[Secure-testing-commits] r12352 - in data: . CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Wed Jul 15 21:27:04 UTC 2009 

Author: jmm-guest
Date: 2009-07-15 21:27:01 +0000 (Wed, 15 Jul 2009)
New Revision: 12352

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
mark wordpress info leaks as unimportant


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-07-15 21:14:36 UTC (rev 12351)
+++ data/CVE/list	2009-07-15 21:27:01 UTC (rev 12352)
@@ -85,9 +85,11 @@
 CVE-2009-2433 (Stack-based buffer overflow in the AddFavorite method in Microsoft ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2009-2432 (WordPress and WordPress MU before 2.8.1 allow remote attackers to ...)
-	- wordpress <unfixed> (low; bug #537146)
+	- wordpress <unfixed> (unimportant; bug #537146)
+        NOTE: Installation path is a known fact on a Debian package installation
 CVE-2009-2431 (WordPress 2.7.1 places the username of a post's author in an HTML ...)
-	- wordpress <unfixed> (low; bug #537146)
+	- wordpress <unfixed> (unimportant; bug #537146)
+        NOTE: Minor information leak
 CVE-2009-2430 (Unspecified vulnerability in auditconfig in Sun Solaris 8, 9, 10, and ...)
 	NOT-FOR-US: Sun Solaris
 CVE-2009-2429 (SmartFilter Web Gateway Security 4.2.1.00 stores user credentials in ...)
@@ -430,8 +432,6 @@
 CVE-2009-2287 (The kvm_arch_vcpu_ioctl_set_sregs function in the KVM in Linux kernel ...)
 	- linux-2.6 2.6.30-2 (low)
 	- linux-2.6.24 <removed>
-	NOTE: upstream 2.6.30 does not contain the patch for this issue 
-	TODO: check 2.6.31 when it is released
 CVE-2009-2285 (Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 ...)
 	{DSA-1835-1}
 	- tiff 3.8.2-12 (low; bug #534137)

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2009-07-15 21:14:36 UTC (rev 12351)
+++ data/spu-candidates.txt	2009-07-15 21:27:01 UTC (rev 12352)
@@ -93,6 +93,10 @@
 
 --
 
+memcached (CVE-2009-1255)
+bug #527330)
+
+
 mimedecode
 potential dos/crash due to invalid input
 #530430

More information about the Secure-testing-commits mailing list