[Secure-testing-commits] r11963 - in data: . CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Sun May 24 08:04:56 UTC 2009 

Author: jmm-guest
Date: 2009-05-24 08:04:56 +0000 (Sun, 24 May 2009)
New Revision: 11963

Modified:
   data/CVE/list
   data/problematic-packages
   data/spu-candidates.txt
Log:
- compiz-fusion-plugins-main no-dsa
- two new kernel issues
- requested removal for verlihub


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-05-24 04:58:24 UTC (rev 11962)
+++ data/CVE/list	2009-05-24 08:04:56 UTC (rev 11963)
@@ -9,7 +9,8 @@
 CVE-2009-1759 (Stack-based buffer overflow in the btFiles::BuildFromMI function ...)
 	- ctorrent <unfixed> (bug #530255) 
 CVE-2009-1758 (The hypervisor_callback function in Xen, possibly before 3.4.0, as ...)
-	TODO: check
+	- linux-2.6 <unfixed>
+	- linux-2.6.24 <removed>
 CVE-2009-1757 (Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 ...)
 	- transmission 1.61-1 (low)
 	[lenny] - transmission <not-affected> (Vulnerable code not present, the web interface was introduced in 1.30)
@@ -287,8 +288,10 @@
 	RESERVED
 CVE-2009-1634
 	RESERVED
-CVE-2009-1633
+CVE-2009-1633 [CIFS Unicode issue]
 	RESERVED
+	- linux-2.6 <unfixed>
+	- linux-2.6.24 <removed>
 CVE-2009-1632 (Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote ...)
 	{DSA-1804-1}
 	- ipsec-tools 0.7.1-1.5 (medium; bug #528933)
@@ -2458,7 +2461,8 @@
 CVE-2008-6515 (Cross-site scripting (XSS) vulnerability in Fritz Berger yet another ...)
 	NOT-FOR-US: yappa-ng
 CVE-2008-6514 (The Expo plugin in Compiz Fusion 0.7.8 allows local users with ...)
-	- compiz-fusion-plugins-main 0.8.2-1
+	- compiz-fusion-plugins-main 0.8.2-1 (low)
+	[lenny] - compiz-fusion-plugins-main <no-dsa> (Minor issue)
 CVE-2008-6513 (Unrestricted file upload vulnerability in saa.php in Andy's PHP ...)
 	NOT-FOR-US: Andy's PHP Knowledgebase
 CVE-2008-6512 (Cross-domain vulnerability in the WorkerPool API in Google Gears ...)

Modified: data/problematic-packages
===================================================================
--- data/problematic-packages	2009-05-24 04:58:24 UTC (rev 11962)
+++ data/problematic-packages	2009-05-24 08:04:56 UTC (rev 11963)
@@ -21,4 +21,4 @@
 verlihub: (May 2009)
 No maintainer upload for one year, no reply to RC security bug
 #506530 for six months as of 2009-05-21
-
+Requested removal from the archive: 529817

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2009-05-24 04:58:24 UTC (rev 11962)
+++ data/spu-candidates.txt	2009-05-24 08:04:56 UTC (rev 11963)
@@ -25,6 +25,10 @@
 
 --
 
+compiz-fusion-plugins-main (CVE-2008-6514)
+
+--
+
 coccinelle
 http://packages.qa.debian.org/c/coccinelle/news/20090502T001704Z.html
 
@@ -72,6 +76,12 @@
 
 --
 
+smarty (CVE-2009-1669)
+#529810
+http://groups.google.com/group/smarty-svn/browse_thread/thread/b2da2e5d1ef8b462
+
+--
+
 tau (CVE-2008-5157)
 #506348
 notified maintainer

More information about the Secure-testing-commits mailing list