[Secure-testing-commits] r11479 - in data: . CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Thu Mar 26 17:36:16 UTC 2009 

Author: jmm-guest
Date: 2009-03-26 17:36:15 +0000 (Thu, 26 Mar 2009)
New Revision: 11479

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
- new kfreebsd issue
- remove etch-specific unfixed entry, unneeded and might cause problems
- clone mikmod no-dsas for lenny
- unimportant bash issue fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-03-26 09:14:13 UTC (rev 11478)
+++ data/CVE/list	2009-03-26 17:36:15 UTC (rev 11479)
@@ -71,7 +71,8 @@
 CVE-2009-1042 (Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows ...)
 	NOT-FOR-US: Apple Safari
 CVE-2009-1041 (The ktimer feature (sys/kern/kern_time.c) in FreeBSD 7.0, 7.1, and 7.2 ...)
-	TODO: check
+	- kfreebsd-7 7.1-3
+	[lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
 CVE-2008-6511 (Open redirect vulnerability in login.jsp in Openfire 3.6.0a and ...)
 	NOT-FOR-US: Openfire
 CVE-2008-6510 (Cross-site scripting (XSS) vulnerability in login.jsp in the Admin ...)
@@ -352,7 +353,6 @@
 	NOT-FOR-US: Dotclear
 CVE-2009-0932 (Directory traversal vulnerability in framework/Image/Image.php in ...)
 	- horde3 3.2.2+debian0-2 (bug #513265)
-	[etch] - horde3 <unfixed> (bug #513265; medium)
 CVE-2009-0931 (Cross-site scripting (XSS) vulnerability in the tag cloud search ...)
 	- horde3 3.2.2+debian0-2 (bug #513265)
 	[etch] - horde3 <not-affected> (Vulnerable code not present)
@@ -3278,6 +3278,7 @@
 CVE-2009-0179 (libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other ...)
 	- libmikmod <unfixed> (low; bug #476339)
 	[etch] - libmikmod <no-dsa> (Minor issue)
+	[lenny] - libmikmod <no-dsa> (Minor issue)
 CVE-2009-0178 (Unspecified vulnerability in IBM Hardware Management Console (HMC) 7 ...)
 	NOT-FOR-US: IBM Hardware Management Console
 CVE-2009-0177 (vmwarebase.dll, as used in the vmware-authd service (aka ...)
@@ -3308,6 +3309,7 @@
 CVE-2007-6720 (libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and ...)
 	- libmikmod <unfixed> (low; bug #461519)
 	[etch] - libmikmod <no-dsa> (Minor issue)
+	[lenny] - libmikmod <no-dsa> (Minor issue)
 	- sdl-mixer1.2 1.2.8-1 (low; bug #422021)
 	[etch] - sdl-mixer1.2 <no-dsa> (Minor issue)
 CVE-2009-0173 (Unspecified vulnerability in the server in IBM DB2 9.1 before FP6a and ...)
@@ -4906,7 +4908,7 @@
 	- cmus 2.2.0-1.1 (unimportant; bug #509277)
 	NOTE: Just an example script
 CVE-2008-5374 (bash-doc 3.2 allows local users to overwrite arbitrary files via a ...)
-	- bash <unfixed> (unimportant; bug #509279)
+	- bash 4.0-2 (unimportant; bug #509279)
 	NOTE: scripts are examples
 CVE-2008-5373 (mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local users ...)
 	- bacula <unfixed> (unimportant; bug #509301)

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2009-03-26 09:14:13 UTC (rev 11478)
+++ data/spu-candidates.txt	2009-03-26 17:36:15 UTC (rev 11479)
@@ -10,6 +10,10 @@
 
 --
 
+kfreebsd-7 (CVE-2009-1041)
+
+--
+
 mpfr (CVE-2009-0757)
 
 --

More information about the Secure-testing-commits mailing list