[Secure-testing-commits] r8912 - in data: . CVE DSA

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Tue May 27 15:52:32 UTC 2008 

Author: jmm-guest
Date: 2008-05-27 15:52:31 +0000 (Tue, 27 May 2008)
New Revision: 8912

Modified:
   data/CVE/list
   data/DSA/list
   data/spu-candidates.txt
Log:
emacs no-dsa
one missing ID for openssh
snort issue doesn't affect etch
sql-ledger issues fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-05-27 15:14:51 UTC (rev 8911)
+++ data/CVE/list	2008-05-27 15:52:31 UTC (rev 8912)
@@ -604,7 +604,9 @@
 CVE-2008-2142 (Emacs 21 and XEmacs automatically load and execute .flc (fast lock) ...)
 	- emacs22 <unfixed> (low; bug #480885)
 	- xemacs21 <unfixed> (low; bug #480886)
+	[etch] - xemacs21 <no-dsa> (Minor issue)
 	- emacs21 <unfixed> (low; bug #480877)
+	[etch] - emacs21 <no-dsa> (Minor issue)
 CVE-2008-2147 (Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 ...)
 	{DTSA-132-1}
 	- vlc 0.8.6.e-2.2 (low; bug #480724)
@@ -1294,9 +1296,11 @@
 	RESERVED
 CVE-2008-1805
 	RESERVED
-CVE-2008-1804
+CVE-2008-1804 [snort bypass through malformed fragmented packets]
 	RESERVED
 	- snort <unfixed> (bug #483160)
+	[etch] - snort <not-affected> (Only 2.6 and 2.8 are affected)
+	NOTE: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=701
 CVE-2008-1803 (Integer signedness error in the xrealloc function (rdesktop.c) in ...)
 	{DSA-1573-1}
 	- rdesktop 1.5.0-4+cvs20071006 (bug #480135)
@@ -1738,7 +1742,7 @@
 CVE-2008-1616
 	RESERVED
 CVE-2008-1615 (Linux kernel 2.6.18, and possibly other versions, when running on ...)
-	- linux-2.6 2.6.25-1 (high; bug #480390)
+	- linux-2.6 2.6.25-1 (medium; bug #480390)
 CVE-2008-1614 (suPHP before 0.6.3 allows local users to gain privileges via (1) a ...)
 	{DSA-1550-1 DTSA-124-1}
 	- suphp 0.6.2-2.1 (low; bug #475431)
@@ -15205,9 +15209,9 @@
 	- iceape 1.1.2-1 (low)
 	- xulrunner 1.8.1.4-1 (low)
 CVE-2007-3073 (Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and ...)
-	- iceweasel <unfixed>
-	- iceape <unfixed>
-	- xulrunner <unfixed>
+	- iceweasel <unfixed> (low)
+	- iceape <unfixed> (low)
+	- xulrunner <unfixed> (low)
 CVE-2007-3072 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on ...)
 	- iceweasel <not-affected> (Only affects Windows versions of Firefox)
 CVE-2007-3071 (Buffer overflow in the GetWebStoreURL function in a certain ActiveX ...)
@@ -18828,11 +18832,11 @@
 CVE-2007-1542 (Unspecified vulnerability in the Cisco IP Phone 7940 and 7960 running ...)
 	NOT-FOR-US: Cisco
 CVE-2007-1541 (Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only ...)
-	- sql-ledger <unfixed> (unimportant; bug #409703)
+	- sql-ledger 2.8.14-1 (unimportant; bug #409703)
 	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
 	NOTE: authenticated HTTP zone and without untrusted users
 CVE-2007-1540 (Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 ...)
-	- sql-ledger <unfixed> (unimportant; bug #409703)
+	- sql-ledger 2.8.14-1 (unimportant; bug #409703)
 	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
 	NOTE: authenticated HTTP zone and without untrusted users
 CVE-2007-1539 (Directory traversal vulnerability in inc/map.func.php in pragmaMX ...)
@@ -19104,11 +19108,11 @@
 CVE-2003-1321 (Buffer overflow in Avant Browser 8.02 allows remote attackers to cause ...)
 	NOT-FOR-US: Avant Browser
 CVE-2007-1437 (Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger ...)
-	- sql-ledger <unfixed> (unimportant; bug #409703)
+	- sql-ledger 2.8.14-1 (unimportant; bug #409703)
 	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
 	NOTE: authenticated HTTP zone and without untrusted users
 CVE-2007-1436 (Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and ...)
-	- sql-ledger <unfixed> (unimportant; bug #409703)
+	- sql-ledger 2.8.14-1 (unimportant; bug #409703)
 	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
 	NOTE: authenticated HTTP zone and without untrusted users
 CVE-2007-1435 (Buffer overflow in D-Link TFTP Server 1.0 allows remote attackers to ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2008-05-27 15:14:51 UTC (rev 8911)
+++ data/DSA/list	2008-05-27 15:52:31 UTC (rev 8912)
@@ -29,8 +29,8 @@
 	{CVE-2008-0167}
 	[etch] - gforge 4.5.14-22etch8
 [14 May 2008] DSA-1576-1 openssh openssh-blacklist - predictable randomness
-	{CVE-2007-4752 CVE-2008-0166 CVE-2008-1483}
-	[etch] - openssh 1:4.3p2-9etch1
+	{CVE-2007-4752 CVE-2008-0166 CVE-2008-1483 CVE-2008-2285}
+	[etch] - openssh 1:4.3p2-9etch2
 [12 May 2008] DSA-1575-1 linux-2.6 - denial of service
 	{CVE-2008-1669}
 	[etch] - linux-2.6 2.6.18.dfsg.1-18etch4

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2008-05-27 15:14:51 UTC (rev 8911)
+++ data/spu-candidates.txt	2008-05-27 15:52:31 UTC (rev 8912)
@@ -55,6 +55,9 @@
 bug #455433, bug #476612
 notified maintainer
 
+emacs21 (CVE-2008-2142)
+bug #480877
+
 --
 
 flac123 (CVE-2007-3507)
@@ -198,6 +201,9 @@
 bug #457764, bug #476613
 notified maintainer
 
+xemacs21 (CVE-2008-2142)
+bug #480877
+
 --
 
 xfce4 (CVE-2007-6351 CVE-2007-6352)

More information about the Secure-testing-commits mailing list