[Secure-testing-commits] r10466 - in data: . CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Sun Nov 23 20:17:24 UTC 2008 

Author: jmm-guest
Date: 2008-11-23 20:17:23 +0000 (Sun, 23 Nov 2008)
New Revision: 10466

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
hplip no-dsa



Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-11-23 18:07:13 UTC (rev 10465)
+++ data/CVE/list	2008-11-23 20:17:23 UTC (rev 10466)
@@ -2,7 +2,7 @@
 	- shadow 1:4.1.1-6 (bug #505271)
 	TODO: check version in etch
 CVE-2008-XXXX [verlihub remote command execution and the possibility of attack with the help of symlinks]
-	- verlihub <unfixed> (medium; bug #506530)
+	- verlihub <unfixed> (low; bug #506530)
 	TODO: further investigation on this package is needed
 	NOTE: see http://asdfasdf.ethz.ch/~tar/lina/rats/verlihub.rats
 CVE-2008-XXXX [Quassel CTCP Handling Arbitrary Message Manipulation Vulnerability]
@@ -5310,13 +5310,13 @@
 CVE-2008-2943 (Double free vulnerability in IBM Tivoli Directory Server (TDS) 6.1.0.0 ...)
 	NOT-FOR-US: IBM Tivoli Directory Server
 CVE-2008-2941 (The hpssd message parser in hpssd.py in HP Linux Imaging and Printing ...)
-	- hplip 2.8.6-1 (bug #499842)
+	- hplip 2.8.6-1 (low; bug #499842)
+        [etch] - hplip <no-dsa> (Minor issue)
 	NOTE: Does not affect current version in lenny, marking as fixed in current upstream release
-	NOTE: Etch is vulnerable.
 CVE-2008-2940 (The alert-mailing implementation in HP Linux Imaging and Printing ...)
-	- hplip 2.8.6-1 (bug #499842)
+	- hplip 2.8.6-1 (low; bug #499842)
+        [etch] - hplip <no-dsa> (Minor issue)
 	NOTE: Does not affect current version in lenny, marking as fixed in current upstream release
-	NOTE: Etch is vulnerable.
 CVE-2008-2939 (Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the ...)
 	- apache2 2.2.9-7 (low)
 	[etch] - apache2 2.2.3-4+etch6

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2008-11-23 18:07:13 UTC (rev 10465)
+++ data/spu-candidates.txt	2008-11-23 20:17:23 UTC (rev 10466)
@@ -192,6 +192,11 @@
 
 --
 
+hplip (CVE-2008-2940/CVE-2008-2941)
+#499842
+
+--
+
 ipsec-tools (CVE-2008-3651)
 http://sourceforge.net/mailarchive/forum.php?thread_name=48a0c7a0.qPeWZAE0PY8bDDq%2B%25olel%40ans.pl&forum_name=ipsec-tools-devel
 notified maintainer

More information about the Secure-testing-commits mailing list