[Secure-testing-commits] r13678 - in data: . CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Wed Dec 30 01:49:36 UTC 2009 

Author: jmm-guest
Date: 2009-12-30 01:49:35 +0000 (Wed, 30 Dec 2009)
New Revision: 13678

Modified:
   data/CVE/list
   data/embedded-code-copies
   data/spu-candidates.txt
Log:
- ltdl copy in bochs fixed
- libextractor ltdl fixed
- cups, asterisk no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-12-30 01:06:41 UTC (rev 13677)
+++ data/CVE/list	2009-12-30 01:49:35 UTC (rev 13678)
@@ -1995,7 +1995,7 @@
 	- libannodex <removed> (low; bug #559818)
 	[lenny] - libannodex <removed> (low; bug #559818)
 	[etch] - libannodex <removed> (low; bug #559818)
-	- libextractor <unfixed> (low; bug #559819)
+	- libextractor 0.5.23+dfsg-4 (low; bug #559819)
 	[etch] - libextractor <no-dsa> (Minor issue)
 	[lenny] - libextractor <no-dsa> (Minor issue)
 	- libmcrypt <not-affected> (not included in any of the binary packages; bug #559820)
@@ -2640,7 +2640,7 @@
 	- cableswig <unfixed> (unimportant; bug #560925)
 	- cadaver <unfixed> (unimportant; bug #560926)
 	- cmake 2.6.0-6 (unimportant; bug #560927)
-	- coin3 <unfixed> (low; bug #560928)
+	- coin3 <unfixed> (unimportant; bug #560928)
 	- gdcm 2.0.14-2 (low; bug #560929)
 	- ghostscript <unfixed> (low; bug #560930)
 	[lenny] - ghostscript <no-dsa> (minor issue)
@@ -2701,6 +2701,7 @@
 	[lenny] - jbossas4 <no-dsa> (Contrib not supported)
 CVE-2009-3553 (Use-after-free vulnerability in the abstract file-descriptor handling ...)
 	- cups 1.4.2-4 (low; bug #557740)
+	[lenny] - cups <no-dsa> (Minor issue)
 	- cupsys <not-affected> (vulnerable code introduced in 1.3.x)
 	NOTE: http://www.cups.org/newsgroups.php/s1+gcups.bugs?s1+gcups.bugs+v4+T+Q3200
 CVE-2009-3552
@@ -6747,6 +6748,7 @@
 	- tiff 3.8.2-13
 CVE-2009-2346 (The IAX2 protocol implementation in Asterisk Open Source 1.2.x before ...)
 	- asterisk 1:1.6.2.0~dfsg~beta3-1 (bug #539473)
+	[lenny] - asterisk <no-dsa> (Intrusive protocol-level vulnerabilitity, see http://downloads.asterisk.org/pub/security/IAX2-security.pdf)
 CVE-2009-2345 (Multiple SQL injection vulnerabilities in ClanSphere before 2009.0.1 ...)
 	NOT-FOR-US: ClanSphere
 CVE-2009-2344 (The web-based management interfaces in Sourcefire Defense Center (DC) ...)

Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies	2009-12-30 01:06:41 UTC (rev 13677)
+++ data/embedded-code-copies	2009-12-30 01:49:35 UTC (rev 13678)
@@ -1533,7 +1533,7 @@
 	- apr <unfixed> (static; bug #489625)
 	NOTE: ships copy of libtool in libapr1-dev; was 'embed' before 1.3.2-3
 	- arts <unfixed> (embed)
-	- bochs <unfixed> (embed; bug #560884)
+	- bochs 2.4.2-1 (embed; bug #560884)
 	- camserv <unfixed> (embed)
 	- collectd <unfixed> (embed)
 	- courier-authlib 0.58-4 (embed)

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2009-12-30 01:06:41 UTC (rev 13677)
+++ data/spu-candidates.txt	2009-12-30 01:49:35 UTC (rev 13678)
@@ -61,6 +61,12 @@
 
 --
 
+cups (CVE-2009-3553)
+#557740
+maintainer notified in initial bug report
+
+--
+
 devil (CVE-2009-3994)
 #560080

More information about the Secure-testing-commits mailing list