[Secure-testing-commits] r13490 - in data: . CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Tue Dec 8 17:09:51 UTC 2009
Author: jmm-guest
Date: 2009-12-08 17:09:50 +0000 (Tue, 08 Dec 2009)
New Revision: 13490
Modified:
data/CVE/list
data/embedded-code-copies
data/ospu-candidates.txt
data/spu-candidates.txt
Log:
- updates on libtool code copies:
* snbc, dico and unixodbc use the system copy
* hypre and babel fixed, but no-dsa for Lenny/Etch
- update poppler issue for code copies
- fix kfreebsd bug num
- new devil issue
- fix tracking for dstat
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-12-08 14:52:57 UTC (rev 13489)
+++ data/CVE/list 2009-12-08 17:09:50 UTC (rev 13490)
@@ -262,9 +262,10 @@
CVE-2009-4082 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: Outreach Project Tool
CVE-2009-4081 (Untrusted search path vulnerability in dstat before r3199 allows local ...)
- - dstat 0.7.0-1 (low; bug #559667)
- [lenny] - dstat <no-dsa> (Minor issue)
- [etch] - dstat <no-dsa> (Minor issue)
+ - dstat <not-affected> (Fixed/tracked as CVE-2009-3894)
+ NOTE: This second ID is about the same issue, but for an older version, see
+ NOTE: http://bugs.gentoo.org/show_bug.cgi?id=293497
+ NOTE: For Debian we'll just use CVE-2009-3894 and mark this one as not-affected
CVE-2009-4080 (Multiple unspecified vulnerabilities in ldap_cachemgr (aka the LDAP ...)
NOT-FOR-US: ldap_cachemgr in Sun Solaris
CVE-2009-4079 (Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and ...)
@@ -489,8 +490,11 @@
RESERVED
CVE-2009-3995
RESERVED
-CVE-2009-3994
+CVE-2009-3994 [devil buffer overflow]
RESERVED
+ - devil <unfixed>
+ TODO: File bug
+ NOTE: http://secunia.com/secunia_research/2009-51/
CVE-2009-3993
RESERVED
CVE-2009-3992
@@ -1127,7 +1131,6 @@
- collectd <unfixed> (medium; bug #559801)
- courier-authlib <unfixed> (medium; bug #559802)
- cvsnt <unfixed> (medium; bug #559803)
- - dico <unfixed> (medium; bug #559804)
- ggobi <unfixed> (medium; bug #559806)
- glame <unfixed> (medium; bug #559807)
- gnash <unfixed> (medium; bug #559808)
@@ -1152,20 +1155,22 @@
- siproxd <unfixed> (medium; bug #559827)
- ski <unfixed> (medium; bug #559828)
- synfig <unfixed> (medium; bug #559829)
- - unixodbc <unfixed> (medium; bug #559830)
- xmlsec1 <unfixed> (medium; bug #559831)
- clamav <unfixed> (medium; bug #559832)
- imagemagick <unfixed> (medium; bug #559833)
- - hypre <unfixed> (medium; bug #559834)
+ - hypre 2.4.0b-5 (low; bug #559834)
+ [etch] - hypre <no-dsa> (Minor issue)
+ [lenny] - hypre <no-dsa> (Minor issue)
- lam <unfixed> (medium; bug #559835)
- openmpi <unfixed> (medium; bug #559836)
- parser <unfixed> (medium; bug #559837)
- pdsh <unfixed> (medium; bug #559838)
- - sbnc <unfixed> (medium; bug #559839)
+ - sbnc <not-affected> (All released/unstable versions use the system copy of libtool)
- sdcc <unfixed> (medium; bug #559840)
- wml <unfixed> (medium; bug #559841)
- proftpd-dfsg <unfixed> (medium; bug #559842)
- - babel <unfixed> (medium; bug #559843)
+ - babel 1.4.0.dfsg-5 (low; bug #559843)
+ [lenny] - babel <no-dsa> (Minor issue)
- libprelude <unfixed> (medium; bug #559844)
- heartbeat <unfixed> (medium; bug #559845)
CVE-2009-3735
@@ -9341,6 +9346,9 @@
CVE-2009-1188 (Integer overflow in the JBIG2 decoding feature in the ...)
- poppler 0.10.6-1 (medium; bug #524806)
[etch] - poppler <not-affected> (SplashBitmap code not present)
+ - xpdf <unfixed>
+ - kdegraphics 4:4.0
+ - swftools <unfixed>
CVE-2009-1187 (Integer overflow in the JBIG2 decoding feature in Poppler before ...)
