[Secure-testing-commits] r11178 - in data: . CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Tue Feb 10 15:56:04 UTC 2009 

Author: jmm-guest
Date: 2009-02-10 15:56:03 +0000 (Tue, 10 Feb 2009)
New Revision: 11178

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
add latest point update


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-02-10 15:37:34 UTC (rev 11177)
+++ data/CVE/list	2009-02-10 15:56:03 UTC (rev 11178)
@@ -1,3 +1,5 @@
+CVE-2009-0489 [insecure dbus policy in wicd]
+	- wicd 1.5.9-1
 CVE-2009-XXXX [typo3 information disclosure & xss]
 	- typo3-src 4.2.6-1 (medium; bug #514713)
 	[lenny] - typo3-src 4.2.5-1+lenny1
@@ -418,10 +420,9 @@
 	NOT-FOR-US: QuidaScript BookMarks Favourites Script
 CVE-2008-6006 (Multiple PHP remote file inclusion vulnerabilities in Micronation ...)
 	NOT-FOR-US: Micronation Banking System
-CVE-2009-XXXX [mahara: XSS in forum posts]
+CVE-2009-0487 [mahara: XSS in forum posts]
 	- mahara 1.0.9-1 (low)
 	[lenny] - mahara 1.0.4-4
-	NOTE: CVE id requested
 CVE-2009-0478 (Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 ...)
 	- squid 2.7.STABLE3-4.1 (medium; bug #514142)
 	- squid3 3.0.STABLE8-3 (medium)
@@ -435,7 +436,7 @@
 	- bugzilla <unfixed> (bug #514143)
 CVE-2009-XXXX [glpi sql injection]
 	- glpi 0.71.5-1 (bug #513611)
-CVE-2009-XXXX [buffer overflow]
+CVE-2009-0490 [buffer overflow]
 	- audacity 1.3.6-1 (bug #514138)
 	NOTE: http://www.milw0rm.com/exploits/7634
 	NOTE: https://bugs.gentoo.org/show_bug.cgi?id=253493
@@ -614,8 +615,7 @@
 CVE-2009-0318 (Untrusted search path vulnerability in the GObject Python interpreter ...)
 	{DTSA-190-1}
 	- gnumeric 1.8.4-3 (low; bug #513418)
-	TODO: next point release: [etch] - gnumeric 1.6.3-5.1+etch2
-	[etch] - gnumeric <no-dsa> (Minor issue)
+	[etch] - gnumeric 1.6.3-5.1+etch2
 CVE-2009-0317 (Untrusted search path vulnerability in the Python language bindings ...)
 	- nautilus-python 0.4.3-3.2 (low; bug #513419)
 CVE-2009-0316 (Untrusted search path vulnerability in src/if_python.c in the Python ...)
@@ -2669,8 +2669,7 @@
 	[etch] - cupsys <unfixed> (low)
 CVE-2008-5376 (editcomment in crip 3.7 allows local users to overwrite arbitrary ...)
 	- crip 3.7-5 (low; bug #509275)
-	[etch] - crip <no-dsa> (Not run as root)
-	TODO: next point release: [etch] - crip 3.7-3+etch1
+	[etch] - crip 3.7-3+etch1
 CVE-2008-5375 (cmus-status-display in cmus 2.2.0 allows local users to overwrite ...)
 	- cmus 2.2.0-1.1 (unimportant; bug #509277)
 	NOTE: Just an example script
@@ -2695,8 +2694,7 @@
 	NOTE: but these situations are really corner cases
 CVE-2008-5368 (muttprint in muttprint 0.72d allows local users to overwrite arbitrary ...)
 	- muttprint 0.72d-10 (low; bug #509487)
-	[etch] - muttprint <no-dsa> (Minor issue)
-	TODO: next point release: [etch] - muttprint 0.72d-8etch1
+	[etch] - muttprint 0.72d-8etch1
 CVE-2008-5367 (ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to ...)
 	- ppp <unfixed> (unimportant)
 	NOTE: insecure temp file handling in udeb is not an issue, since it is during the installation
@@ -2932,8 +2930,7 @@
 CVE-2008-XXXX [Insecure tmpdir creation]
 	[lenny] - devscripts 2.10.35lenny1 (low)
 	- devscripts 2.10.42 (low; bug #507482)
-	[etch] - devscripts <no-dsa> (Minor issue)
-	TODO: next point release: [etch] - devscripts 2.9.26etch2
+	[etch] - devscripts 2.9.26etch2
 CVE-2008-XXXX [Insecure tempfile creation]
 	- devscripts 2.10.42 (low; bug #508111)
 	[etch] - devscripts <not-affected> (vulnerable code not present)
@@ -3379,7 +3376,7 @@
 	[lenny] - libpam-mount 0.44-1+lenny2
 CVE-2008-5137 (tkman in tkman 2.2 allows local users to overwrite arbitrary files via ...)
 	- tkman 2.2-4 (low; bug #506496)
-	[etch] - tkman <no-dsa> (Minor issue)
+	[etch] - tkman 2.2-2etch1
 CVE-2008-5136 (tkusr in tkusr 0.82 allows local users to overwrite arbitrary files ...)
 	[etch] - tkusr <no-dsa> (Minor issue)
 	- tkusr <removed> (low)
@@ -5561,8 +5558,7 @@
 	- lustre 1.6.5.1-1 (low; bug #496371)
 CVE-2008-4247 (ftpd in OpenBSD 4.3, FreeBSD 7.0, and NetBSD 4.0 interprets long ...)
 	- linux-ftpd-ssl 0.17.27+0.3-3 (bug #500518)
-	[etch] - linux-ftpd-ssl <no-dsa> (Minor issue)
-	TODO: next point release [etch] - linux-ftpd-ssl 0.17.18+0.3-6etch1
+	[etch] - linux-ftpd-ssl 0.17.18+0.3-6etch1
 	- linux-ftpd 0.17-29 (bug #500278)
 	[etch] - linux-ftpd <no-dsa> (Minor issue)
 CVE-2008-XXXX [possible script injection via /etc/wordpress/wp-config.php]

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2009-02-10 15:37:34 UTC (rev 11177)
+++ data/spu-candidates.txt	2009-02-10 15:56:03 UTC (rev 11178)
@@ -115,12 +115,6 @@
 
 --
 
-devscripts
-#507482
-notified maintainer
-
---
-
 dia
 #504251
 notified maintainer
@@ -357,12 +351,6 @@
 
 --
 
-muttprint (CVE-2008-5368)
-#509487
-notified maintainer
-
---
-
 myspell
 #496392
 notified maintainer
@@ -524,12 +512,6 @@
 
 --
 
-tkman (CVE-2008-5137)
-#506496
-notified maintainer
-
---
-
 tomboy (CVE-2005-4790)
 notified maintainer

More information about the Secure-testing-commits mailing list