[Secure-testing-commits] r12005 - data/CVE

Stefan Fritsch sf at alioth.debian.org
Mon Jun 1 10:55:37 UTC 2009 

Author: sf
Date: 2009-06-01 10:55:37 +0000 (Mon, 01 Jun 2009)
New Revision: 12005

Modified:
   data/CVE/list
Log:
add some bug references

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-06-01 10:53:06 UTC (rev 12004)
+++ data/CVE/list	2009-06-01 10:55:37 UTC (rev 12005)
@@ -379,7 +379,7 @@
 	- libsndfile 1.0.20-1 (medium; bug #528650)
 CVE-2009-XXXX [drupal: cross-site scripting vulnerability]
 	- drupal5 5.17-1.1 (low; bug #529191)
-	- drupal6 6.11-1.1 (low; bug #529190)
+	- drupal6 6.11-1.1 (low; bug #529190; bug #531386)
 CVE-2009-XXXX [kdebase: potential digital certificate deficiencies in konqueror 4]
 	- kdebase <unfixed> (low; bug #526985)
 	[etch] - kdebase <not-affected> (vulnerability introduced in konqueror 4)
@@ -972,7 +972,7 @@
 	- chromium-browser <itp> (bug #520324)
 CVE-2009-1439 (Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel ...)
 	{DSA-1800-1 DSA-1794-1 DSA-1787-1}
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.29-2 (bug #523365)
 	- linux-2.6.24 <removed>
 CVE-2009-1438 (Integer overflow in the CSoundFile::ReadMed function ...)
 	- libmodplug 1:0.8.7-1 (low; bug #526657; bug #527076)
@@ -3370,7 +3370,7 @@
 CVE-2009-0793 (cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK ...)
 	{DSA-1769-1}
 	- openjdk-6 <unfixed>
-	- lcms <unfixed> (low; bug filed)
+	- lcms <unfixed> (low; bug #530785)
 	[lenny] - lcms <no-dsa> (Minor issue)
 	[etch] - lcms <no-dsa> (Minor issue)
 CVE-2009-0792 (Multiple integer overflows in icc.c in the International Color ...)
@@ -3844,7 +3844,7 @@
 CVE-2009-0699 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: Plunet BusinessManager
 CVE-2009-0698 (Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib ...)
-	- xine-lib 1.1.16.2-1 (bug #517792; medium)
+	- xine-lib 1.1.16.2-1 (bug #517792; bug #523475; medium)
 CVE-2009-0697
 	RESERVED
 CVE-2009-0696
@@ -4455,7 +4455,7 @@
 	NOTE: their previous password; thus violating the security policy as defined by
 	NOTE: the administrator)
 CVE-2009-0578 (GNOME NetworkManager before 0.7.0.99 does not properly verify ...)
-	- network-manager-applet 0.7.0.99-1 (medium)
+	- network-manager-applet 0.7.0.99-1 (medium; bug #519801)
 CVE-2009-0577 (Integer overflow in the WriteProlog function in texttops in CUPS ...)
 	NOT-FOR-US: RedHat specific, because they had a problem applying the fix for CVE-2008-3640
 CVE-2009-0576 (Unspecified vulnerability in Sun Java System Directory Server 5.2 p6 ...)
@@ -5249,7 +5249,7 @@
 	{DSA-1737-1}
 	- wesnoth 1:1.4.7-4
 CVE-2009-0365 (nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an ...)
-	- network-manager-applet 0.7.0.99-1 (medium)
+	- network-manager-applet 0.7.0.99-1 (medium; bug #519801)
 	- network-manager 0.7.0.99-1 (medium)
 CVE-2009-0364 (Format string vulnerability in the mini_calendar component in ...)
 	{DSA-1752-1}
@@ -6720,7 +6720,7 @@
 CVE-2008-5696 (Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is ...)
 	NOT-FOR-US: Novell NetWare
 CVE-2008-5695 (wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 ...)
-	- wordpress 2.3.2 (low; bug #510786)
+	- wordpress 2.3.2 (low; bug #510786; bug #513959)
 	NOTE: only the admin has manage_options capabilities by default and only editors
 	NOTE: have upload_files capabilities
 	NOTE: Only versions prior to 2.3.2 are affected according to the Debian maintainer
@@ -7544,7 +7544,7 @@
 CVE-2008-5381 (Buffer overflow in the URL processing in ffdshow (aka ffdshow-tryout) ...)
 	NOT-FOR-US: ffdshow
 CVE-2008-5380 (gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to overwrite ...)
-	- gpsdrive 2.10~pre4-6.dfsg-2 (low)
+	- gpsdrive 2.10~pre4-6.dfsg-2 (low; bug #508595)
 	[etch] - gpsdrive <no-dsa> (Minor issue)
 	[lenny] - gpsdrive 2.10~pre4-6.dfsg-1+lenny1
 CVE-2008-5379 (netdisco-mibs-installer 1.0 allows local users to overwrite arbitrary ...)
@@ -31170,7 +31170,7 @@
 CVE-2007-2722 (Unspecified vulnerability in NewzCrawler 1.8 allows remote attackers ...)
 	NOT-FOR-US: NewzCrawler
 CVE-2007-2721 (The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer ...)
-	- jasper <unfixed> (medium; bug #413033)
+	- jasper <unfixed> (medium; bug #413033; bug #528543)
 	NOTE: Jasper was initially fixed in 1.900.1-3, but the fix got dropped later, see #528543
 	- ghostscript 8.61.dfsg.1~svn8187-1.1 (medium; bug #447188)
 	NOTE: see http://ghostscript.com/pipermail/gs-cvs/2007-October/007877.html

More information about the Secure-testing-commits mailing list