oss-sec mailing list archives
Re: CVE requests: maradns, freeciv, rbot, gitolite, gource, shib, kvirc
From: "Steven M. Christey" <coley () linus mitre org>
Date: Thu, 24 Jun 2010 12:16:37 -0400 (EDT)
On Thu, 10 Jun 2010, Moritz Muehlenhoff wrote:
Hi, Please assign CVE IDs for these issues current present in the Debian Security Tracker, but for which no CVE IDs have been assigned so far: 1. maradns http://maradns.org/download/maradns-1.4.02-parse_segfault.patch Fixed in 1.4.03
Use CVE-2010-2444
2. freeciv http://gna.org/bugs/?15624 Fixed in 2.2.1 and 2.3.0
Use CVE-2010-2445
3. rbot (http://ruby-rbot.org/) http://www.securityfocus.com/archive/1/509719/30/0/threaded
Use CVE-2010-2446
4. gitolite http://secunia.com/advisories/39587/ http://github.com/sitaramc/gitolite/commit/1e06fea3b6959faeb72d8dca46cd4753ada48637 http://github.com/sitaramc/gitolite/commit/5fd9328c1cd1e7c576b6530b3253061c68b159aa
These two appear to be about "not filtering src/ or hooks/ from pathnames" Use CVE-2010-2447
http://github.com/sitaramc/gitolite/commit/5deffee3cff5f9a13c59b8c1e357c5a32487d1c3
This is OS command injection Use CVE-2010-2448
5. gource http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577958
Use CVE-2010-2449
6. Shibboleth: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=571631
Use CVE-2010-2450
7. kvirc http://lists.omnikron.net/pipermail/kvirc/2010-May/000867.html
format strings - CVE-2010-2451 directory traversal - CVE-2010-2452 All will be filled in later. - Steve
Current thread:
- CVE requests: maradns, freeciv, rbot, gitolite, gource, shib, kvirc Moritz Muehlenhoff (Jun 09)
- Re: CVE requests: maradns, freeciv, rbot, gitolite, gource, shib, kvirc Josh Bressers (Jun 11)
- Re: CVE requests: maradns, freeciv, rbot, gitolite, gource, shib, kvirc Marcus Meissner (Jun 24)
- Re: CVE requests: maradns, freeciv, rbot, gitolite, gource, shib, kvirc Steven M. Christey (Jun 24)
- Re: CVE requests: maradns, freeciv, rbot, gitolite, gource, shib, kvirc Josh Bressers (Jun 11)