[Secure-testing-commits] r11105 - in data: . CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Thu Jan 29 20:14:13 UTC 2009
Author: jmm-guest
Date: 2009-01-29 20:14:13 +0000 (Thu, 29 Jan 2009)
New Revision: 11105
Modified:
data/CVE/list
data/spu-candidates.txt
Log:
auctex, cyrus-sasl no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-01-29 20:13:23 UTC (rev 11104)
+++ data/CVE/list 2009-01-29 20:14:13 UTC (rev 11105)
@@ -1,3 +1,6 @@
+CVE-2008-XXXX [minor cyrus sasl DoS]
+ - cyrus-sasl2 2.1.22.dfsg1-18 (bug #465561)
+ [etch] - cyrus-sasl2 <no-dsa> (Minor issue)
CVE-2009-XXXX [trickle: LD_PRELOAD issue]
- trickle <unfixed> (bug #513456; low)
[etch] - trickle <no-dsa> (Minor issue)
@@ -926,7 +929,8 @@
CVE-2004-2761 (The MD5 Message-Digest Algorithm is not collision resistant, which ...)
NOT-FOR-US: General MD5 weakness, doesn't need to tracked package-wise
CVE-2008-XXXX [auctex insecure temp file]
- - auctex 11.83-7.3 (bug #506961)
+ - auctex 11.83-7.3 (low; bug #506961)
+ [etch] - auctex <no-dsa> (Minor issue)
CVE-2008-5841 (Multiple SQL injection vulnerabilities in iGaming 1.5 and earlier ...)
NOT-FOR-US: iGaming
CVE-2008-5840 (PHP iCalendar 2.24 and earlier allows remote attackers to bypass ...)
@@ -5168,7 +5172,7 @@
CVE-2008-4102 (Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, ...)
NOT-FOR-US: Joomla
CVE-2008-4101 (Vim 3.0 through 7.x before 7.2.010 does not properly escape ...)
- - vim 2:7.2.010-1 (bug #500381)
+ - vim 2:7.2.010-1 (low; bug #500381)
[lenny] - vim 1:7.1.314-3+lenny1
CVE-2008-4098 (MySQL before 5.0.67 allows local users to bypass certain privilege ...)
{DSA-1662-1}
@@ -8692,9 +8696,7 @@
[etch] - nasm <not-affected> (vulnerable code not present)
CVE-2008-2712 (Vim 7.1.314, 6.4, and other versions allows user-assisted remote ...)
{DTSA-143-1}
- - vim 1:7.1.314-3 (medium; bug #486502)
- NOTE: a bunch of these are probably low but because of the filetype.vim issue
- NOTE: I set this to medium
+ - vim 1:7.1.314-3 (low; bug #486502)
CVE-2008-2696 (Exiv2 0.16 allows user-assisted remote attackers to cause a denial of ...)
- exiv2 0.17-1 (low; bug #486328)
[etch] - exiv2 <no-dsa> (Minor issue)
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2009-01-29 20:13:23 UTC (rev 11104)
+++ data/spu-candidates.txt 2009-01-29 20:14:13 UTC (rev 11105)
@@ -23,6 +23,11 @@
--
+auctex (no CVE)
+#506961
+
+--
+
audiolink
#496433
notified maintainer
@@ -103,6 +108,11 @@
--
+cyrus-sasl2 (no CVE)
+#465561
+
+--
+
devscripts
#507482
notified maintainer
More information about the Secure-testing-commits
mailing list