[Secure-testing-commits] r11367 - in data: . CVE

nion at alioth.debian.org nion at alioth.debian.org
Tue Mar 10 13:58:04 UTC 2009 

Author: nion
Date: 2009-03-10 13:58:03 +0000 (Tue, 10 Mar 2009)
New Revision: 11367

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
- spu notifications
- CVE-2009-0819 does not affect mysql in Debian
- CVE-2009-0737 fixed in mediawiki 1:1.14.0-1
- CVE-2008-5076 fixed in htop 0.8.1-2
- CVE-2008-4968 fixed in lmbench 3.0-a9-1


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-03-10 12:44:59 UTC (rev 11366)
+++ data/CVE/list	2009-03-10 13:58:03 UTC (rev 11367)
@@ -65,7 +65,7 @@
 CVE-2009-0820 (Multiple eval injection vulnerabilities in phpScheduleIt before 1.2.11 ...)
 	NOT-FOR-US: phpScheduleIt
 CVE-2009-0819 (sql/item_xmlfunc.cc in MySQL before 5.1.32 allows remote authenticated ...)
-	TODO: check
+	- mysql-dfsg-5.0 <not-affected> (Vulnerable code introduced in 5.1.5)
 CVE-2009-0818 (Cross-site scripting (XSS) vulnerability in the ...)
 	TODO: check
 CVE-2009-0817 (Cross-site scripting (XSS) vulnerability in the Protected Node module ...)
@@ -1310,7 +1310,7 @@
 	- kdebase <unfixed> (low; bug #515106)
 	NOTE: need to submit a request for CVE id
 CVE-2009-0737 (Multiple cross-site scripting (XSS) vulnerabilities in the web-based ...)
-	- mediawiki <unfixed> (low; bug #514547)
+	- mediawiki 1:1.14.0-1 (low; bug #514547)
 	[lenny] - mediawiki 1:1.12.0-2lenny3
 CVE-2009-0524 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 6 and 7, ...)
 	NOT-FOR-US: Adobe RoboHelp
@@ -5608,7 +5608,7 @@
 CVE-2008-4802 (Cross-site scripting (XSS) vulnerability in complete.php in Simple PHP ...)
 	NOT-FOR-US: Simple PHP Scripts blog
 CVE-2008-5076 (htop 0.7 writes process names to a terminal without sanitizing ...)
-	- htop <unfixed> (unimportant; bug #504144)
+	- htop 0.8.1-2 (unimportant; bug #504144)
 	NOTE: That scenario is too constructed to call it a security issue, especially
 	NOTE: given that the standard top will display the maliciously hidden processes
 	NOTE: just fine. 
@@ -8161,7 +8161,7 @@
 	- audiolink 0.05-1.1 (low; bug #496433)
 	[etch] - audiolink <no-dsa> (Minor issue)
 CVE-2008-4968 (The (1) rccs and (2) STUFF scripts in lmbench 3.0-a7 allow local users ...)
-	- lmbench <unfixed> (low; bug #496427)
+	- lmbench 3.0-a9-1 (low; bug #496427)
 	[etch] - lmbench <no-dsa> (Non-free not supported)
 CVE-2008-4975 (mkmailpost in newsgate 1.6 allows local users to overwrite arbitrary ...)
 	- newsgate <removed> (low; bug #496437)

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2009-03-10 12:44:59 UTC (rev 11366)
+++ data/spu-candidates.txt	2009-03-10 13:58:03 UTC (rev 11367)
@@ -274,6 +274,7 @@
 
 libarchive-tar-perl (CVE-2007-4829)
 #449544
+notified maintainer
 
 --
 
@@ -285,6 +286,7 @@
 
 libsamplerate (CVE-2008-5008)
 https://bugzilla.redhat.com/attachment.cgi?id=323069
+notified maintainer
 
 --
 
@@ -328,6 +330,7 @@
 
 mailscanner (CVE-2008-5312, CVE-2008-5313)
 #506353
+notified maintainer
 
 --
 
@@ -579,6 +582,7 @@
 
 tqsllib 2.0-8 (CVE-2009-0124)
 #511509
+notified maintainer
 
 --

More information about the Secure-testing-commits mailing list