[Secure-testing-commits] r8526 - in data: . CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Mon Apr 14 17:01:01 UTC 2008
Author: jmm-guest
Date: 2008-04-14 17:01:00 +0000 (Mon, 14 Apr 2008)
New Revision: 8526
Modified:
data/CVE/list
data/spu-candidates.txt
Log:
- bzip2 and paramiko no-dsa
- two new python issues
- mediawiki/etch not affected twice
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-04-13 13:22:26 UTC (rev 8525)
+++ data/CVE/list 2008-04-14 17:01:00 UTC (rev 8526)
@@ -1,3 +1,9 @@
+CVE-2008-XXXX [Incorrect input validation in PyString_FromStringAndSize()]
+ - python2.5 <unfixed>
+ TODO: python2.4 needs to be checked
+CVE-2008-XXXX [bufferoverflow in python zlib module]
+ - python2.4 <unfixed>
+ - python2.5 <unfixed>
CVE-2008-XXXX [tss not properly dropping privileges]
- tss <unfixed> (medium; bug #475747; bug #475736)
TODO: request CVE ids
@@ -32,6 +38,7 @@
RESERVED
CVE-2008-1692 (Eterm 0.9.4 opens an xterm on :0 if -display is not specified and the ...)
- eterm <unfixed> (bug #473127)
+ TODO: Let's make sure it gets still fixed for Lenny
CVE-2008-1691 (Unspecified vulnerability in SLMail.exe in SLMail Pro 6.3.1.0 and ...)
NOT-FOR-US: SLMail Pro
CVE-2008-1690 (WebContainer.exe 1.0.0.336 and earlier in SLMail Pro 6.3.1.0 and ...)
@@ -728,7 +735,8 @@
{DTSA-122-1}
- cupsys 1.3.7-1 (medium)
CVE-2008-1372 (bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to ...)
- - bzip2 1.0.5-0.1 (bug #471670)
+ - bzip2 1.0.5-0.1 (low; bug #471670)
+ [etch] - bzip2 <no-dsa> (Pure crasher, no code injection, mostly a regular bug)
CVE-2008-1371 (Absolute path traversal vulnerability in install/index.php in Drake ...)
NOT-FOR-US: Drake CMS
CVE-2008-1370 (PHP remote file inclusion vulnerability in index.php in wildmary Yap ...)
@@ -918,7 +926,9 @@
RESERVED
- linux-2.6 <unfixed> (bug #419706)
CVE-2008-1318 (Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows ...)
- - mediawiki 1:1.11.2-1 (low)
+ - mediawiki 1:1.11.2-1
+ [etch] - mediawiki <not-affected> (Versions prior to 1.11 do not include callback feature)
+ NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-March/000070.html
CVE-2008-1288 (IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 might allow local or ...)
NOT-FOR-US: IBM Rational ClearQuest
CVE-2008-1287 (IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 generates different error ...)
@@ -1516,7 +1526,6 @@
- lighttpd 1.4.18-4 (low; bug #469307)
CVE-2008-1142 (rxvt 2.6.4 opens an xterm on :0 if the DISPLAY environment variable is ...)
- rxvt 1:2.6.4-13 (unimportant; bug #469296)
- - eterm <unfixed> (unimportant; bug #473127)
TODO: Let's make sure it gets still fixed for Lenny
CVE-2008-1055 (Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 ...)
NOT-FOR-US: SurgeMail
@@ -2827,6 +2836,7 @@
NOT-FOR-US: PHP-Nuke
CVE-2008-0460 (Cross-site scripting (XSS) vulnerability in api.php in (1) MediaWiki ...)
- mediawiki 1:1.11.1-1 (low)
+ [etch] - mediawiki <not-affected> (Doesn't include API functionality)
CVE-2008-0459 (Directory traversal vulnerability in update/index.php in Liquid-Silver ...)
NOT-FOR-US: Liquit-Silver CMS
CVE-2008-0458 (Directory traversal vulnerability in function/sources.php in SLAED CMS ...)
@@ -3377,6 +3387,7 @@
NOTE: Dupe of CVE-2008-0225
CVE-2008-0299 (common.py in Paramiko 1.7.1 and earlier, when using threads or forked ...)
- paramiko 1.6.4-1.1 (low; bug #460706)
+ [etch] - paramiko <no-dsa> (Minor issue)
NOTE: http://www.lag.net/pipermail/paramiko/2008-January/000599.html
CVE-2008-0237 (The Microsoft Rich Textbox ActiveX Control (RICHTX32.OCX) 6.1.97.82 ...)
NOT-FOR-US: Microsoft Rich Textbox ActiveX Control
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2008-04-13 13:22:26 UTC (rev 8525)
+++ data/spu-candidates.txt 2008-04-14 17:01:00 UTC (rev 8526)
@@ -33,6 +33,12 @@
--
+bzip2 (CVE-2008-1372)
+#471670
+Maintainer has been notified
+
+--
+
comix (CVE-2008-1568)
#462840
notified maintainer
@@ -101,6 +107,11 @@
--
+paramiko (CVE-2008-0299)
+#460706
+
+--
+
proftpd-dfsg, proftpd (CVE-2007-2165)
update in progress
More information about the Secure-testing-commits
mailing list