[Secure-testing-commits] r10209 - in data: . CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Thu Oct 30 16:53:08 UTC 2008 

Author: jmm-guest
Date: 2008-10-30 16:53:07 +0000 (Thu, 30 Oct 2008)
New Revision: 10209

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
- record latest stable update
- two no-dsa for minor ftpd issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-10-30 13:46:55 UTC (rev 10208)
+++ data/CVE/list	2008-10-30 16:53:07 UTC (rev 10209)
@@ -851,6 +851,7 @@
 	[etch] - wims <no-dsa> (Minor issue)
 CVE-2008-4474 (freeradius-dialupadmin in freeradius 2.0.4 allows local users to ...)
 	- freeradius 2.0.4+dfsg-6 (low; bug #496389)
+	[etch] - freeradius <no-dsa> (Minor issue)
 CVE-2008-XXXX [bk2site: insecure temp file]
 	- bk2site <unfixed> (unimportant; bug #496430)
 	NOTE: Only debug code, script needs to be edited to exploit this
@@ -1314,18 +1315,20 @@
 	[etch] - openswan <no-dsa> (Vulnerable code only in example script)
 CVE-2008-XXXX [jumpnbump: insecure temp file]
 	- jumpnbump 1.50+dfsg1-1 (low; bug #500611)
-	[etch] - jumpnbump <no-dsa> (Minor issue)
+	[etch] - jumpnbump 1.50-6+etch1
 CVE-2008-XXXX [gpsdrive: insecure temp file]
 	- gpsdrive 2.10~pre4-6.dfsg-1 (low; bug #496436)
 	[etch] - gpsdrive <no-dsa> (Minor issue)
 CVE-2008-XXXX [dist: insecure temp file]
 	- dist 1:3.5-17-2 (low; bug #496412)
-	[etch] - dist <no-dsa> (Minor issue)
+	[etch] - dist 3.70-31etch1
 CVE-2008-XXXX [lustre: insecure temp files]
 	- lustre 1.6.5.1-1 (low; bug #496371)
 CVE-2008-4247 (ftpd in OpenBSD 4.3, FreeBSD 7.0, and NetBSD 4.0 interprets long ...)
 	- linux-ftpd-ssl 0.17.27+0.3-3 (bug #500518)
+	[etch] - linux-ftpd-ssl <no-dsa> (Minor issue)
 	- linux-ftpd 0.17-29 (bug #500278)
+	[etch] - linux-ftpd <no-dsa> (Minor issue)
 CVE-2008-XXXX [possible script injection via /etc/wordpress/wp-config.php]
 	- wordpress <unfixed> (bug #500295; unimportant)
 	NOTE: bigger problems, if attacker has access to /etc/wordpress/*
@@ -3501,6 +3504,7 @@
 	[etch] - links2 <no-dsa> (Minor information leak)
 CVE-2008-3328 (Cross-site scripting (XSS) vulnerability in the wiki engine in Trac ...)
 	- trac 0.11-1
+	[etch] - trac 0.10.3-1etch4
 CVE-2008-3324 (The PartyGaming PartyPoker client program 121/120 does not properly ...)
 	NOT-FOR-US:  PartyGaming PartyPoker
 CVE-2008-3323 (setup.exe before 2.573.2.3 in Cygwin does not properly verify the ...)
@@ -3716,7 +3720,7 @@
 	- xine-lib 1.1.14-2 (bug #492870; low)
 CVE-2008-3230 (The ffmpeg lavf demuxer allows user-assisted attackers to cause a ...)
 	- ffmpeg-debian <unfixed> (unimportant; bug #498764)
-	- ffmpeg <removed>
+	- ffmpeg <removed> (unimportant)
 	NOTE: Only a NULL pointer deference, hardly security relevant
 CVE-2008-3228 (Joomla! before 1.5.4 does not configure .htaccess to apply certain ...)
 	- joomla <itp> (bug #326398)
@@ -4348,6 +4352,7 @@
 	NOT-FOR-US: ActiveX control
 CVE-2008-2951 (Open redirect vulnerability in the search script in Trac before 0.10.5 ...)
 	- trac 0.11-1
+	[etch] - trac 0.10.3-1etch4
 CVE-2008-2949 (Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2008-2948 (Cross-domain vulnerability in Microsoft Internet Explorer 7 and 8 ...)
@@ -4374,7 +4379,7 @@
 	NOTE: Etch is vulnerable.
 CVE-2008-2939 (Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the ...)
 	- apache2 2.2.9-7 (low)
-	[etch] - apache2 <no-dsa> (minor issue; fix will be in 2.2.3-4+etch6)
+	[etch] - apache2 2.2.3-4+etch6
 	- apache <not-affected> (vulnerable code not present)
 CVE-2008-2938 (Directory traversal vulnerability in Apache Tomcat 4.1.0 through ...)
 	- tomcat5.5 5.5.26-5 (low; bug #496309)
@@ -5735,7 +5740,7 @@
 	NOTE: f358166a9405e4f1d8e50d8f415c26d95505b6de
 CVE-2008-2364 (The ap_proxy_http_process_response function in mod_proxy_http.c in the ...)
 	- apache2 2.2.9-1 (low)
-	[etch] - apache2 <no-dsa> (minor issue, fix will be in 2.2.3-4+etch6)
+	[etch] - apache2 2.2.3-4+etch6
 	TODO: check apache 1.3
 CVE-2008-2363 (The PartsBatch class in Pan 0.132 and earlier does not properly manage ...)
 	- pan 0.132-3.1 (bug #483562)
@@ -11979,7 +11984,7 @@
 CVE-2007-6388 (Cross-site scripting (XSS) vulnerability in mod_status in the Apache ...)
 	- apache <removed> (low)
 	- apache2 2.2.8-1 (low)
-	[etch] - apache2 <no-dsa> (will be fixed in 2.2.3-4+etch6, in etch r4 or r5)
+	[etch] - apache2 2.2.3-4+etch6
 	[etch] - apache 1.3.34-4.1+etch1
 CVE-2007-6358 (pdftops.pl before 1.20 in alternate pdftops filter allows local users ...)
 	{DSA-1437-1}

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2008-10-30 13:46:55 UTC (rev 10208)
+++ data/spu-candidates.txt	2008-10-30 16:53:07 UTC (rev 10209)
@@ -5,12 +5,6 @@
 
 --
 
-chillispot
-#500181
-notified maintainer
-
---
-
 aegis
 #496400
 notified maintainer
@@ -93,16 +87,15 @@
 
 --
 
-comix (CVE-2008-1568)
-#462840
+chillispot
+#500181
 notified maintainer
 
 --
 
-crossfire-maps
-#496358
-maintainer doesn't want to fix that, looking at the actual bug I also
-think an update is overkill
+comix (CVE-2008-1568)
+#462840
+notified maintainer
 
 --
 
@@ -112,12 +105,6 @@
 
 --
 
-dist
-#496412
-package has been uploaded
-
---
-
 emacs21 (CVE-2007-6109/CVE-2008-1694)
 bug #455433, bug #476612
 notified maintainer
@@ -204,12 +191,6 @@
 
 --
 
-jumpnbump (no CVE yet)
-#500611
-notified maintainer
-
---
-
 konwert 
 #496379
 notified maintainer
@@ -255,10 +236,18 @@
 
 --
 
+linux-ftpd (CVE-2008-4247)
+#500278
+
+--
+
 linux-ftpd-ssl (CVE-2007-6263)
 #454733
 notified maintainer
 
+CVE-2008-4247
+#500518
+
 --
 
 mecab (CVE-2007-3231)

More information about the Secure-testing-commits mailing list