[Secure-testing-commits] r12525 - in data: . CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Sun Aug 9 06:42:58 UTC 2009
Author: gilbert-guest
Date: 2009-08-09 06:42:58 +0000 (Sun, 09 Aug 2009)
New Revision: 12525
Modified:
data/CVE/list
data/embedded-code-copies
Log:
- new non-numbered issues for the past few weeks...
- avifile embeds ffmeg
- info on wordpress issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-08-09 03:20:27 UTC (rev 12524)
+++ data/CVE/list 2009-08-09 06:42:58 UTC (rev 12525)
@@ -1,3 +1,48 @@
+CVE-2009-XXXX [rubygems: integrity violation]
+ - rubygems1.9 <not-affected> (medium; bug #540610)
+ - rubygems1.8 <not-affected>
+ - rubygems <not-affected>
+ NOTE: debian's version installs gems packages to /var/lib/gems,
+ NOTE: so no opportunity to overwrite system files
+CVE-2009-XXXX [bugzilla: unauthorized bug modification]
+ - bugzilla 3.2.4-1 (low)
+ [etch] - bugzilla <no-dsa> (minor issue)
+ [lenny] - bugzilla <no-dsa> (minor issue)
+ NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=495257
+CVE-2009-XXXX [groff: insecure usage of gs]
+ - groff <unfixed> (low; bug #538338)
+ [etch] - groff <no-dsa> (minor issue)
+ [lenny] - groff <no-dsa> (minor issue)
+CVE-2009-XXXX [groff: uses insecure temp files]
+ - groff <unfixed> (low; bug #538330)
+ [etch] - groff <no-dsa> (minor issue)
+ [lenny] - groff <no-dsa> (minor issue)
+CVE-2009-XXXX [netbase: wireless key logged]
+ - netbase <unfixed> (low; bug #540608)
+ TODO: follow-up with maintainer to find out if debian's version is affected or not
+CVE-2009-XXXX [apache2: only first 8 characters used to validate password]
+ - apache2 <unfixed> (low; bug #539246)
+CVE-2009-XXXX [gnudips: remote priviledge escalation]
+ - gnudips <unfixed> (medium; bug #539452)
+CVE-2009-XXXX [xscreensaver: local screen lock bypassable via low resolution video devices]
+ - xscreensaver <unfixed> (high; bug #539699)
+CVE-2009-XXXX [php5: remote information disclosure]
+ - php5 <unfixed> (medium; bug #540605)
+ TODO: determine affected versions
+CVE-2009-XXXX [php5: 'open_basedir' bypass]
+ - php5 <unfixed> (low; bug #540606)
+ NOTE: supposedly only affects 5.3.0
+CVE-2009-XXXX [php5: exif buffer overread]
+ - php5 5.2.10.dfsg.1-2 (low; bug #540611)
+CVE-2009-XXXX [linux-2.6: do_nanosleep() null pointer dereference]
+ - linux-2.6 <unfixed> (medium)
+ [etch] - linux-2.6 <not-affected> (introduced in 2.6.28)
+ [lenny] - linux-2.6 <not-affected> (introduced in 2.6.28)
+ [squeeze] - linux-2.6 <not-affected> (introduced in 2.6.28)
+ - linux-2.6.24 <not-affected> (introduced in 2.6.28)
+CVE-2009-XXXX [linux-2.6: md raid null pointer dereference (when sysfs available)]
+ - linux-2.6 <unfixed> (medium)
+ - linux-2.6.24 <removed>
CVE-2009-2710
RESERVED
CVE-2009-2709
@@ -1084,7 +1129,9 @@
NOTE: fixed in upstream 2.8.1, which is not yet in unstable
CVE-2009-2334 (wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not ...)
- wordpress <unfixed> (low; bug #536724)
- NOTE: fixed in upstream 2.8.1, which is not yet in unstable
+ NOTE: initial fix in 2.8.1 is incomplete (see bug report)
+ NOTE: claimed to be fully fixed in upstream in 2.8.3
+ TODO: recheck when 2.8.x enters unstable
CVE-2009-2333 (Multiple directory traversal vulnerabilities in CMS Chainuk 1.2 and ...)
NOT-FOR-US: CMS Chainuk
CVE-2009-2332 (CMS Chainuk 1.2 and earlier allows remote attackers to obtain ...)
Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies 2009-08-09 03:20:27 UTC (rev 12524)
+++ data/embedded-code-copies 2009-08-09 06:42:58 UTC (rev 12525)
@@ -262,6 +262,7 @@
faad2
- mplayer 1.0~rc2-20 (embed)
+ - avifile <unfixed> (embed; bug #538750)
mad MPEG decoding lib
- mad <unfixed> (embed)
More information about the Secure-testing-commits
mailing list