[Secure-testing-commits] r10546 - in data: . CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Sun Nov 30 00:21:55 UTC 2008 

Author: jmm-guest
Date: 2008-11-30 00:21:54 +0000 (Sun, 30 Nov 2008)
New Revision: 10546

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
some no-dsas
two typo3 issues don't affect etch


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-11-29 23:46:37 UTC (rev 10545)
+++ data/CVE/list	2008-11-30 00:21:54 UTC (rev 10546)
@@ -277,10 +277,11 @@
 	- libpam-mount 1.2+gitaa4791f-1 (low)
 	[lenny] - libpam-mount 0.44-1+lenny2
 CVE-2008-5137 (tkman in tkman 2.2 allows local users to overwrite arbitrary files via ...)
-	- tkman <unfixed> (bug #506496)
+	- tkman <unfixed> (low; bug #506496)
+        [etch] - tkman <no-dsa> (Minor issue)
 CVE-2008-5136 (tkusr in tkusr 0.82 allows local users to overwrite arbitrary files ...)
-	[etch] - tkusr <unfixed>
-	- tkusr <removed>
+	[etch] - tkusr <no-dsa> (Minor issue)
+	- tkusr <removed> (low)
 CVE-2008-5135 (** DISPUTED ** ...)
 	- os-prober <unfixed> (unimportant)
 CVE-2008-5134 (Buffer overflow in the lbs_process_bss function in ...)
@@ -490,8 +491,10 @@
 	NOTE: this is SA32658
 CVE-2008-XXXX [typo3: XSS vulnerability in Typo3 backendmodul "fileadmin"]
 	- typo3-src 4.2.3-1 (bug #505324)
+        [etch] - typo3-src <not-affected> (Only Typo3 4.2.2 is affected)
 CVE-2008-XXXX [typo3: XSS vulnerability in Typo3 sysext "felogin"]
 	- typo3-src 4.2.3-1 (bug #505325)
+        [etch] - typo3-src <not-affected> (Typo3 versions below 4.2.x are not affected)
 CVE-2008-XXXX [typo3: passwords are not changeable bug in the backend]
 	- typo3-src 4.2.3-1 (bug #505326)
 CVE-2008-XXXX [websvn Cross Site Scripting and Directory Traversal]
@@ -14318,11 +14321,14 @@
 	NOTE: we ship the iwl code in /debian/patches/features/all/v7-iwlwifi-add-iwlwifi-wireless-drivers.patch
 CVE-2007-5937 (Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive ...)
 	- texlive-bin 2007-13
+        [etch] - texlive-bin <no-dsa> (Minor issue)
 CVE-2007-5936 (dvips in teTeX and TeXlive 2007 and earlier allows local users to ...)
 	- texlive-bin 2007-13
+        [etch] - texlive-bin <no-dsa> (Minor issue)
 CVE-2007-5935 (Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive ...)
 	{DTSA-97-1}
 	- texlive-bin 2007.dfsg.1-1
+        [etch] - texlive-bin <no-dsa> (Minor issue)
 CVE-2007-5934 (The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request ...)
 	NOT-FOR-US: php PEAR MDB2
 CVE-2007-5933 (Pioneers (formerly gnocatan) before 0.11.3 allows remote attackers to ...)

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2008-11-29 23:46:37 UTC (rev 10545)
+++ data/spu-candidates.txt	2008-11-30 00:21:54 UTC (rev 10546)
@@ -454,12 +454,21 @@
 
 --
 
+texlive-bin (CVE-2007-5935, CVE-2007-5936, CVE-2007-5937)
+
+--
+
 tintin++ (CVE-2008-0673 CVE-2008-0672 CVE-2008-0671)
 #465643
 notified maintainer
 
 --
 
+tkman (CVE-2008-5137)
+#506496
+
+--
+
 tomboy (CVE-2005-4790)
 notified maintainer

More information about the Secure-testing-commits mailing list