[Secure-testing-commits] r11953 - in data: CVE DSA

Thijs Kinkhorst thijs at alioth.debian.org
Fri May 22 09:00:24 UTC 2009 

Author: thijs
Date: 2009-05-22 09:00:24 +0000 (Fri, 22 May 2009)
New Revision: 11953

Modified:
   data/CVE/list
   data/DSA/list
Log:
CVE ids assigned


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-05-21 21:14:18 UTC (rev 11952)
+++ data/CVE/list	2009-05-22 09:00:24 UTC (rev 11953)
@@ -1,3 +1,13 @@
+CVE-2009-1756 [slim insecure auth secret passing]
+	- slim <unfixed> (low; bug #529306)
+CVE-2009-1755 [off-by-one in nsd]
+	- nsd3 <unfixed> (medium; bug #529418)
+	- nsd 2.3.7-3 (medium; bug #529420)
+	NOTE: VU#710316
+CVE-2009-1753 [unsafe temp file in coccinelle]
+	- coccinelle 0.1.7.deb-3 (low)
+	[lenny] - coccinelle <no-dsa> (Minor issue)
+	[etch] - coccinelle <no-dsa> (Minor issue)
 CVE-2009-1678 (Directory traversal vulnerability in the saveFeed function in ...)
 	NOT-FOR-US: Bitweaver
 CVE-2009-1677 (Multiple static code injection vulnerabilities in the saveFeed ...)
@@ -26,11 +36,6 @@
 	NOT-FOR-US: CastRipper
 CVE-2009-1666 (Multiple unspecified vulnerabilities in CycloMedia CycloScopeLite ...)
 	NOT-FOR-US: CycloMedia CycloScopeLite
-CVE-2009-XXXX [off-by-one in nsd]
-	- nsd3 <unfixed> (medium; bug #529418)
-	- nsd 2.3.7-3 (medium; bug #529420)
-	NOTE: CVE id requested
-	NOTE: VU#710316
 CVE-2009-1665 (myaccount.php in Easy Scripts Answer and Question Script allows remote ...)
 	NOT-FOR-US: Easy Scripts Answer and Question Script
 CVE-2009-1664 (myaccount.php in Easy Scripts Answer and Question Script does not ...)
@@ -98,9 +103,6 @@
 CVE-2009-XXXX [libsndfile VOC and AIFF Processing Buffer Overflow Vulnerabilities]
 	- libsndfile 1.0.20-1 (medium; bug #528650)
 	NOTE: http://trapkit.de/advisories/TKADV2009-006.txt
-CVE-2009-XXXX [slim insecure auth secret passing]
-	- slim <unfixed> (low; bug #529306)
-	NOTE: CVE id request on oss-sec
 CVE-2009-XXXX [drupal: cross-site scripting vulnerability]
 	- drupal5 5.18 (low; bug #529191)
 	- drupal6 6.12 (low; bug #529190)
@@ -434,11 +436,6 @@
 	- gst-plugins-bad0.10 <not-affected> (Vulnerable code not present; bug #527077)
 	[etch] - libmodplug <not-affected> (Vulnerable code not present)
 	NOTE: gst-plugins-bad0.10 in testing and unstable builds against an external libmodplug.
-CVE-2009-XXXX [unsafe temp file in coccinelle]
-	- coccinelle 0.1.7.deb-3 (low)
-	[lenny] - coccinelle <no-dsa> (Minor issue)
-	[etch] - coccinelle <no-dsa> (Minor issue)
-	NOTE: CVE id requested
 CVE-2009-1519 (Directory traversal vulnerability in index.php in Pecio CMS 1.1.5 ...)
 	NOT-FOR-US: Pecio CMS
 CVE-2009-1518 (Cross-site request forgery (CSRF) vulnerability in Beltane before ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2009-05-21 21:14:18 UTC (rev 11952)
+++ data/DSA/list	2009-05-22 09:00:24 UTC (rev 11953)
@@ -3,6 +3,7 @@
 	[etch] - squirrelmail 2:1.4.9a-5
 	[lenny] - squirrelmail 2:1.4.15-4+lenny2
 [20 May 2009] DSA-1803-1 nsd nsd3 - denial of service
+	{CVE-2009-1755}
 	[etch] - nsd 2.3.6-1+etch1
 	[lenny] - nsd 2.3.7-1.1+lenny1
 	[lenny] - nsd3 3.0.7-3.lenny2

More information about the Secure-testing-commits mailing list