[Secure-testing-commits] r11729 - in data: . CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Mon Apr 27 17:53:17 UTC 2009
Author: jmm-guest
Date: 2009-04-27 17:53:16 +0000 (Mon, 27 Apr 2009)
New Revision: 11729
Modified:
data/CVE/list
data/spu-candidates.txt
Log:
- various no-dsa issues triaged
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-04-27 09:14:17 UTC (rev 11728)
+++ data/CVE/list 2009-04-27 17:53:16 UTC (rev 11729)
@@ -1,3 +1,6 @@
+CVE-2009-XXXX [iodine: DoS against iodined triggerable by authenticated users]
+ - iodine <unfixed> (low)
+ [lenny] - iodine <no-dsa> (Maintainer will fix it in next stable point update)
CVE-2009-XXXX [ntop: access.log permissions]
- ntop <unfixed> (low; bug #524801)
NOTE: fixed in recent FSA (https://admin.fedoraproject.org/updates/F10/FEDORA-2009-2805)
@@ -239,6 +242,7 @@
NOTE: - this problem has been fixed in unstable, so it should be tracked with a non-unimportant urgency
CVE-2009-XXXX [pptp-linux: unrestrictive pptpsetup permissions]
- pptp-linux <unfixed> (low; bug #523476)
+ [lenny] - pptp-linux <no-dsa> (Minor issue)
CVE-2009-XXXX [slurm-llnl doesn't drop supplementary groups]
- slurm-llnl 1.3.15-1 (bug #524980)
[lenny] - slurm-llnl 1.3.6-1lenny3
@@ -2182,7 +2186,14 @@
NOT-FOR-US: Qbik WinGate
CVE-2009-0801 (Squid, when transparent interception mode is enabled, uses the HTTP ...)
- squid <unfixed> (low; bug #521053)
+ [etch] - squid <no-dsa> (Minor issue)
+ [lenny] - squid <no-dsa> (Minor issue)
- squid3 <unfixed> (low; bug #521052)
+ [etch] - squid3 <no-dsa> (Minor issue)
+ [lenny] - squid3 <no-dsa> (Minor issue)
+ NOTE: This only affects HTTP connections and only in transparent mode
+ NOTE: Also, same origin validations in the browsers still apply and keep this mostly harmless
+ NOTE: http://marc.info/?l=squid-dev&m=123542836103750&w=4
CVE-2009-0800 (Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 ...)
- poppler 0.10.6-1 (medium; bug #524806)
- xpdf <unfixed> (medium; bug #524809)
@@ -4337,8 +4348,15 @@
- dia 0.96.1-7.1 (low; bug #504251)
[etch] - dia <no-dsa> (Minor issue, only vulnerable when called from certain dir)
CVE-2008-5983 (Untrusted search path vulnerability in the PySys_SetArgv API function ...)
- - python2.5 <unfixed>
- - python2.4 <unfixed>
+ - python2.5 <unfixed> (low)
+ [etch] - python2.5 <no-dsa> (Minor issue)
+ [lenny] - python2.5 <no-dsa> (Minor issue)
+ - python2.4 <unfixed> (low)
+ [etch] - python2.4 <no-dsa> (Minor issue)
+ [lenny] - python2.4 <no-dsa> (Minor issue)
+ NOTE: I suppose the behaviour will be changed in a future Python release, but
+ NOTE: a backport has a significant risk of breakage for little gain. If a
+ NOTE: proper upstream patch should be available, this can be re-evaluated
CVE-2008-5982 (Format string vulnerability in BMC PATROL Agent before 3.7.30 allows ...)
NOT-FOR-US: BMC PATROL Agent
CVE-2009-0323 (Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0 ...)
@@ -5469,6 +5487,7 @@
- qemu 0.9.1-10 (low; bug #509882)
[etch] - qemu <not-affected> (Vulnerable code not present)
- kvm 82-1 (low; bug #509997)
+ [lenny] - kvm <no-dsa> (Minor issue)
CVE-2008-5713 (The __qdisc_run function in net/sched/sch_generic.c in the Linux ...)
- linux-2.6 2.6.25-1
- linux-2.6.24 <removed>
@@ -8006,7 +8025,6 @@
NOTE: not reproducible using iceweasel 3.0.1
CVE-2008-4723 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox ...)
{CVE-2008-4724}
- - iceape <unfixed>
- xulrunner <unfixed>
- iceweasel <unfixed>
NOTE: http://www.jorgan.users.cg.yu/ seems to be the original source
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2009-04-27 09:14:17 UTC (rev 11728)
+++ data/spu-candidates.txt 2009-04-27 17:53:16 UTC (rev 11729)
@@ -32,6 +32,11 @@
--
+kvm 82-1 (CVE-2008-5714)
+#509997
+
+--
+
mpfr (CVE-2009-0757)
notified maintainer
More information about the Secure-testing-commits
mailing list