[Secure-testing-commits] r12155 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Thu Jun 18 20:45:28 UTC 2009 

Author: jmm-guest
Date: 2009-06-18 20:45:26 +0000 (Thu, 18 Jun 2009)
New Revision: 12155

Modified:
   data/CVE/list
   data/DSA/list
Log:
- add dkim CVE ID to DSA entry
- adtool non-issue
- bugnums


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-06-18 16:18:44 UTC (rev 12154)
+++ data/CVE/list	2009-06-18 20:45:26 UTC (rev 12155)
@@ -112,7 +112,9 @@
 	[lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
 	NOTE: http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc
 CVE-2009-XXXX [adtool leaks password in environment]
-	- adtool 1.3.2-1 (low)
+	- adtool 1.3.2-1 (unimportant)
+	NOTE: adtool has safe means to specify the password, so this boils
+        NOTE: down to potential insecure usage
 CVE-2009-2027 (The Installer in Apple Safari before 4.0 on Windows allows local users ...)
 	NOT-FOR-US: Apple Safari
 CVE-2009-2026
@@ -642,7 +644,7 @@
 CVE-2009-1809 (Multiple cross-site scripting (XSS) vulnerabilities in myColex 1.4.2 ...)
 	NOT-FOR-US: myColex
 CVE-2009-1829 (Unspecified vulnerability in the PCNFSD dissector in Wireshark 0.8.20 ...)
-	- wireshark <unfixed> (low)
+	- wireshark <unfixed> (low; bug #533347)
 CVE-2009-1808 (Microsoft Windows XP SP3 allows local users to cause a denial of ...)
 	NOT-FOR-US: Microsoft
 CVE-2009-1807 (Unspecified vulnerability in Config.dll in Baofeng products 3.09.04.17 ...)
@@ -4441,7 +4443,6 @@
 	- dkim-milter 2.6.0.dfsg-2 (low)
 	[lenny] - dkim-milter 2.6.0.dfsg-1+lenny1
 	NOTE: http://sourceforge.net/tracker/index.php?func=detail&aid=2508602&group_id=139420&atid=744358
-	NOTE: CVE id requested
 CVE-2009-0749 (Use-after-free vulnerability in the GIFReadNextExtension function in ...)
 	- optipng 0.6.2.1-1 (low)
 	[etch] - optipng 0.5.5-2
@@ -5923,7 +5924,6 @@
 	- squid 2.7.STABLE3-4.1 (medium; bug #514142)
 	- squid3 3.0.STABLE8-3 (medium)
 	[etch] - squid <not-affected> (Vulnerable code not present)
-	NOTE: http://www.squid-cache.org/Advisories/SQUID-2009_1.txt
 CVE-2009-XXXX [glpi sql injection]
 	- glpi 0.71.5-1 (bug #513611)
 CVE-2009-0490 (Stack-based buffer overflow in the String_parse::get_nonspace_quoted ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2009-06-18 16:18:44 UTC (rev 12154)
+++ data/DSA/list	2009-06-18 20:45:26 UTC (rev 12155)
@@ -354,6 +354,7 @@
 	{CVE-2009-0386 CVE-2009-0387 CVE-2009-0397}
 	[etch] - gst-plugins-bad0.10 0.10.3-3.1+etch1
 [27 Feb 2009] DSA-1728-1 dkim-milter - denial of service
+	{CVE-2009-0770}
 	[lenny] - dkim-milter 2.6.0.dfsg-1+lenny1
 [26 Feb 2009] DSA-1727-1  - SQL injection vulnerabilites
 	{CVE-2009-0542 CVE-2009-0543}

More information about the Secure-testing-commits mailing list