[Secure-testing-commits] r11111 - in data: . CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Thu Jan 29 22:17:46 UTC 2009 

Author: jmm-guest
Date: 2009-01-29 22:17:45 +0000 (Thu, 29 Jan 2009)
New Revision: 11111

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
* no-dsa for some python2.5 issues which have been fixed for
  2.4 (even through they've been borderline cases already)
* tcl no-dsa
* cleanup older php issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-01-29 22:13:09 UTC (rev 11110)
+++ data/CVE/list	2009-01-29 22:17:45 UTC (rev 11111)
@@ -7623,13 +7623,16 @@
 	{DSA-1667-1 DTSA-157-1}
 	- python2.4 2.4.5-5
 	- python2.5 2.5.2-7
+        [etch] - python2.5 <no-dsa> (Minor issue, not the default Python runtime)
 CVE-2008-3143 (Multiple integer overflows in Python before 2.5.2 might allow ...)
 	{DSA-1667-1}
 	- python2.4 2.4.5-1
+        [etch] - python2.5 <no-dsa> (Minor issue, not the default Python runtime)
 	- python2.5 2.5.2-1
 CVE-2008-3142 (Multiple buffer overflows in Python 2.5.2 and earlier on 32bit ...)
 	{DSA-1667-1 DTSA-157-1}
 	- python2.5 2.5.2-10
+        [etch] - python2.5 <no-dsa> (Minor issue, not the default Python runtime)
 	- python2.4 2.4.5-5
 CVE-2008-3136 (SQL injection vulnerability in catalogue.php in AShop Deluxe 4.x ...)
 	NOT-FOR-US: AShop Delux
@@ -9575,6 +9578,7 @@
 CVE-2008-2315 (Multiple integer overflows in Python 2.5.2 and earlier allow ...)
 	{DSA-1667-1 DTSA-157-1}
 	- python2.5 2.5.2-10
+        [etch] - python2.5 <no-dsa> (Minor issue, not the default Python runtime)
 	- python2.4 2.4.5-5
 CVE-2008-2314 (Dock in Apple Mac OS X 10.5 before 10.5.4, when Expos&#233; hot corners is ...)
 	NOT-FOR-US: Mac OS X
@@ -16526,7 +16530,9 @@
 	- postgresql-8.2 8.2.6-1
 	- postgresql-8.1 8.1.11-1
 	- tcl8.3 8.3.5-13
+	[etch] - tcl8.3 <no-dsa> (Minor issue)
 	- tcl8.4 8.4.17-1
+	[etch] - tcl8.4 <no-dsa> (Minor issue)
 	[sarge] - postgresql <unfixed>
 CVE-2007-6066
 	RESERVED
@@ -26111,13 +26117,10 @@
 CVE-2007-2520 (SQL injection vulnerability in admin.php in MyNews 0.10, when ...)
 	NOT-FOR-US: MyNews
 CVE-2007-2519 (Directory traversal vulnerability in the installer in PEAR 1.0 through ...)
-	- php5 5.2.3-1 (low; bug #441433)
-	- php4 <removed> (low)
-	[sarge] - php5 <no-dsa> (minor issue)
-	[sarge] - php4 <no-dsa> (minor issue)
-	[etch] - php5 <no-dsa> (minor issue)
-	[etch] - php4 <no-dsa> (minor issue)
-	NOTE: not an issue in most use cases
+	- php5 5.2.3-1 (unimportant; bug #441433)
+	- php4 <removed> (unimportant)
+        NOTE: The installation of the PEAR needs to be trusted anyway, this doesn't
+        NOTE: cross trust boundaries
 CVE-2007-2518
 	REJECTED
 CVE-2007-2517

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2009-01-29 22:13:09 UTC (rev 11110)
+++ data/spu-candidates.txt	2009-01-29 22:17:45 UTC (rev 11111)
@@ -505,6 +505,8 @@
 tcl8.3/tcl8.4 (CVE-2007-4772)
 notified maintainer
 
+tcl8.3/tcl8.4 (CVE-2007-6067)
+
 --
 
 texlive-bin (CVE-2007-5935 CVE-2007-5936 CVE-2007-5937)

More information about the Secure-testing-commits mailing list