[Secure-testing-commits] r12018 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Tue Jun 2 18:46:41 UTC 2009 

Author: jmm-guest
Date: 2009-06-02 18:46:41 +0000 (Tue, 02 Jun 2009)
New Revision: 12018

Modified:
   data/CVE/list
Log:
- two torrentflux issues which have been lingering as unfixed w/o a
  bug report for too long
- libnet-dns-perl as fixed in Lenny, since the kernel provides src
  port randomisation, which should be good enough


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-06-02 17:59:35 UTC (rev 12017)
+++ data/CVE/list	2009-06-02 18:46:41 UTC (rev 12018)
@@ -479,7 +479,6 @@
 	- ajaxterm <unfixed> (medium; bug #528938) 
 CVE-2009-1789 (mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and ...)
 	- eggdrop 1.6.19-1.2 (medium; bug #528778)
-	NOTE: CVE id request on oss-sec
 CVE-2009-XXXX [cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked]
 	- cron 3.0pl1-106 (low; bug #528434)
 	[lenny] - cron <no-dsa> (Minor issue)
@@ -1942,9 +1941,9 @@
 CVE-2008-6586 (Cross-site request forgery (CSRF) vulnerability in gui/index.php in ...)
 	NOT-FOR-US: ?Torrent (uTorrent) WebUI
 CVE-2008-6585 (Cross-site request forgery (CSRF) vulnerability in html/admin.php in ...)
-	- torrentflux <unfixed>
+	- torrentflux <unfixed> (bug filed)
 CVE-2008-6584 (html/index.php in TorrentFlux 2.3 allows remote authenticated users to ...)
-	- torrentflux <unfixed>
+	- torrentflux <unfixed> (bug filed)
 CVE-2008-6583 (Buffer overflow in BS.player 2.27 build 959 allows remote attackers to ...)
 	NOT-FOR-US: BS.player
 CVE-2009-1274 (Integer overflow in the qt_error parse_trak_atom function in ...)
@@ -17174,7 +17173,7 @@
 	- adns 1.4-2 (unimportant; bug #492698)
 	NOTE: adns is not suitable to use with untrusted responses, documented in README.Debian
 	- udns <unfixed> (bug #493599)
-	- libnet-dns-perl <unfixed> (low; bug #492700)
+	- libnet-dns-perl 0.63-2 (low; bug #492700)
 	NOTE: Source port randomization from Lenny kernel should provide sufficient protection
 	NOTE: since this is just a Perl nodule for DNS queries and not a high-profile server app like
 	NOTE: Bind, it's unlikely that a home-grown fix will provide an implementation of higher

More information about the Secure-testing-commits mailing list