico Golde wrote: > BTW: the same issue affects get_remote_ip_media() and > get_remote_ipv6_media(), both unfixed in latest upstream > release (3.1) and the version in Debian This sounds like a different issue than CVE-2008-1959, which was already addressed upstream apparentl

Bug#378353: mantis: some more vulnerabilities

On Wed, 19 Jul 2006, Moritz Muehlenhoff wrote: > Let's forward this to the relevant person at MITRE. Steven, could you > please check, whether this might be a duplicate? Looks like a partial duplicate. CVE-2005-3337 lists two items, and the second one appears to be a dupe of CVE-2005-2557 based

Bug#375694: Status of last two, not yet DSA'd, MySQL security bugs

Speaking of MySQL, the following item recently showed up in an FrSIRT advisory. In light of last week's vendor-sec discussions, let me know if there's too much guesswork going on here :) - Steve == Name: CVE-2006-3486 Status: Candidate URL: ht

Bug#375694: Status of last two, not yet DSA'd, MySQL security bugs

On Sun, 9 Jul 2006, Moritz Muehlenhoff wrote: > > On 2006-07-04 Christian Hammers wrote: > > > It's time for a new MySQL DSA :) On > > > http://www.lathspell.de/linux/debian/mysql/sarge-4.1 > > > you find *sarge5.deb pacakges that fix the following two vulnerabilities: > > > > > >* Fixed Do

Bug#346197: different CVE for wine SETABORTPROC WMF issue

All, I have assigned CVE-2006-0106 for the WMF issue in Wine. This is a separate candidate than CVE-2005-4560. This could justifiably be argued as a design problem in WMF itself, but lately CVE has been splitting these issues - the rationale being "if it's a design error then each implementatio

Bug#344424: rssh: local privilege escalation in versions < 2.3.0 (CVE-2005-3345)

Note that there is a duplicate CVE that has been partially published, based on the Gentoo and rssh advisories, which did not reference CVE-2005-3345. I have removed that duplicate, so continue to use CVE-2005-3345. (the duplicate was CVE-2005-4531) - Steve -- To UNSUBSCRIBE, email to [EMAIL