[Secure-testing-commits] r12491 - in data: CVE DSA

Giuseppe Iuculano derevko-guest at alioth.debian.org
Thu Aug 6 07:38:25 UTC 2009 

Author: derevko-guest
Date: 2009-08-06 07:38:25 +0000 (Thu, 06 Aug 2009)
New Revision: 12491

Modified:
   data/CVE/list
   data/DSA/list
Log:
- NFUs
- CVE-2009-2470 already covered by DSA-1840-1
- New mozilla issues
- CVE-2009-2661: incomplete fix for CVE-2009-2185
- Django and ZNC issues got a CVE id
- CVE-2009-2660: Multiple integer overflows in camlimages
- CVE-2009-2657: nilfs2-tools in Debian is not affected thanks to dh_fixperms


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-08-05 21:14:16 UTC (rev 12490)
+++ data/CVE/list	2009-08-06 07:38:25 UTC (rev 12491)
@@ -1,21 +1,21 @@
 CVE-2009-2665 (The nsDocument::SetScriptGlobalObject function in ...)
-	TODO: check
+	- xulrunner <unfixed>
+	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
 CVE-2009-2664 (The js_watch_set function in js/src/jsdbgapi.cpp in the JavaScript ...)
-	TODO: check
+	- xulrunner <unfixed>
+	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
 CVE-2009-2663 (libvorbis before r16182, as used in Mozilla Firefox before 3.0.13 and ...)
-	TODO: check
+	- xulrunner <unfixed>
+	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
 CVE-2009-2662 (The browser engine in Mozilla Firefox before 3.0.13, and 3.5.x before ...)
-	TODO: check
+	- xulrunner <unfixed>
+	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
 CVE-2009-2661 (The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before ...)
-	TODO: check
+	- strongswan <unfixed> (bug #540144)
 CVE-2009-2660 (Multiple integer overflows in CamlImages 2.2 might allow ...)
-	TODO: check
-CVE-2009-2659 (The Admin media handler in core/servers/basehttp.py in Django 1.0 and ...)
-	TODO: check
-CVE-2009-2658 (Directory traversal vulnerability in ZNC before 0.072 allows remote ...)
-	TODO: check
+	- camlimages (medium; bug #540146)
 CVE-2009-2657 (nilfs-utils before 2.0.14 installs multiple programs with unnecessary ...)
-	TODO: check
+	- nilfs2-tools <not-affected> (dh_fixperms removes the setuid and setgid bits from all files)
 CVE-2009-2656 (Unspecified vulnerability in the com.android.phone process in Android ...)
 	NOT-FOR-US: Android
 CVE-2008-6896 (login.php in 3CX Phone System 6.0.806.0, when 100% disk capacity is ...)
@@ -42,6 +42,7 @@
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2009-2654 (Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote ...)
 	- xulrunner <unfixed> (low; bug #539891)
+	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
 CVE-2009-2653 (** DISPUTED ** ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2009-2652 (Unspecified vulnerability in Solaris Trusted Extensions in Sun Solaris ...)
@@ -68,6 +69,7 @@
 	- openssl <unfixed> (medium; bug #539449)
 	- openssl097 <removed>
 	- xulrunner <unfixed> (medium)
+	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
 	- nss 3.12.3-1 (medium; bug #539934)  
 	NOTE: asked maintainer to check whether openssl affected
 	NOTE: fixed in iceweasel 3.0.13 and 3.5.2, which have yet to be uploaded
@@ -103,7 +105,7 @@
 	NOT-FOR-US: EasySiteNetwork Free Jokes Website
 CVE-2008-6879 (Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, ...)
 	NOT-FOR-US: Apache Roller
-CVE-2009-XXXX [python-django directory traversal in test webserver]
+CVE-2009-2659 (The Admin media handler in core/servers/basehttp.py in Django 1.0 and ...)
 	- python-django 1.1-1 (low; bug #539134)
 	[etch] - python-django <no-dsa> (Minor issue)
 	[lenny] - python-django <no-dsa> (Minor issue)
@@ -329,7 +331,7 @@
 	- chromium-browser <itp> (bug #520324)
 CVE-2009-2555 (Heap-based buffer overflow in src/jsregexp.cc in Google V8 before ...)
 	- chromium-browser <itp> (bug #520324)
-CVE-2009-XXXX [znc: directory traversal bug]
+CVE-2009-2658 (Directory traversal vulnerability in ZNC before 0.072 allows remote ...)
 	- znc 0.074-1 (medium; bug #537977)
 	[etch] - znc 0.045-3+etch3
 	[lenny] - znc 0.058-2+lenny3
@@ -501,7 +503,9 @@
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
 	NOTE: http://www.mozilla.org/security/announce/2009/mfsa2009-39.html
 CVE-2009-2470 (Mozilla Firefox before 3.0.12, and 3.5.x before 3.5.2, allows remote ...)
-	TODO: check
+	- xulrunner 1.9.0.12-1
+	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+	NOTE: http://www.mozilla.org/security/announce/2009/mfsa2009-38.html
 CVE-2009-2469 (Mozilla Firefox before 3.0.12 does not properly handle an SVG element ...)
 	{DSA-1840-1}
 	- xulrunner 1.9.0.12-1
@@ -1293,7 +1297,7 @@
 CVE-2009-2199
 	RESERVED
 CVE-2009-2198 (Apple GarageBand before 5.1 reconfigures Safari to accept all cookies ...)
-	TODO: check
+	NOT-FOR-US: Apple GarageBand
 CVE-2009-2197
 	RESERVED
 CVE-2009-2196

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2009-08-05 21:14:16 UTC (rev 12490)
+++ data/DSA/list	2009-08-06 07:38:25 UTC (rev 12491)
@@ -35,7 +35,7 @@
 	[etch] - git-core 1:1.4.4.4-4+etch3
 	[lenny] - git-core 1:1.5.6.5-3+lenny2
 [23 Jul 2009] DSA-1840-1 xulrunner - several vulnerabilities
-	{CVE-2009-2462 CVE-2009-2463 CVE-2009-2464 CVE-2009-2465 CVE-2009-2466 CVE-2009-2467 CVE-2009-2469 CVE-2009-2471 CVE-2009-2472}
+	{CVE-2009-2462 CVE-2009-2463 CVE-2009-2464 CVE-2009-2465 CVE-2009-2466 CVE-2009-2467 CVE-2009-2469 CVE-2009-2470 CVE-2009-2471 CVE-2009-2472}
 	[lenny] - xulrunner 1.9.0.12-0lenny1
 [19 Jul 2009] DSA-1839-1 gst-plugins-good0.10 - arbitrary code execution
 	{CVE-2009-1932}

More information about the Secure-testing-commits mailing list