[Secure-testing-commits] r11704 - in data: . CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Thu Apr 23 22:25:03 UTC 2009 

Author: jmm-guest
Date: 2009-04-23 22:25:03 +0000 (Thu, 23 Apr 2009)
New Revision: 11704

Modified:
   data/CVE/list
   data/ospu-candidates.txt
   data/spu-candidates.txt
Log:
lots of no-dsas


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-04-23 21:14:16 UTC (rev 11703)
+++ data/CVE/list	2009-04-23 22:25:03 UTC (rev 11704)
@@ -193,6 +193,8 @@
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
 CVE-2009-1301 (Integer signedness error in the store_id3_text function in the ID3v2 ...)
 	- mpg123 1.7.2-1 (low)
+	[etch] - mpg123 <no-dsa> (Minor issue)
+	[lenny] - mpg123 <no-dsa> (Minor issue)
 	NOTE: http://secunia.com/advisories/34587/3/
 	NOTE: unlike secunia states I can't see that this allows code execution but is just an invalid read
 	NOTE: crashing the application
@@ -329,7 +331,9 @@
 CVE-2008-6683 (Cross-site scripting (XSS) vulnerability in listtest.php in Apartment ...)
 	NOT-FOR-US: Apartment Search Script
 CVE-2009-1284 (Buffer overflow in BibTeX 0.99 allows context-dependent attackers to ...)
-	- texlive-bin <unfixed> (bug #520920)
+	- texlive-bin <unfixed> (low; bug #520920)
+	[etch] - texlive-bin <no-dsa> (Minor issue)
+	[lenny] - texlive-bin <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=492136
 CVE-2009-1283 (glFusion before 1.1.3 performs authentication with a user-provided ...)
 	NOT-FOR-US: glFusion
@@ -2064,6 +2068,7 @@
 	NOT-FOR-US: piCal
 CVE-2009-0804 (Ziproxy 2.6.0, when transparent interception mode is enabled, uses the ...)
 	- ziproxy <unfixed> (low; bug #521051)
+	[lenny] - ziproxy <no-dsa> (Minor issue)
 CVE-2009-0803 (SmoothWall SmoothGuardian, as used in SmoothWall Firewall, ...)
 	NOT-FOR-US: SmoothWall
 CVE-2009-0802 (Qbik WinGate, when transparent interception mode is enabled, uses the ...)
@@ -3355,6 +3360,8 @@
 	NOTE: need to submit a request for CVE id
 CVE-2009-XXXX [konqueror: potential exploits via application launchers]
 	- kdebase <unfixed> (low; bug #515106)
+	[etch] - kdebase <no-dsa> (Minor issue)
+	[lenny] - kdebase <no-dsa> (Minor issue)
 	NOTE: need to submit a request for CVE id
 CVE-2009-0737 (Multiple cross-site scripting (XSS) vulnerabilities in the web-based ...)
 	- mediawiki 1:1.14.0-1 (low; bug #514547)
@@ -5661,6 +5668,7 @@
 	- linux-2.6.24 <unfixed>
 CVE-2009-0027 (The request handler in JBossWS in JBoss Enterprise Application ...)
 	- jbossas4 <unfixed>
+	[lenny] - jbossas4 <no-dsa> (Contrib not supported)
 CVE-2009-0026 (Multiple cross-site scripting (XSS) vulnerabilities in Apache ...)
 	NOT-FOR-US: Apache Jackrabbit
 CVE-2009-0025 (BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check ...)
@@ -14174,6 +14182,8 @@
 CVE-2008-2142 (Emacs 21 and XEmacs automatically load and execute .flc (fast lock) ...)
 	- emacs22 22.2+2-3 (low; bug #480885)
 	- xemacs21-packages 2009.02.17-1 (low; bug #480886)
+	[etch] - xemacs21-packages <no-dsa> (Minor issue)
+	[lenny] - xemacs21-packages <no-dsa> (Minor issue)
 	[etch] - xemacs21 <no-dsa> (Minor issue)
 	[lenny] - xemacs21 <no-dsa> (Minor issue)
 	- emacs21 21.4a+1-5.5 (low; bug #480877)
@@ -14253,7 +14263,10 @@
 CVE-2008-2086 (Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and ...)
 	- openjdk-6 <unfixed>
 	- sun-java5 <unfixed>
+	[etch] - sun-java5 <no-dsa> (Non-free not supported)
+	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
 	- sun-java6 <unfixed>
+	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2008-2084 (SQL injection vulnerability in topics.php in the MyArticles 0.6 beta-1 ...)
 	NOT-FOR-US: MyArticles
 CVE-2008-2083 (SQL injection vulnerability in directory.php in Prozilla Hosting ...)

Modified: data/ospu-candidates.txt
===================================================================
--- data/ospu-candidates.txt	2009-04-23 21:14:16 UTC (rev 11703)
+++ data/ospu-candidates.txt	2009-04-23 22:25:03 UTC (rev 11704)
@@ -395,6 +395,10 @@
 
 --
 
+mpg123 (CVE-2009-1301)
+
+--
+
 multi-gnome-terminal (CVE-2008-5143)
 notified maintainer
 
@@ -567,6 +571,12 @@
 
 --
 
+tetex-bin (CVE-2009-1284)
+#520920
+https://bugzilla.redhat.com/show_bug.cgi?id=492136
+
+--
+
 texlive-bin (CVE-2007-5935 CVE-2007-5936 CVE-2007-5937)
 notified maintainer
 

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2009-04-23 21:14:16 UTC (rev 11703)
+++ data/spu-candidates.txt	2009-04-23 22:25:03 UTC (rev 11704)
@@ -27,6 +27,10 @@
 
 --
 
+mpg123 (CVE-2009-1301)
+
+--
+
 net-snmp (CVE-2008-6123)
 Noah will see to it.
 
@@ -43,6 +47,12 @@
 
 --
 
+tetex-bin (CVE-2009-1284)
+#520920
+https://bugzilla.redhat.com/show_bug.cgi?id=492136
+
+--
+
 xemacs21 (CVE-2008-2142)
 bug #480877
 notified maintainer
@@ -58,3 +68,7 @@
 xfig
 25_mkstemp added in :3.2.5.a-1
 
+--
+
+ziproxy (CVE-2009-0804)
+#521051

More information about the Secure-testing-commits mailing list