[Secure-testing-commits] r11850 - in data: . CVE DSA
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Sat May 9 13:06:05 UTC 2009
Author: jmm-guest
Date: 2009-05-09 13:06:05 +0000 (Sat, 09 May 2009)
New Revision: 11850
Modified:
data/CVE/list
data/DSA/list
data/ospu-candidates.txt
data/spu-candidates.txt
Log:
- CVE-2009-0164 won't be fixed in spu updates
- fix date in DSA list
- new minor hex-a-hop issue
- fix jetty issue, why was this marked unimportant?
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-05-09 13:01:39 UTC (rev 11849)
+++ data/CVE/list 2009-05-09 13:06:05 UTC (rev 11850)
@@ -1,3 +1,6 @@
+CVE-2009-XXXX [hex-a-hop: buffer overflow in loading save games]
+ - hex-a-hop <unfixed> (low)
+ [lenny] - hex-a-hop <no-dsa> (Minor issue, very obscure attack vector)
CVE-2009-1587 (index.php in PHP Site Lock 2.0 allows remote attackers to bypass ...)
NOT-FOR-US: PHP Site Lock
CVE-2009-1586 (Stack-based buffer overflow in the NZB importer feature in GrabIt ...)
@@ -163,10 +166,9 @@
NOT-FOR-US: Directadmin
CVE-2009-1524 (Cross-site scripting (XSS) vulnerability in Mort Bay Jetty before ...)
- jetty <unfixed> (low; bug #527571)
- NOTE: only in unstable, only in contrib, fairly unmaintained
CVE-2009-1523 (Directory traversal vulnerability in the HTTP server in Mort Bay Jetty ...)
- - jetty <unfixed> (unimportant)
- NOTE: only in unstable, only in contrib, fairly unmaintained
+ - jetty <unfixed>
+ TODO: file bug
CVE-2009-1522 (The IBM Tivoli Storage Manager (TSM) client 5.5.0.0 through 5.5.1.17 ...)
NOT-FOR-US: Tivoli
CVE-2009-1521 (Unspecified vulnerability in the Java GUI in the IBM Tivoli Storage ...)
@@ -457,7 +459,7 @@
CVE-2009-1437 (Stack-based buffer overflow in PortableApps CoolPlayer Portable (aka ...)
NOT-FOR-US: CoolPlayer
CVE-2009-1436 (The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and ...)
- - kfreebsd-7 <not-affected> (kfreebsd uses a different libc version)
+ - kfreebsd-7 <not-affected> (Debian/kfreebsd uses glibc)
CVE-2009-1435 (NTRtScan.exe in Trend Micro OfficeScan Client 8.0 SP1 and 8.0 SP1 ...)
NOT-FOR-US: Trend Micro OfficeScan
CVE-2009-1434 (Cross-site request forgery (CSRF) vulnerability in Foswiki before ...)
@@ -1038,7 +1040,7 @@
CVE-2009-1265 (Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the Linux ...)
{DSA-1794-1 DSA-1787-1}
- linux-2.6 2.6.29-4
- - linux-2.6.24 <unfixed>
+ - linux-2.6.24 <removed>
CVE-2009-1264 (Frontend User Registration (sr_feuser_register) extension 2.5.20 and ...)
NOT-FOR-US: Frontend User Registration (sr_feuser_register) extension
CVE-2009-1263 (SQL injection vulnerability in sub_commententry.php in the BookJoomlas ...)
@@ -1157,7 +1159,7 @@
{DSA-1787-1}
- linux-2.6 <unfixed>
[etch] - linux-2.6 <not-affected> (Doesn't include KVM yet)
- - linux-2.6.24 <unfixed>
+ - linux-2.6.24 <removed>
CVE-2008-6656 (Multiple SQL injection vulnerabilities in Open Auto Classifieds 1.4.3b ...)
NOT-FOR-US: Open Auto Classifieds
CVE-2008-6655 (Multiple cross-site scripting (XSS) vulnerabilities in GEDCOM_TO_MYSQL ...)
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2009-05-09 13:01:39 UTC (rev 11849)
+++ data/DSA/list 2009-05-09 13:06:05 UTC (rev 11850)
@@ -1,7 +1,7 @@
[09 May 2009] DSA-1797-1 xulrunner - several vulnerabilities
{CVE-2009-0652 CVE-2009-1302 CVE-2009-1303 CVE-2009-1304 CVE-2009-1305 CVE-2009-1306 CVE-2009-1307 CVE-2009-1308 CVE-2009-1309 CVE-2009-1311 CVE-2009-1312}
[lenny] - xulrunner 1.9.0.9-0lenny2
-[07 Apr 2009] DSA-1796-1 libwmf - denial of service
+[07 May 2009] DSA-1796-1 libwmf - denial of service
{CVE-2009-1364}
[etch] - libwmf 0.2.8.4-2+etch1
[lenny] - libwmf 0.2.8.4-6+lenny1
Modified: data/ospu-candidates.txt
===================================================================
--- data/ospu-candidates.txt 2009-05-09 13:01:39 UTC (rev 11849)
+++ data/ospu-candidates.txt 2009-05-09 13:06:05 UTC (rev 11850)
@@ -135,7 +135,7 @@
--
-cupsys (CVE-2009-0164 CVE-2008-5377)
+cupsys (CVE-2008-5377)
--
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2009-05-09 13:01:39 UTC (rev 11849)
+++ data/spu-candidates.txt 2009-05-09 13:06:05 UTC (rev 11850)
@@ -27,11 +27,6 @@
--
-cups (CVE-2009-0164)
-notified maintainer
-
---
-
kvm 82-1 (CVE-2008-5714)
#509997
More information about the Secure-testing-commits
mailing list