[Secure-testing-commits] r9994 - in data: . CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Sat Oct 4 20:51:07 UTC 2008


Author: jmm-guest
Date: 2008-10-04 20:51:05 +0000 (Sat, 04 Oct 2008)
New Revision: 9994

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
Etch triage:
- Three recent kernel issues don't affect 2.6.18 from Etch
- twiki issue has been rejected
- ed issue no-dsa, was also duplicated
- links2 minor information leak no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-10-04 12:49:05 UTC (rev 9993)
+++ data/CVE/list	2008-10-04 20:51:05 UTC (rev 9994)
@@ -710,11 +710,10 @@
 	NOT-FOR-US: Microsoft Windows
 CVE-2008-4113 (The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the ...)
 	- linux-2.6 2.6.26-5
+        [etch] - linux-2.6 <not-affected> (Vulnerable code not present)
 	[etch] - linux-2.6.24 <unfixed>
 CVE-2008-4112
 	REJECTED
-	- twiki <unfixed> (low)
-	NOTE: access to configure script is restricted to localhost on Debian
 CVE-2008-4111 (Unspecified vulnerability in Servlet Engine/Web Container in IBM ...)
 	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2008-4110 (Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in ...)
@@ -1127,7 +1126,8 @@
 CVE-2008-3917 (Cross-site scripting (XSS) vulnerability in index.php in Ovidentia ...)
 	NOT-FOR-US: Ovidentia
 CVE-2008-3916 (Heap-based buffer overflow in the strip_escapes function in signal.c ...)
-	- ed 0.7-2
+	- ed 0.7-2 (low)
+        [etch] - ed <no-dsa> (Minor issue)
 CVE-2008-3915 (Buffer overflow in nfsd in the Linux kernel before 2.6.26.4, when ...)
 	{DSA-1636-1}
 	- linux-2.6 2.6.26-5
@@ -1333,9 +1333,6 @@
 CVE-2008-3920 (Unspecified vulnerability in BitlBee before 1.2.2 allows remote ...)
 	- bitlbee 1.2.2-1
 end claimed by white
-CVE-2008-XXXX [GNU ed: heap overflow in CLI processing]
-	- ed 0.7-2 (low)
-	NOTE: http://lists.gnu.org/archive/html/bug-ed/2008-06/msg00000.html
 CVE-2008-XXXX [radiance: insecure temp files]
 	- radiance 3R9+20080530-4 (low; bug #496433)
 CVE-2008-3844 (Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, ...)
@@ -2151,6 +2148,7 @@
 CVE-2008-3535 (Off-by-one error in the iov_iter_advance function in mm/filemap.c in ...)
 	{DSA-1636-1}
 	- linux-2.6 2.6.26-2
+        [etch] - linux-2.6 <not-affected> (Vulnerable code not present)
 	- linux-2.6.24 2.6.24-6~etchnhalf.5
 	NOTE: 94ad374a0751f40d25e22e036c37f7263569d24c
 	NOTE: Fixed in 2.6.25.14 and 2.6.26.1
@@ -2158,6 +2156,7 @@
 	{DSA-1636-1}
 	- linux-2.6.24 2.6.24-6~etchnhalf.5
 	- linux-2.6 2.6.26-2
+        [etch] - linux-2.6 <not-affected> (Vulnerable code not present)
 	NOTE: 14fcc23fdc78e9d32372553ccf21758a9bd56fa1
 	NOTE: Fixed in 2.6.25.14 and 2.6.26.1
 CVE-2008-3533 (Format string vulnerability in the window_error function in ...)
@@ -2611,6 +2610,7 @@
 	- mantis 1.1.2+dfsg-2
 CVE-2008-3329 (Unspecified vulnerability in Links before 2.1, when &quot;only proxies&quot; is ...)
 	- links2 2.1pre37-1.1 (low; bug #492744)
+        [etch] - links2 <no-dsa> (Minor information leak)
 CVE-2008-3328 (Cross-site scripting (XSS) vulnerability in the wiki engine in Trac ...)
 	- trac 0.11-1
 CVE-2008-3324 (The PartyGaming PartyPoker client program 121/120 does not properly ...)

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2008-10-04 12:49:05 UTC (rev 9993)
+++ data/spu-candidates.txt	2008-10-04 20:51:05 UTC (rev 9994)
@@ -227,7 +227,7 @@
 --
 
 links2 (CVE-2008-3329)
-bug #492744)
+bug #492744
 notified maintainer
 
 --




More information about the Secure-testing-commits mailing list