[Secure-testing-commits] r11758 - in data: . CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Fri May 1 15:36:46 UTC 2009
Author: jmm-guest
Date: 2009-05-01 15:36:46 +0000 (Fri, 01 May 2009)
New Revision: 11758
Modified:
data/CVE/list
data/ospu-candidates.txt
data/spu-candidates.txt
Log:
- new kernel issue
- spu updates
- add samba issue (already fixed)
- bugnums
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-05-01 14:47:36 UTC (rev 11757)
+++ data/CVE/list 2009-05-01 15:36:46 UTC (rev 11758)
@@ -1,3 +1,7 @@
+CVE-2009-XXXX [samba: Account locking out doesnt work with an LDAP backend]
+ - samba 2:3.2.6 (bug #514151)
+ [lenny] - samba 2:3.2.5-4lenny1
+ [etch] - samba <not-affected> (Bug not yet present in Etch's version)
CVE-2009-XXXX [Quagga bgpd crash related to 4-byte AS numbers]
- quagga <unfixed> (high; bug #526270)
CVE-2009-1489 (includes/user.php in Fungamez RC1 allows remote attackers to bypass ...)
@@ -201,6 +205,7 @@
CVE-2009-XXXX [iodine: DoS against iodined triggerable by authenticated users]
- iodine <unfixed> (low)
[lenny] - iodine <no-dsa> (Maintainer will fix it in next stable point update)
+ TODO: next point release: [lenny] - iodine 0.4.2-2~lenny1
CVE-2009-XXXX [ntop: access.log permissions]
- ntop <unfixed> (low; bug #524801)
NOTE: fixed in recent FSA (https://admin.fedoraproject.org/updates/F10/FEDORA-2009-2805)
@@ -445,6 +450,7 @@
CVE-2009-XXXX [pptp-linux: unrestrictive pptpsetup permissions]
- pptp-linux 1.7.2-3 (low; bug #523476)
[lenny] - pptp-linux <no-dsa> (Minor issue)
+ [etch] - pptp-linux <no-dsa> (Minor issue)
CVE-2009-XXXX [slurm-llnl doesn't drop supplementary groups]
- slurm-llnl 1.3.15-1 (bug #524980)
[lenny] - slurm-llnl 1.3.6-1lenny3
@@ -1111,7 +1117,8 @@
CVE-2009-1193
RESERVED
CVE-2009-1192 (drivers/char/agp/generic.c in the agp subsystem in the Linux kernel ...)
- TODO: check
+ - linux-2.6 <unfixed>
+ - linux-2.6.24 <removed>
CVE-2009-1191 (mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server ...)
- apache2 <unfixed> (low)
[etch] - apache2 <not-affected> (introduced in 2.2.11)
@@ -2427,7 +2434,7 @@
{DSA-1769-1}
- openjdk-6 <unfixed>
CVE-2009-0792 (Multiple integer overflows in icc.c in the International Color ...)
- - argyll 1.0.3-3 (medium; bug #523472)
+ - argyll 1.0.3-3 (medium; bug #523472; bug #524802)
- ghostscript 8.64~dfsg-1.1 (medium; bug #524915)
CVE-2009-0791
RESERVED
@@ -11914,7 +11921,7 @@
- xine-lib 1.1.14-2 (bug #492870; unimportant)
NOTE: Only a NULL pointer deference, hardly security relevant
CVE-2008-3230 (The ffmpeg lavf demuxer allows user-assisted attackers to cause a ...)
- - ffmpeg-debian 0.svn20080206-16 (unimportant; bug #498764)
+ - ffmpeg-debian 0.svn20080206-16 (unimportant; bug #498764; bug #498766)
- ffmpeg <removed> (unimportant)
NOTE: Only a NULL pointer deference, hardly security relevant
CVE-2008-3228 (Joomla! before 1.5.4 does not configure .htaccess to apply certain ...)
Modified: data/ospu-candidates.txt
===================================================================
--- data/ospu-candidates.txt 2009-05-01 14:47:36 UTC (rev 11757)
+++ data/ospu-candidates.txt 2009-05-01 15:36:46 UTC (rev 11758)
@@ -465,7 +465,7 @@
pptp-linux (no CVE)
#523476
-asked maintainer in mail
+Ola will prepare a fix in a point update
--
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2009-05-01 14:47:36 UTC (rev 11757)
+++ data/spu-candidates.txt 2009-05-01 15:36:46 UTC (rev 11758)
@@ -70,7 +70,7 @@
pptp-linux (no CVE)
#523476
-asked maintainer in mail
+Ola will prepare a fix in a point update
--
More information about the Secure-testing-commits
mailing list