[Secure-testing-commits] r11275 - in data: . CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Fri Feb 27 15:19:45 UTC 2009 

Author: jmm-guest
Date: 2009-02-27 15:19:44 +0000 (Fri, 27 Feb 2009)
New Revision: 11275

Modified:
   data/CVE/list
   data/embedded-code-copies
Log:
- fckeditor and geshi code copies fixed
- more bugzilla issues CVEfied
- unimportant libpng issue fixed
- adjust some kernel severities


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-02-27 15:02:44 UTC (rev 11274)
+++ data/CVE/list	2009-02-27 15:19:44 UTC (rev 11275)
@@ -941,19 +941,19 @@
 	[etch] - bugzilla <not-affected> (Versions before 3.2.1, 3.0.7, and 3.3.2 were not affected)
 	[lenny] - bugzilla <not-affected> (Versions before 3.2.1, 3.0.7, and 3.3.2 were not affected)
 CVE-2009-0485 (Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.17 to ...)
-	TODO: check
+	- bugzilla <unfixed> (low)
 CVE-2009-0484 (Cross-site request forgery (CSRF) vulnerability in Bugzilla 3.0 before ...)
-	TODO: check
+	- bugzilla <unfixed> (low)
 CVE-2009-0483 (Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.22 ...)
-	TODO: check
+	- bugzilla <unfixed> (low)
 CVE-2009-0482 (Cross-site request forgery (CSRF) vulnerability in Bugzilla before 3.2 ...)
-	TODO: check
+	- bugzilla <unfixed> (low)
 CVE-2009-0481 (Bugzilla 2.x before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and ...)
-	TODO: check
+	- bugzilla <unfixed> (low)
 CVE-2009-0480 (The IP implementation in Sun Solaris 8 through 10, and OpenSolaris ...)
 	NOT-FOR-US: Solaris
 CVE-2008-6098 (Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, ...)
-	TODO: check
+	- bugzilla <unfixed> (unimportant)
 CVE-2008-6097 (Multiple cross-site scripting (XSS) vulnerabilities in WikyBlog before ...)
 	NOT-FOR-US: WikyBlog
 CVE-2008-6096 (Cross-site scripting (XSS) vulnerability in Juniper NetScreen ScreenOS ...)
@@ -1398,10 +1398,6 @@
 	- squid3 3.0.STABLE8-3 (medium)
 	[etch] - squid <not-affected> (Vulnerable code not present)
 	NOTE: http://www.squid-cache.org/Advisories/SQUID-2009_1.txt
-CVE-2009-XXXX [bugzilla: Abuse of Functionality (Attachments)]
-	- bugzilla <unfixed> (bug #514143)
-CVE-2009-XXXX [bugzilla: Cross-Site Request Forgery (2x)]
-	- bugzilla <unfixed> (bug #514143)
 CVE-2009-XXXX [glpi sql injection]
 	- glpi 0.71.5-1 (bug #513611)
 CVE-2009-0490 (Stack-based buffer overflow in the String_parse::get_nonspace_quoted ...)
@@ -1712,7 +1708,7 @@
 CVE-2009-0272 (Cross-site request forgery (CSRF) vulnerability in Novell GroupWise ...)
 	NOT-FOR-US: Novell GroupWise
 CVE-2009-0269 (fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel ...)
-	- linux-2.6 <unfixed> (medium)
+	- linux-2.6 <unfixed>
 	[etch] - linux-2.6 <not-affected> (ecryptfs was merged in 2.6.19)
 	- linux-2.6.24 <removed>
 CVE-2009-0265 (Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not ...)
@@ -2193,7 +2189,7 @@
 CVE-2009-0122 (hplip.postinst in HP Linux Imaging and Printing (HPLIP) 2.7.7 and ...)
 	- hplip <not-affected> (only a bug in ubuntus postinst script, we use our own postinst which is not vulnerable)
 CVE-2008-5907 (The png_check_keyword function in pngwutil.c in libpng before 1.0.42, ...)
-	- libpng <unfixed> (unimportant; bug #512665)
+	- libpng 1.2.35-1 (unimportant; bug #512665)
 	NOTE: Only an issues when using libpng to create out-of-spec images
 CVE-2008-5906 (Eval injection vulnerability in the web interface plugin in KTorrent ...)
 	- ktorrent2.2 2.2.8.dfsg.1-1 (bug #504178)
@@ -2406,7 +2402,7 @@
 CVE-2009-0066 (Multiple unspecified vulnerabilities in Intel system software for ...)
 	TODO: will be presented at Black Hat
 CVE-2009-0065 (Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control ...)
-	- linux-2.6 2.6.26-14 (high)
+	- linux-2.6 2.6.26-14
 	- linux-2.6.24 <removed>
 CVE-2009-0064
 	RESERVED
@@ -16977,7 +16973,7 @@
 CVE-2007-6508 (Directory traversal vulnerability in view.php in xeCMS 1.0 allows ...)
 	NOT-FOR-US: xeCMS
 CVE-2007-6514 (Apache HTTP Server, when running on Linux with a document root on a ...)
-	- linux-2.6 <unfixed> (medium)
+	- linux-2.6 <unfixed>
 	NOTE: While labeled as an Apache flaw, this needs to be fixed in smbfs
 	NOTE: This is likely already fixed in recent kernels, but we need to pin point
 	NOTE: a fixed version

Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies	2009-02-27 15:02:44 UTC (rev 11274)
+++ data/embedded-code-copies	2009-02-27 15:19:44 UTC (rev 11275)
@@ -276,7 +276,7 @@
 
 fckeditor
 	- knowledgeroot 0.9.8.5-3 (embed; bug #461555)
-	- moin <unfixed> (embed; bug #452599)
+	- moin 1.8.2-2 (embed; bug #452599)
 	- karrigell <removed> (embed; bug #452598)
 	- gforge 4.6.99+svn6225-1 (embed)
 
@@ -700,6 +700,7 @@
 geshi
 	- dokuwiki 0.0.20080505-3.1 (embed)
 	- pgfouine 1.0-1.1 (embed)
+	- websvn 2.1.0-1 (embed)
 
 webcalendar
 	- gforge-plugins-extra 4.7~rc2-6 (embed; bug #504758)

More information about the Secure-testing-commits mailing list