[Secure-testing-commits] r11758 - in data: . CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Fri May 1 15:36:46 UTC 2009


Author: jmm-guest
Date: 2009-05-01 15:36:46 +0000 (Fri, 01 May 2009)
New Revision: 11758

Modified:
   data/CVE/list
   data/ospu-candidates.txt
   data/spu-candidates.txt
Log:
- new kernel issue
- spu updates
- add samba issue (already fixed)
- bugnums


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-05-01 14:47:36 UTC (rev 11757)
+++ data/CVE/list	2009-05-01 15:36:46 UTC (rev 11758)
@@ -1,3 +1,7 @@
+CVE-2009-XXXX [samba: Account locking out doesnt work with an LDAP backend]
+	- samba 2:3.2.6 (bug #514151)
+	[lenny] - samba 2:3.2.5-4lenny1
+	[etch] - samba <not-affected> (Bug not yet present in Etch's version)
 CVE-2009-XXXX [Quagga bgpd crash related to 4-byte AS numbers]
 	- quagga <unfixed> (high; bug #526270)
 CVE-2009-1489 (includes/user.php in Fungamez RC1 allows remote attackers to bypass ...)
@@ -201,6 +205,7 @@
 CVE-2009-XXXX [iodine: DoS against iodined triggerable by authenticated users]
 	- iodine <unfixed> (low)
 	[lenny] - iodine <no-dsa> (Maintainer will fix it in next stable point update)
+	TODO: next point release: [lenny] - iodine 0.4.2-2~lenny1 
 CVE-2009-XXXX [ntop: access.log permissions]
 	- ntop <unfixed> (low; bug #524801)
 	NOTE: fixed in recent FSA (https://admin.fedoraproject.org/updates/F10/FEDORA-2009-2805)
@@ -445,6 +450,7 @@
 CVE-2009-XXXX [pptp-linux: unrestrictive pptpsetup permissions]
 	- pptp-linux 1.7.2-3 (low; bug #523476)
 	[lenny] - pptp-linux <no-dsa> (Minor issue)
+	[etch] - pptp-linux <no-dsa> (Minor issue)
 CVE-2009-XXXX [slurm-llnl doesn't drop supplementary groups]
 	- slurm-llnl 1.3.15-1 (bug #524980)
 	[lenny] - slurm-llnl 1.3.6-1lenny3
@@ -1111,7 +1117,8 @@
 CVE-2009-1193
 	RESERVED
 CVE-2009-1192 (drivers/char/agp/generic.c in the agp subsystem in the Linux kernel ...)
-	TODO: check
+	- linux-2.6 <unfixed>
+	- linux-2.6.24 <removed>
 CVE-2009-1191 (mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server ...)
 	- apache2 <unfixed> (low)
 	[etch] - apache2 <not-affected> (introduced in 2.2.11)
@@ -2427,7 +2434,7 @@
 	{DSA-1769-1}
 	- openjdk-6 <unfixed>
 CVE-2009-0792 (Multiple integer overflows in icc.c in the International Color ...)
-	- argyll 1.0.3-3 (medium; bug #523472)
+	- argyll 1.0.3-3 (medium; bug #523472; bug #524802)
 	- ghostscript 8.64~dfsg-1.1 (medium; bug #524915)
 CVE-2009-0791
 	RESERVED
@@ -11914,7 +11921,7 @@
 	- xine-lib 1.1.14-2 (bug #492870; unimportant)
 	NOTE: Only a NULL pointer deference, hardly security relevant
 CVE-2008-3230 (The ffmpeg lavf demuxer allows user-assisted attackers to cause a ...)
-	- ffmpeg-debian 0.svn20080206-16 (unimportant; bug #498764)
+	- ffmpeg-debian 0.svn20080206-16 (unimportant; bug #498764; bug #498766)
 	- ffmpeg <removed> (unimportant)
 	NOTE: Only a NULL pointer deference, hardly security relevant
 CVE-2008-3228 (Joomla! before 1.5.4 does not configure .htaccess to apply certain ...)

Modified: data/ospu-candidates.txt
===================================================================
--- data/ospu-candidates.txt	2009-05-01 14:47:36 UTC (rev 11757)
+++ data/ospu-candidates.txt	2009-05-01 15:36:46 UTC (rev 11758)
@@ -465,7 +465,7 @@
 
 pptp-linux (no CVE)
 #523476
-asked maintainer in mail
+Ola will prepare a fix in a point update
 
 --
 

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2009-05-01 14:47:36 UTC (rev 11757)
+++ data/spu-candidates.txt	2009-05-01 15:36:46 UTC (rev 11758)
@@ -70,7 +70,7 @@
 
 pptp-linux (no CVE)
 #523476
-asked maintainer in mail
+Ola will prepare a fix in a point update
 
 --
 




More information about the Secure-testing-commits mailing list