[Secure-testing-commits] r10586 - in data: . CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Tue Dec 2 22:49:00 UTC 2008 

Author: jmm-guest
Date: 2008-12-02 22:49:00 +0000 (Tue, 02 Dec 2008)
New Revision: 10586

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
dnspython no-dsa
one kernel issue fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-12-02 22:08:02 UTC (rev 10585)
+++ data/CVE/list	2008-12-02 22:49:00 UTC (rev 10586)
@@ -49,6 +49,7 @@
 CVE-2008-5283 (Google Hack Honeypot (GHH) File Upload Manager 1.3 allows remote ...)
 	NOT-FOR-US: File Upload Manager
 CVE-2008-5282 (Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 ...)
+	NOTE: neither in Etch nor Lenny, removal has been proposed
 	- amaya <unfixed> (bug #507587)
 CVE-2008-5281 (Heap-based buffer overflow in Titan FTP Server 6.05 build 550 allows ...)
 	NOT-FOR-US: Titan FTP Server
@@ -4292,7 +4293,7 @@
 	{DSA-1654-1}
 	- libxml2 2.6.32.dfsg-4 (bug #498768)
 CVE-2008-3528 (The error-reporting functionality in (1) fs/ext2/dir.c, (2) ...)
-	- linux-2.6 <unfixed> (unimportant)
+	- linux-2.6 2.6.26-11 (unimportant)
 	- linux-2.6.24 <unfixed> (unimportant)
 	NOTE: cdbf6dba28e8e6268c8420857696309470009fd9 (ext3)
 	NOTE: bd39597cbd42a784105a04010100e27267481c67 (ext2)
@@ -9122,7 +9123,9 @@
 	- pdnsd 1.2.6-par-11 (bug #502275)
 	- python-dns 2.3.1-5 (low; bug #490217)
 	- dnspython <unfixed> (low; bug #492465)
+	[etch] - dnspython <no-dsa> (Just a stub resolver, 2.6.24 kernel from 4.0r4 provides source port randomisation)
 	[lenny] - dnspython <no-dsa> (Just a stub resolver, Linux kernel provides source port randomisation)
+	NOTE: Upstream is planning to add its own randomisation
 	- adns 1.4-2 (unimportant; bug #492698)
 	NOTE: adns is not suitable to use with untrusted responses, documented in README.Debian
 	- udns <unfixed> (bug #493599)

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2008-12-02 22:08:02 UTC (rev 10585)
+++ data/spu-candidates.txt	2008-12-02 22:49:00 UTC (rev 10586)
@@ -115,6 +115,11 @@
 
 --
 
+ed (CVE-2008-3916)
+Fix from 0.7-2
+
+--
+
 emacs21 (CVE-2007-6109/CVE-2008-1694)
 bug #455433, bug #476612
 notified maintainer

More information about the Secure-testing-commits mailing list