[Secure-testing-commits] r12655 - in data: . CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Fri Aug 21 19:21:47 UTC 2009 

Author: jmm-guest
Date: 2009-08-21 19:21:47 +0000 (Fri, 21 Aug 2009)
New Revision: 12655

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
checked some not-affected states


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-08-21 18:36:53 UTC (rev 12654)
+++ data/CVE/list	2009-08-21 19:21:47 UTC (rev 12655)
@@ -514,7 +514,8 @@
 	NOT-FOR-US: IBM AIX
 CVE-2009-2726 (The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, ...)
 	- asterisk <unfixed> (bug #541441)
-	NOTE: According to the vendor this is only potentially exploitable in 1.6.x, so this is a possible no-dsa
+	[lenny] - asterisk <not-affected> (Doesn't permit SIP packets to exceed 1500 bytes total)
+	[etch] - asterisk <not-affected> (Doesn't permit SIP packets to exceed 1500 bytes total)
 CVE-2009-2725
 	RESERVED
 CVE-2009-2724 (Race condition in the java.lang package in Sun Java SE 5.0 before ...)
@@ -609,13 +610,13 @@
 	TODO: request CVE id
 CVE-2009-XXXX [groff: insecure usage of gs]
 	- groff 1.20.1-5 (low; bug #538338)
-	[etch] - groff <no-dsa> (minor issue)
-	[lenny] - groff <no-dsa> (minor issue)
+	[etch] - groff <not-affected> (pdfroff not yet present)
+	[lenny] - groff <not-affected> (pdfroff not yet present)
 	NOTE: requested CVE ids
 CVE-2009-XXXX [groff: uses insecure temp files]
 	- groff 1.20.1-5 (low; bug #538330)
-	[etch] - groff <no-dsa> (minor issue)
-	[lenny] - groff <no-dsa> (minor issue)
+	[etch] - groff <not-affected> (pdfroff not yet present)
+	[lenny] - groff <not-affected> (pdfroff not yet present)
 	NOTE: requested CVE ids
 CVE-2009-XXXX [netbase: wireless key logged]
 	- netbase <unfixed> (low; bug #540608)

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2009-08-21 18:36:53 UTC (rev 12654)
+++ data/spu-candidates.txt	2009-08-21 19:21:47 UTC (rev 12655)
@@ -96,7 +96,7 @@
 
 libpam-ssh (CVE-2009-1273)
 #535877
-maintainer notified through initial bug report
+maintainer notified through initial bug report, said he would work on an update
 
 --

More information about the Secure-testing-commits mailing list