[Secure-testing-commits] r11235 - data/CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Wed Feb 18 18:12:00 UTC 2009 

Author: jmm-guest
Date: 2009-02-18 18:11:59 +0000 (Wed, 18 Feb 2009)
New Revision: 11235

Modified:
   data/CVE/list
Log:
- wireshark CVEfied and fixed in sid
- new evolution issue
- add krb-pam issue
- lenny fixes for gpsdrive


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-02-18 10:41:57 UTC (rev 11234)
+++ data/CVE/list	2009-02-18 18:11:59 UTC (rev 11235)
@@ -5,11 +5,17 @@
 CVE-2009-0602 (Unrestricted file upload vulnerability in upload.php in WikkiTikkiTavi ...)
 	NOT-FOR-US: WikkiTikkiTavi
 CVE-2009-0601 (Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on ...)
-	TODO: check
+	- wireshark 1.0.6-1
+	[etch] - wireshark <not-affected> (Vulnerable code not present, introduced in 0.99.8)
+	[lenny] - wireshark 1.0.2-3+lenny4
 CVE-2009-0600 (Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers ...)
-	TODO: check
+	- wireshark 1.0.6-1
+	[etch] - wireshark <not-affected> (Vulnerable code not present, introduced in 0.99.6)
+	[lenny] - wireshark 1.0.2-3+lenny4
 CVE-2009-0599 (Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through ...)
-	TODO: check
+	- wireshark 1.0.6-1
+	[etch] - wireshark <not-affected> (Vulnerable code not present, introduced in 0.99.7)
+	[lenny] - wireshark 1.0.2-3+lenny4
 CVE-2009-0598 (SQL injection vulnerability in index.php in PhpMesFilms 1.0 and 1.8 ...)
 	NOT-FOR-US: PhpMesFilms
 CVE-2009-0597 (SQL injection vulnerability in admin/index.php in w3b&gt;cms (aka ...)
@@ -143,7 +149,7 @@
 CVE-2009-0548 (Cross-site scripting (XSS) vulnerability in the Additional Report ...)
 	NOT-FOR-US: Additional Report Settings interface in ESET Remote Administrator
 CVE-2009-0547 (Evolution 2.22.3.1 checks S/MIME signatures against a copy of the ...)
-	TODO: check
+	- evolution <unfixed> (low; bug #508479)
 CVE-2009-0546 (Stack-based buffer overflow in NewsGator FeedDemon 2.7 and earlier ...)
 	NOT-FOR-US: NewsGator FeedDemon
 CVE-2009-0545 (cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote ...)
@@ -259,18 +265,6 @@
 CVE-2009-XXXX [mediawiki XSS in installer scripts]
 	[lenny] - mediawiki 1:1.12.0-2lenny3 (low; bug #514547)
 	NOTE: CVE id was requested on oss-sec
-CVE-2009-XXXX [Wireshark: $HOME issue ]
-	- wireshark <unfixed>
-	[etch] - wireshark <not-affected> (Vulnerable code not present, introduced in 0.99.8)
-	[lenny] - wireshark 1.0.2-3+lenny4
-CVE-2009-XXXX [Wireshark: NetScreen issue ]
-	- wireshark <unfixed>
-	[etch] - wireshark <not-affected> (Vulnerable code not present, introduced in 0.99.7)
-	[lenny] - wireshark 1.0.2-3+lenny4
-CVE-2009-XXXX [Wireshark:  Texktronix issue]
-	- wireshark <unfixed>
-	[etch] - wireshark <not-affected> (Vulnerable code not present, introduced in 0.99.6)
-	[lenny] - wireshark 1.0.2-3+lenny4
 CVE-2009-0524
 	RESERVED
 CVE-2009-0523
@@ -869,6 +863,7 @@
 CVE-2009-0361 (Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in ...)
 	{DSA-1722-1 DSA-1721-1}
 	- libpam-heimdal 3.10-2.1
+	- libpam-krb5 3.13-2
 CVE-2009-0360 (Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, ...)
 	{DSA-1721-1}
 	- libpam-krb5 3.13-2
@@ -2251,9 +2246,11 @@
 CVE-2008-5704 (src/unit_test.c in gpsdrive (aka gpsdrive-scripts) 2.10~pre4 might ...)
 	- gpsdrive 2.10~pre4-6.dfsg-2 (low; bug #508597)
 	[etch] - gpsdrive <no-dsa> (Minor issue)
+	[lenny] - gpsdrive 2.10~pre4-6.dfsg-1+lenny1
 CVE-2008-5703 (gpsdrive (aka gpsdrive-scripts) 2.10~pre4 allows local users to ...)
 	- gpsdrive 2.10~pre4-6.dfsg-2 (low; bug #508597)
 	[etch] - gpsdrive <no-dsa> (Minor issue)
+	[lenny] - gpsdrive 2.10~pre4-6.dfsg-1+lenny1
 CVE-2008-5702 (Buffer underflow in the ibwdt_ioctl function in ...)
 	- linux-2.6 2.6.26-13
 	- linux-2.6.24 <removed>
@@ -3079,6 +3076,7 @@
 CVE-2008-5380 (gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to overwrite ...)
 	- gpsdrive 2.10~pre4-6.dfsg-2 (low)
 	[etch] - gpsdrive <no-dsa> (Minor issue)
+	[lenny] - gpsdrive 2.10~pre4-6.dfsg-1+lenny1
 CVE-2008-5379 (netdisco-mibs-installer 1.0 allows local users to overwrite arbitrary ...)
 	- netdisco-mibs-installer (low; bug #508940)
 	[lenny] - netdisco-mibs-installer <no-dsa> (Contrib not supported)

More information about the Secure-testing-commits mailing list