[Secure-testing-commits] r11732 - in data: . CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Tue Apr 28 15:11:19 UTC 2009 

Author: gilbert-guest
Date: 2009-04-28 15:11:19 +0000 (Tue, 28 Apr 2009)
New Revision: 11732

Modified:
   data/CVE/list
   data/ospu-candidates.txt
   data/spu-candidates.txt
Log:
- pptp-linux issue fixed in unstable
- pam issue unimportant and candidate for spu/ospu


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-04-28 02:38:22 UTC (rev 11731)
+++ data/CVE/list	2009-04-28 15:11:19 UTC (rev 11732)
@@ -285,7 +285,7 @@
 	NOTE: - if you can make it "harder" for an attacker to hide himself, shouldn't you do so?
 	NOTE: - this problem has been fixed in unstable, so it should be tracked with a non-unimportant urgency
 CVE-2009-XXXX [pptp-linux: unrestrictive pptpsetup permissions]
-	- pptp-linux <unfixed> (low; bug #523476)
+	- pptp-linux 1.7.2-3 (low; bug #523476)
 	[lenny] - pptp-linux <no-dsa> (Minor issue)
 CVE-2009-XXXX [slurm-llnl doesn't drop supplementary groups]
 	- slurm-llnl 1.3.15-1 (bug #524980)
@@ -3325,7 +3325,13 @@
 CVE-2009-0580
 	RESERVED
 CVE-2009-0579 (Linux-PAM before 1.0.4 does not enforce the minimum password age ...)
-	- pam <unfixed> (bug #514437)
+	- pam <unfixed> (unimportant; bug #514437)
+	[etch] - pam <no-dsa> (violation of administrator's policy, not a vulnerability)
+	[lenny] - pam <no-dsa> (violation of administrator's policy, not a vulnerability)
+	NOTE: the ability to change a password earlier than scheduled is not a security 
+	NOTE: vulnerability in itself (unless the user changes their password back to 
+	NOTE: their previous password; thus violating the security policy as defined by
+	NOTE: the administrator)
 CVE-2009-0578 (GNOME NetworkManager before 0.7.0.99 does not properly verify ...)
 	- network-manager-applet 0.7.0.99-1 (medium)
 CVE-2009-0577 (Integer overflow in the WriteProlog function in texttops in CUPS ...)

Modified: data/ospu-candidates.txt
===================================================================
--- data/ospu-candidates.txt	2009-04-28 02:38:22 UTC (rev 11731)
+++ data/ospu-candidates.txt	2009-04-28 15:11:19 UTC (rev 11732)
@@ -451,6 +451,12 @@
 
 --
 
+pam (CVE-2009-0579)
+#514437
+asked maintainer in mail
+
+--
+
 paramiko (CVE-2008-0299)
 #460706
 notified maintainer

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2009-04-28 02:38:22 UTC (rev 11731)
+++ data/spu-candidates.txt	2009-04-28 15:11:19 UTC (rev 11732)
@@ -62,6 +62,12 @@
 
 --
 
+pam (CVE-2009-0579)
+#514437
+asked maintainer in mail
+
+--
+
 pptp-linux (no CVE)
 #523476
 asked maintainer in mail

More information about the Secure-testing-commits mailing list