[Secure-testing-commits] r11195 - in data: . CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Wed Feb 11 21:56:37 UTC 2009
Author: jmm-guest
Date: 2009-02-11 21:56:37 +0000 (Wed, 11 Feb 2009)
New Revision: 11195
Modified:
data/CVE/list
data/spu-candidates.txt
Log:
- no-dsa: acidbase, bluez, motion, nfs-utils, systemimager, kdelibs
- three new wireshark issues already resolved for
etch and lenny
- arb fixed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-02-11 21:44:45 UTC (rev 11194)
+++ data/CVE/list 2009-02-11 21:56:37 UTC (rev 11195)
@@ -1,3 +1,15 @@
+CVE-2009-XXXX [Wireshark: $HOME issue ]
+ - wireshark <unfixed>
+ [etch] - wireshark <not-affected> (Vulnerable code not present, introduced in 0.99.8)
+ [lenny] - wireshark 1.0.2-3+lenny4
+CVE-2009-XXXX [Wireshark: NetScreen issue ]
+ - wireshark <unfixed>
+ [etch] - wireshark <not-affected> (Vulnerable code not present, introduced in 0.99.7)
+ [lenny] - wireshark 1.0.2-3+lenny4
+CVE-2009-XXXX [Wireshark: Texktronix issue]
+ - wireshark <unfixed>
+ [etch] - wireshark <not-affected> (Vulnerable code not present, introduced in 0.99.6)
+ [lenny] - wireshark 1.0.2-3+lenny4
CVE-2009-0524
RESERVED
CVE-2009-0523
@@ -1354,6 +1366,7 @@
- hplip <not-affected> (only a bug in ubuntus postinst script, we use our own postinst which is not vulnerable)
CVE-2008-5907 (The png_check_keyword function in pngwutil.c in libpng before 1.0.42, ...)
- libpng <unfixed> (unimportant; bug #512665)
+ NOTE: Only an issues when using libpng to create out-of-spec images
CVE-2008-5906 (Eval injection vulnerability in the web interface plugin in KTorrent ...)
- ktorrent2.2 2.2.8.dfsg.1-1 (bug #504178)
- ktorrent 3.1.4+dfsg.1-1
@@ -2802,7 +2815,7 @@
- netdisco-mibs-installer (low; bug #508940)
[lenny] - netdisco-mibs-installer <no-dsa> (Contrib not supported)
CVE-2008-5378 (arb-kill in arb 0.0.20071207.1 allows local users to overwrite ...)
- - arb <unfixed> (low; bug #508942)
+ - arb 0.0.20071207.1-6 (low; bug #508942)
CVE-2008-5377 (pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files ...)
- cups 1.3.8-1lenny1 (low)
[etch] - cupsys <unfixed> (low)
@@ -3459,7 +3472,8 @@
- tau <unfixed> (bug #506348)
[etch] - tau <no-dsa> (Minor issue)
CVE-2008-5156 (si_mkbootserver in systemimager-server 3.6.3 allows local users to ...)
- - systemimager <unfixed> (bug #506269)
+ - systemimager <removed> (bug #506269)
+ [etch] - systemimager <no-dsa> (Minor issue)
CVE-2008-5155 (mail2sms.sh in smsclient 2.0.8z allows local users to overwrite ...)
- smsclient <unfixed> (unimportant; bug #498901)
CVE-2008-5154 (bluetooth.rc in p3nfs 5.19 allows local users to overwrite arbitrary ...)
@@ -4850,6 +4864,7 @@
CVE-2008-4552 (nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the ...)
- nfs-utils 1:1.1.3-1
[lenny] - nfs-utils 1:1.1.2-6lenny1
+ [etch] - nfs-utils <no-dsa> (Minor issue)
CVE-2008-4551 (strongSwan 4.2.6 and earlier allows remote attackers to cause a denial ...)
- strongswan 4.2.4-5 (bug #502676)
CVE-2008-4550
@@ -6387,14 +6402,12 @@
[etch] - ssmtp <no-dsa> (Minor issue, only affects rare corner cases)
CVE-2008-3963 (MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does ...)
- mysql-dfsg-5.0 5.0.51a-15 (low; bug #498362)
-begin claimed by white
CVE-2008-3964 (Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 ...)
- libpng 1.2.27-2 (low; bug #501109)
[etch] - libpng <not-affected> (Vulnerable code not present)
NOTE: off-by-one error in pngpread.c is not present, must have
NOTE: been introduced later, but pngtest.c is affected. However, there
NOTE: is no known exploit.
-end claimed by white
CVE-2008-3912 (libclamav in ClamAV before 0.94 allows attackers to cause a denial of ...)
{DSA-1660-1}
- clamav 0.94.dfsg-1
@@ -10132,7 +10145,9 @@
- vsftpd <not-affected> (debian versions all include the fix)
CVE-2008-2374 (src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before ...)
- bluez-libs 3.34 (low)
+ [etch] - bluez-libs <no-dsa> (Minor issue)
- bluez-utils 3.34 (low)
+ [etch] - bluez-utils <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2374
CVE-2008-2373
RESERVED
@@ -11764,7 +11779,7 @@
[etch] - openssl <not-affected> (Vulnerable code (TLS extensions) not present)
CVE-2008-1671 (start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root, ...)
- kdelibs 4:3.5.9.dfsg.1-4 (low; bug #478024)
- NOTE: unimportant, opinions?
+ [etch] - kdelibs <no-dsa> (Minor issue)
CVE-2008-1670 (Heap-based buffer overflow in the progressive PNG Image loader ...)
- kdelibs <not-affected> (Vulnerable code introduce in kde 4.0)
- kde4libs 4:4.0.72-1 (bug #478283)
@@ -19018,7 +19033,8 @@
CVE-2007-5579 (login.php in Pligg CMS 9.5 uses a guessable confirmation code when ...)
NOT-FOR-US: Pligg CMS
CVE-2007-5578 (Basic Analysis and Security Engine (BASE) before 1.3.8 sends a ...)
- - acidbase 1.3.8
+ - acidbase 1.3.8 (low)
+ [etch] - acidbase <no-dsa> (Minor issue)
CVE-2007-5577 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...)
NOT-FOR-US: Joomla
CVE-2007-5576 (BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic ...)
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2009-02-11 21:44:45 UTC (rev 11194)
+++ data/spu-candidates.txt 2009-02-11 21:56:37 UTC (rev 11195)
@@ -5,6 +5,10 @@
--
+acidbase (CVE-2007-5578)
+
+--
+
aegis
#496400
notified maintainer
@@ -51,6 +55,11 @@
--
+bluez-libs/bluez-utils (CVE-2008-2374)
+https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2374
+
+--
+
boost (CVE-2008-0172/CVE-2008-0171)
#461236
notified maintainer
@@ -346,6 +355,11 @@
--
+motion (CVE-2008-2654)
+#484572
+
+--
+
multi-gnome-terminal (CVE-2008-5143)
notified maintainer
@@ -357,6 +371,10 @@
---
+nfs-utils (CVE-2008-4552)
+
+--
+
ngircd (CVE-2008-0285)
notified maintainer
More information about the Secure-testing-commits
mailing list