[Secure-testing-commits] r11704 - in data: . CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Thu Apr 23 22:25:03 UTC 2009
Author: jmm-guest
Date: 2009-04-23 22:25:03 +0000 (Thu, 23 Apr 2009)
New Revision: 11704
Modified:
data/CVE/list
data/ospu-candidates.txt
data/spu-candidates.txt
Log:
lots of no-dsas
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-04-23 21:14:16 UTC (rev 11703)
+++ data/CVE/list 2009-04-23 22:25:03 UTC (rev 11704)
@@ -193,6 +193,8 @@
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-1301 (Integer signedness error in the store_id3_text function in the ID3v2 ...)
- mpg123 1.7.2-1 (low)
+ [etch] - mpg123 <no-dsa> (Minor issue)
+ [lenny] - mpg123 <no-dsa> (Minor issue)
NOTE: http://secunia.com/advisories/34587/3/
NOTE: unlike secunia states I can't see that this allows code execution but is just an invalid read
NOTE: crashing the application
@@ -329,7 +331,9 @@
CVE-2008-6683 (Cross-site scripting (XSS) vulnerability in listtest.php in Apartment ...)
NOT-FOR-US: Apartment Search Script
CVE-2009-1284 (Buffer overflow in BibTeX 0.99 allows context-dependent attackers to ...)
- - texlive-bin <unfixed> (bug #520920)
+ - texlive-bin <unfixed> (low; bug #520920)
+ [etch] - texlive-bin <no-dsa> (Minor issue)
+ [lenny] - texlive-bin <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=492136
CVE-2009-1283 (glFusion before 1.1.3 performs authentication with a user-provided ...)
NOT-FOR-US: glFusion
@@ -2064,6 +2068,7 @@
NOT-FOR-US: piCal
CVE-2009-0804 (Ziproxy 2.6.0, when transparent interception mode is enabled, uses the ...)
- ziproxy <unfixed> (low; bug #521051)
+ [lenny] - ziproxy <no-dsa> (Minor issue)
CVE-2009-0803 (SmoothWall SmoothGuardian, as used in SmoothWall Firewall, ...)
NOT-FOR-US: SmoothWall
CVE-2009-0802 (Qbik WinGate, when transparent interception mode is enabled, uses the ...)
@@ -3355,6 +3360,8 @@
NOTE: need to submit a request for CVE id
CVE-2009-XXXX [konqueror: potential exploits via application launchers]
- kdebase <unfixed> (low; bug #515106)
+ [etch] - kdebase <no-dsa> (Minor issue)
+ [lenny] - kdebase <no-dsa> (Minor issue)
NOTE: need to submit a request for CVE id
CVE-2009-0737 (Multiple cross-site scripting (XSS) vulnerabilities in the web-based ...)
- mediawiki 1:1.14.0-1 (low; bug #514547)
@@ -5661,6 +5668,7 @@
- linux-2.6.24 <unfixed>
CVE-2009-0027 (The request handler in JBossWS in JBoss Enterprise Application ...)
- jbossas4 <unfixed>
+ [lenny] - jbossas4 <no-dsa> (Contrib not supported)
CVE-2009-0026 (Multiple cross-site scripting (XSS) vulnerabilities in Apache ...)
NOT-FOR-US: Apache Jackrabbit
CVE-2009-0025 (BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check ...)
@@ -14174,6 +14182,8 @@
CVE-2008-2142 (Emacs 21 and XEmacs automatically load and execute .flc (fast lock) ...)
- emacs22 22.2+2-3 (low; bug #480885)
- xemacs21-packages 2009.02.17-1 (low; bug #480886)
+ [etch] - xemacs21-packages <no-dsa> (Minor issue)
+ [lenny] - xemacs21-packages <no-dsa> (Minor issue)
[etch] - xemacs21 <no-dsa> (Minor issue)
[lenny] - xemacs21 <no-dsa> (Minor issue)
- emacs21 21.4a+1-5.5 (low; bug #480877)
@@ -14253,7 +14263,10 @@
CVE-2008-2086 (Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and ...)
- openjdk-6 <unfixed>
- sun-java5 <unfixed>
+ [etch] - sun-java5 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java5 <no-dsa> (Non-free not supported)
- sun-java6 <unfixed>
+ [lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2008-2084 (SQL injection vulnerability in topics.php in the MyArticles 0.6 beta-1 ...)
NOT-FOR-US: MyArticles
CVE-2008-2083 (SQL injection vulnerability in directory.php in Prozilla Hosting ...)
Modified: data/ospu-candidates.txt
===================================================================
--- data/ospu-candidates.txt 2009-04-23 21:14:16 UTC (rev 11703)
+++ data/ospu-candidates.txt 2009-04-23 22:25:03 UTC (rev 11704)
@@ -395,6 +395,10 @@
--
+mpg123 (CVE-2009-1301)
+
+--
+
multi-gnome-terminal (CVE-2008-5143)
notified maintainer
@@ -567,6 +571,12 @@
--
+tetex-bin (CVE-2009-1284)
+#520920
+https://bugzilla.redhat.com/show_bug.cgi?id=492136
+
+--
+
texlive-bin (CVE-2007-5935 CVE-2007-5936 CVE-2007-5937)
notified maintainer
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2009-04-23 21:14:16 UTC (rev 11703)
+++ data/spu-candidates.txt 2009-04-23 22:25:03 UTC (rev 11704)
@@ -27,6 +27,10 @@
--
+mpg123 (CVE-2009-1301)
+
+--
+
net-snmp (CVE-2008-6123)
Noah will see to it.
@@ -43,6 +47,12 @@
--
+tetex-bin (CVE-2009-1284)
+#520920
+https://bugzilla.redhat.com/show_bug.cgi?id=492136
+
+--
+
xemacs21 (CVE-2008-2142)
bug #480877
notified maintainer
@@ -58,3 +68,7 @@
xfig
25_mkstemp added in :3.2.5.a-1
+--
+
+ziproxy (CVE-2009-0804)
+#521051
More information about the Secure-testing-commits
mailing list