[Secure-testing-commits] r9994 - in data: . CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Sat Oct 4 20:51:07 UTC 2008
Author: jmm-guest
Date: 2008-10-04 20:51:05 +0000 (Sat, 04 Oct 2008)
New Revision: 9994
Modified:
data/CVE/list
data/spu-candidates.txt
Log:
Etch triage:
- Three recent kernel issues don't affect 2.6.18 from Etch
- twiki issue has been rejected
- ed issue no-dsa, was also duplicated
- links2 minor information leak no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-10-04 12:49:05 UTC (rev 9993)
+++ data/CVE/list 2008-10-04 20:51:05 UTC (rev 9994)
@@ -710,11 +710,10 @@
NOT-FOR-US: Microsoft Windows
CVE-2008-4113 (The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the ...)
- linux-2.6 2.6.26-5
+ [etch] - linux-2.6 <not-affected> (Vulnerable code not present)
[etch] - linux-2.6.24 <unfixed>
CVE-2008-4112
REJECTED
- - twiki <unfixed> (low)
- NOTE: access to configure script is restricted to localhost on Debian
CVE-2008-4111 (Unspecified vulnerability in Servlet Engine/Web Container in IBM ...)
NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-4110 (Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in ...)
@@ -1127,7 +1126,8 @@
CVE-2008-3917 (Cross-site scripting (XSS) vulnerability in index.php in Ovidentia ...)
NOT-FOR-US: Ovidentia
CVE-2008-3916 (Heap-based buffer overflow in the strip_escapes function in signal.c ...)
- - ed 0.7-2
+ - ed 0.7-2 (low)
+ [etch] - ed <no-dsa> (Minor issue)
CVE-2008-3915 (Buffer overflow in nfsd in the Linux kernel before 2.6.26.4, when ...)
{DSA-1636-1}
- linux-2.6 2.6.26-5
@@ -1333,9 +1333,6 @@
CVE-2008-3920 (Unspecified vulnerability in BitlBee before 1.2.2 allows remote ...)
- bitlbee 1.2.2-1
end claimed by white
-CVE-2008-XXXX [GNU ed: heap overflow in CLI processing]
- - ed 0.7-2 (low)
- NOTE: http://lists.gnu.org/archive/html/bug-ed/2008-06/msg00000.html
CVE-2008-XXXX [radiance: insecure temp files]
- radiance 3R9+20080530-4 (low; bug #496433)
CVE-2008-3844 (Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, ...)
@@ -2151,6 +2148,7 @@
CVE-2008-3535 (Off-by-one error in the iov_iter_advance function in mm/filemap.c in ...)
{DSA-1636-1}
- linux-2.6 2.6.26-2
+ [etch] - linux-2.6 <not-affected> (Vulnerable code not present)
- linux-2.6.24 2.6.24-6~etchnhalf.5
NOTE: 94ad374a0751f40d25e22e036c37f7263569d24c
NOTE: Fixed in 2.6.25.14 and 2.6.26.1
@@ -2158,6 +2156,7 @@
{DSA-1636-1}
- linux-2.6.24 2.6.24-6~etchnhalf.5
- linux-2.6 2.6.26-2
+ [etch] - linux-2.6 <not-affected> (Vulnerable code not present)
NOTE: 14fcc23fdc78e9d32372553ccf21758a9bd56fa1
NOTE: Fixed in 2.6.25.14 and 2.6.26.1
CVE-2008-3533 (Format string vulnerability in the window_error function in ...)
@@ -2611,6 +2610,7 @@
- mantis 1.1.2+dfsg-2
CVE-2008-3329 (Unspecified vulnerability in Links before 2.1, when "only proxies" is ...)
- links2 2.1pre37-1.1 (low; bug #492744)
+ [etch] - links2 <no-dsa> (Minor information leak)
CVE-2008-3328 (Cross-site scripting (XSS) vulnerability in the wiki engine in Trac ...)
- trac 0.11-1
CVE-2008-3324 (The PartyGaming PartyPoker client program 121/120 does not properly ...)
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2008-10-04 12:49:05 UTC (rev 9993)
+++ data/spu-candidates.txt 2008-10-04 20:51:05 UTC (rev 9994)
@@ -227,7 +227,7 @@
--
links2 (CVE-2008-3329)
-bug #492744)
+bug #492744
notified maintainer
--
More information about the Secure-testing-commits
mailing list