- poppler 0.10.6-1 (medium; bug #524806)
CVE-2009-1186 (Buffer overflow in the util_path_encode function in ...)
@@ -14046,7 +14054,7 @@
CVE-2008-5737 (SQL injection vulnerability in index.php in Nodstrum MySQL Calendar ...)
NOT-FOR-US: Nodstrum MySQL Calendar
CVE-2008-5736 (Multiple unspecified vulnerabilities in FreeBSD 6 before 6.4-STABLE, ...)
- - kfreebsd-6 <unfixed>
+ - kfreebsd-6 <removed>
[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
- kfreebsd-7 7.1-1
[lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
@@ -15649,7 +15657,7 @@
CVE-2008-5163 (Multiple SQL injection vulnerabilities in The Rat CMS Pre-Alpha 2 ...)
NOT-FOR-US: The Rat CMS
CVE-2008-5162 (The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does ...)
- - kfreebsd-6 <unfixed>
+ - kfreebsd-6 <removed>
[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
- kfreebsd-7 7.1-1
[lenny] - kfreebsd-7 7.0-7lenny1
@@ -25321,9 +25329,9 @@
CVE-2008-1147 (A certain pseudo-random number generator (PRNG) algorithm that uses ...)
- kfreebsd-5 <removed>
[etch] - kfreebsd-5 <no-dsa> (KFreebsd not supported)
- - kfreebsd-6 <unfixed>
+ - kfreebsd-6 <removed>
[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
- - kfreebsd-7 <unfixed> (bug #483152)
+ - kfreebsd-7 <unfixed> (bug #559107)
[lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
CVE-2008-1146 (A certain pseudo-random number generator (PRNG) algorithm that uses ...)
NOT-FOR-US: OpenBSD
Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies 2009-12-08 14:52:57 UTC (rev 13489)
+++ data/embedded-code-copies 2009-12-08 17:09:50 UTC (rev 13490)
@@ -1531,7 +1531,7 @@
- collectd <unfixed> (embed)
- courier-authlib <unfixed> (embed)
- cvsnt <unfixed> (embed)
- - dico <unfixed> (embed)
+ - dico <not-affected> (Uses the system copy of ltdl)
- freeradius 0.1+20010527-1 (embed)
NOTE: Earliest reference I could find from the changelog is from 27 May 2001
- ggobi <unfixed> (embed)
@@ -1558,20 +1558,20 @@
- siproxd <unfixed> (embed)
- ski <unfixed> (embed)
- synfig <unfixed> (embed)
- - unixodbc <unfixed> (embed)
+ - unixodbc 2.2.4-5 (embed)
- xmlsec1 <unfixed> (embed)
- clamav <unfixed> (embed)
- imagemagick <unfixed> (embed)
- - hypre <unfixed> (embed)
+ - hypre 2.4.0b-5 (embed)
- lam <unfixed> (embed)
- openmpi <unfixed> (embed)
- parser <unfixed> (embed)
- pdsh <unfixed> (embed)
- - sbnc <unfixed> (embed)
+ - sbnc 1.2-8 (embed)
- sdcc <unfixed> (embed)
- wml <unfixed> (embed)
- proftpd-dfsg <unfixed> (embed)
- - babel <unfixed> (embed)
+ - babel 1.4.0.dfsg-5 (embed)
- libprelude <unfixed> (embed)
- heartbeat <unknown> (embed)
- gcc-* <unknown> (embed)
Modified: data/ospu-candidates.txt
===================================================================
--- data/ospu-candidates.txt 2009-12-08 14:52:57 UTC (rev 13489)
+++ data/ospu-candidates.txt 2009-12-08 17:09:50 UTC (rev 13490)
@@ -334,6 +334,11 @@
--
+hypre (CVE-2009-3736)
+#559834
+
+--
+
ipsec-tools (CVE-2008-3651)
http://sourceforge.net/mailarchive/forum.php?thread_name=48a0c7a0.qPeWZAE0PY8bDDq%2B%25olel%40ans.pl&forum_name=ipsec-tools-devel
notified maintainer
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2009-12-08 14:52:57 UTC (rev 13489)
+++ data/spu-candidates.txt 2009-12-08 17:09:50 UTC (rev 13490)
@@ -27,6 +27,11 @@
--
+babel (CVE-2009-3736)
+#559843
+
+--
+
backuppc (CVE-2009-3369)
#542218
notified maintainer
@@ -114,6 +119,11 @@
--
+hypre (CVE-2009-3736)
+#559834
+
+--
+
kde4libs (CVE-2009-2702)
#546218
notified maintainer
More information about the Secure-testing-commits
mailing list