[Secure-testing-commits] r11712 - in data: . CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Fri Apr 24 17:35:12 UTC 2009 

Author: jmm-guest
Date: 2009-04-24 17:35:12 +0000 (Fri, 24 Apr 2009)
New Revision: 11712

Modified:
   data/CVE/list
   data/ospu-candidates.txt
   data/spu-candidates.txt
Log:
- mark slurm as fixed for lenny
- remove wireshark duplicates
- one kernel issue has been renamed
- pptp-linux no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-04-24 15:49:30 UTC (rev 11711)
+++ data/CVE/list	2009-04-24 17:35:12 UTC (rev 11712)
@@ -111,6 +111,7 @@
 	- pptp-linux <unfixed> (low; bug #523476)
 CVE-2009-XXXX [slurm-llnl doesn't drop supplementary groups]
 	- slurm-llnl 1.3.15-1 (bug #524980)
+	[lenny] - slurm-llnl 1.3.6-1lenny3
 CVE-2009-1330 (Stack-based buffer overflow in Easy RM to MP3 Converter allows remote ...)
 	NOT-FOR-US: Easy RM to MP3 Converter
 CVE-2009-1329 (Stack-based buffer overflow in Mini-stream Shadow Stream Recorder ...)
@@ -370,16 +371,17 @@
 	- php4 <not-affected> (the JSON extension was introduced in php5.2)
 	- php-json-ext <unfixed>
 CVE-2009-1269 (Unspecified vulnerability in Wireshark 0.99.6 through 1.0.6 allows ...)
-	- wireshark 1.0.7-1
+	- wireshark 1.0.7-1 (low)
+	[etch] - wireshark <not-affected> (Vulnerable code not present; introduced in 0.99.6)
 CVE-2009-1268 (The Check Point High-Availability Protocol (CPHAP) dissector in ...)
-	- wireshark 1.0.7-1
+	- wireshark 1.0.7-1 (low)
 CVE-2009-1267 (Unspecified vulnerability in the LDAP dissector in Wireshark 0.99.2 ...)
-	- wireshark 1.0.7-1
+	- wireshark <not-affected> (Only affects Wireshark on Windows)
 CVE-2009-1266 (Unspecified vulnerability in Wireshark before 1.0.7-0.1-1 has unknown ...)
-	TODO: check
-	NOTE: is likely getting rejected
+	NOTE: is likely getting rejected, duplicate
 CVE-2009-1265 (Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the Linux ...)
 	- linux-2.6 <unfixed>
+	- linux-2.6.24 <unfixed>
 CVE-2009-1264 (Frontend User Registration (sr_feuser_register) extension 2.5.20 and ...)
 	NOT-FOR-US: Frontend User Registration (sr_feuser_register) extension
 CVE-2009-1263 (SQL injection vulnerability in sub_commententry.php in the BookJoomlas ...)
@@ -452,13 +454,6 @@
 	- roundup 1.4.4-4+lenny1 (bug #518768)
 	[etch] - roundup 1.2.1-10+etch1
 	[lenny] - roundup 1.4.4-4+lenny1
-CVE-2009-XXXX [Wireshark: The LDAP dissector could crash on Windows]
-	- wireshark <not-affected> (Only affects Wireshark on Windows)
-CVE-2009-XXXX [Wireshark: Wireshark could crash while loading a Tektronix .rf5 file]
-	- wireshark <unfixed>
-	[etch] - wireshark <not-affected> (Vulnerable code not present; introduced in 0.99.6)
-CVE-2009-XXXX [Wireshark: The Check Point High-Availability Protocol (CPHAP) dissector could crash.]
-	- wireshark <unfixed>
 CVE-2008-6680 (libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause ...)
 	{DSA-1771-1}
 	- clamav 0.95.1+dfsg-1 (medium; bug #523016)
@@ -748,7 +743,7 @@
 CVE-2009-1211 (Blue Coat ProxySG, when transparent interception mode is enabled, uses ...)
 	NOT-FOR-US: Blue Coat ProxySG
 CVE-2009-1210 (Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in ...)
-	- wireshark 1.0.7-1
+	- wireshark 1.0.7-1 (low)
 	[etch] - wireshark <not-affected> (Vulnerable code not present, introduced in 0.99.6)
 CVE-2009-1209 (Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows ...)
 	- amaya <removed>
@@ -2092,10 +2087,8 @@
 	RESERVED
 CVE-2009-0796 (Cross-site scripting (XSS) vulnerability in Status.pm in ...)
 	- libapache2-mod-perl2 <unfixed>
-CVE-2009-0795 [af_rose/x25 DoS]
+CVE-2009-0795
 	REJECTED
-	- linux-2.6 <unfixed>
-	- linux-2.6.24 <unfixed>
 CVE-2009-0794 (Integer overflow in the PulseAudioTargetDataL class in ...)
 	- openjdk-6 <unfixed>
 CVE-2009-0793 (cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK ...)

Modified: data/ospu-candidates.txt
===================================================================
--- data/ospu-candidates.txt	2009-04-24 15:49:30 UTC (rev 11711)
+++ data/ospu-candidates.txt	2009-04-24 17:35:12 UTC (rev 11712)
@@ -457,6 +457,12 @@
 
 --
 
+pptp-linux (no CVE)
+#523476
+asked maintainer in mail
+
+--
+
 python2.4 (CVE-2008-4864, CVE-2008-5031)
 #504620
 

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2009-04-24 15:49:30 UTC (rev 11711)
+++ data/spu-candidates.txt	2009-04-24 17:35:12 UTC (rev 11712)
@@ -50,6 +50,12 @@
 
 --
 
+pptp-linux (no CVE)
+#523476
+asked maintainer in mail
+
+--
+
 tau (CVE-2008-5157)
 #506348
 notified maintainer

More information about the Secure-testing-commits mailing list