[Secure-testing-commits] r11105 - in data: . CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Thu Jan 29 20:14:13 UTC 2009 

Author: jmm-guest
Date: 2009-01-29 20:14:13 +0000 (Thu, 29 Jan 2009)
New Revision: 11105

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
auctex, cyrus-sasl no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-01-29 20:13:23 UTC (rev 11104)
+++ data/CVE/list	2009-01-29 20:14:13 UTC (rev 11105)
@@ -1,3 +1,6 @@
+CVE-2008-XXXX [minor cyrus sasl DoS]
+	- cyrus-sasl2 2.1.22.dfsg1-18 (bug #465561)
+	[etch] - cyrus-sasl2 <no-dsa> (Minor issue)
 CVE-2009-XXXX [trickle: LD_PRELOAD issue]
 	- trickle <unfixed> (bug #513456; low)
 	[etch] - trickle <no-dsa> (Minor issue)
@@ -926,7 +929,8 @@
 CVE-2004-2761 (The MD5 Message-Digest Algorithm is not collision resistant, which ...)
 	NOT-FOR-US: General MD5 weakness, doesn't need to tracked package-wise
 CVE-2008-XXXX [auctex insecure temp file]
-	- auctex 11.83-7.3 (bug #506961)
+	- auctex 11.83-7.3 (low; bug #506961)
+	[etch] - auctex <no-dsa> (Minor issue)
 CVE-2008-5841 (Multiple SQL injection vulnerabilities in iGaming 1.5 and earlier ...)
 	NOT-FOR-US: iGaming
 CVE-2008-5840 (PHP iCalendar 2.24 and earlier allows remote attackers to bypass ...)
@@ -5168,7 +5172,7 @@
 CVE-2008-4102 (Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, ...)
 	NOT-FOR-US: Joomla
 CVE-2008-4101 (Vim 3.0 through 7.x before 7.2.010 does not properly escape ...)
-	- vim 2:7.2.010-1 (bug #500381)
+	- vim 2:7.2.010-1 (low; bug #500381)
 	[lenny] - vim 1:7.1.314-3+lenny1
 CVE-2008-4098 (MySQL before 5.0.67 allows local users to bypass certain privilege ...)
 	{DSA-1662-1}
@@ -8692,9 +8696,7 @@
 	[etch] - nasm <not-affected> (vulnerable code not present)
 CVE-2008-2712 (Vim 7.1.314, 6.4, and other versions allows user-assisted remote ...)
 	{DTSA-143-1}
-	- vim 1:7.1.314-3 (medium; bug #486502)
-	NOTE: a bunch of these are probably low but because of the filetype.vim issue
-	NOTE: I set this to medium
+	- vim 1:7.1.314-3 (low; bug #486502)
 CVE-2008-2696 (Exiv2 0.16 allows user-assisted remote attackers to cause a denial of ...)
 	- exiv2 0.17-1 (low; bug #486328)
 	[etch] - exiv2 <no-dsa> (Minor issue)

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2009-01-29 20:13:23 UTC (rev 11104)
+++ data/spu-candidates.txt	2009-01-29 20:14:13 UTC (rev 11105)
@@ -23,6 +23,11 @@
 
 --
 
+auctex (no CVE)
+#506961
+
+--
+
 audiolink 
 #496433
 notified maintainer
@@ -103,6 +108,11 @@
 
 --
 
+cyrus-sasl2 (no CVE)
+#465561
+
+--
+
 devscripts
 #507482
 notified maintainer

More information about the Secure-testing-commits mailing list