[Secure-testing-commits] r11705 - in data: . CVE

[Steffen Joeris]

Author: white
Date: 2009-04-24 02:57:18 +0000 (Fri, 24 Apr 2009)
New Revision: 11705

Modified:
   data/CVE/list
   data/ospu-candidates.txt
   data/spu-candidates.txt
Log:
cups no-dsa issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-04-23 22:25:03 UTC (rev 11704)
+++ data/CVE/list	2009-04-24 02:57:18 UTC (rev 11705)
@@ -4651,7 +4651,9 @@
 CVE-2009-0164 [cups web interface DNS rebinding issue]
 	RESERVED
 	- cups 1.3.10-1 (low)
+	[lenny] - cups <no-dsa> (Minor issue, needs several prerequirements for attack)
 	- cupsys <removed>
+	[etch] - cupsys <no-dsa> (Minor issue, needs several prerequirements for attack)
 CVE-2009-0163 [integer overflow in cups imagetops filter]
 	RESERVED
 	{DSA-1773-1}
@@ -6240,7 +6242,8 @@
 	- arb 0.0.20071207.1-6 (low; bug #508942)
 CVE-2008-5377 (pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files ...)
 	- cups 1.3.8-1lenny1 (low)
-	[etch] - cupsys <unfixed> (low)
+	- cupsys <removed>
+	[etch] - cupsys <no-dsa> (Example script)
 CVE-2008-5376 (editcomment in crip 3.7 allows local users to overwrite arbitrary ...)
 	- crip 3.7-5 (low; bug #509275)
 	[etch] - crip 3.7-3+etch1

Modified: data/ospu-candidates.txt
===================================================================
--- data/ospu-candidates.txt	2009-04-23 22:25:03 UTC (rev 11704)
+++ data/ospu-candidates.txt	2009-04-24 02:57:18 UTC (rev 11705)
@@ -132,6 +132,10 @@
 
 --
 
+cupsys (CVE-2009-0164 CVE-2008-5377)
+
+--
+
 cyrus-sasl2 (no CVE)
 #465561
 notified maintainer

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2009-04-23 22:25:03 UTC (rev 11704)
+++ data/spu-candidates.txt	2009-04-24 02:57:18 UTC (rev 11705)
@@ -19,6 +19,10 @@
 
 --
 
+cups (CVE-2009-0164)
+
+--
+
 kfreebsd-7 (CVE-2009-1041)
 
 --