[Secure-testing-commits] r12922 - in data: . CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Fri Oct 2 23:18:07 UTC 2009
Author: jmm-guest
Date: 2009-10-02 23:18:07 +0000 (Fri, 02 Oct 2009)
New Revision: 12922
Modified:
data/CVE/list
data/ospu-candidates.txt
data/spu-candidates.txt
Log:
- planet-venus scheduled for point update
- backuppc no-dsa
- new libfwbuilder issue
- new opensaml issue
- rewrite some not-affected entries
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-10-02 22:34:53 UTC (rev 12921)
+++ data/CVE/list 2009-10-02 23:18:07 UTC (rev 12922)
@@ -206,6 +206,16 @@
NOT-FOR-US: Sun OpenSolaris xscreensaver
CVE-2009-3431 (Stack consumption vulnerability in Adobe Acrobat 9.1.1 allows remote ...)
NOT-FOR-US: Adobe Acrobat
+CVE-2009-XXXX [libfwbuilder insecure temp file usage]
+ - libfwbuilder <unfixed> (low)
+ [lenny] - libfwbuilder <not-affected> (Introduced in 3.0.4)
+ [etch] - libfwbuilder <not-affected> (Introduced in 3.0.4)
+CVE-2009-XXXX [Correctly honor the "use" attribute of <KeyDescriptor> SAML metadata]
+ - opensaml <unfixed>
+ [lenny] - opensaml <no-dsa> (Minor issue)
+ TODO: next point update: [lenny] - opensaml 2.0-2+lenny1
+CVE-2009-XXXX [RT: XSS security problem in custom field display]
+ - request-tracker3.8 3.8.5-1 (bug #546829)
CVE-2009-3430 (SQL injection vulnerability in login.php in Allomani Mobile 2.5 allows ...)
NOT-FOR-US: Allomani Mobile
CVE-2009-3429 (Stack-based buffer overflow in Pirate Radio Destiny Media Player 1.61 ...)
@@ -551,18 +561,15 @@
CVE-2009-3271 (Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a ...)
NOT-FOR-US: Apple Safari on iPhone OS 3.0.1
CVE-2009-3290 (The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM in the ...)
- - linux-2.6 <unfixed> (high)
+ - linux-2.6 2.6.31-1 (medium)
[etch] - linux-2.6 <not-affected> (introduced in 2.6.25)
- - linux-2.6.24 <removed>
- [etch] - linux-2.6.24 <not-affected> (introduced in 2.6.25)
+ - linux-2.6.24 <not-affected> (introduced in 2.6.25)
- kvm <unfixed> (high; bug #548975)
- NOTE: fixed in upstream 2.6.31
CVE-2009-3288 (The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel ...)
- linux-2.6 <unfixed> (medium)
[etch] - linux-2.6 <not-affected> (introduced in 2.6.28)
[lenny] - linux-2.6 <not-affected> (introduced in 2.6.28)
- - linux-2.6.24 <removed>
- [etch] - linux-2.6.24 <not-affected> (introduced in 2.6.28)
+ - linux-2.6.24 <not-affected> (introduced in 2.6.28)
CVE-2009-3286 (NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does ...)
- linux-2.6 2.6.30-1 (low)
- linux-2.6.24 <removed>
@@ -666,10 +673,8 @@
- webkit <unfixed> (medium; bug #547217)
TODO: asked maintainer to check; follow-up
CVE-2009-3234 (Buffer overflow in the perf_copy_attr function in ...)
- - linux-2.6 <not-affected> (Introduced in 2.6.31)
- - linux-2.6.24 <removed>
- [etch] - linux-2.6.24 <not-affected> (Introduced in 2.6.31)
- TODO: check when 2.6.31 enters unstable; working exploit code exists [-linux-2.6 <unfixed> (high)]
+ - linux-2.6 <not-affected> (Introduced in 2.6.31, fixed in Debian package before initial 2.6.31 upload)
+ - linux-2.6.24 <not-affected> (Introduced in 2.6.31)
CVE-2009-3227 (Cross-site scripting (XSS) vulnerability in index.php in AlmondSoft ...)
NOT-FOR-US: AlmondSoft Almond Classifieds Ads Enterprise
CVE-2009-3226 (SQL injection vulnerability in index.php in AlmondSoft Almond ...)
@@ -1077,9 +1082,9 @@
CVE-2009-3102 (The doHotCopy subroutine in socket-server.pl in Zmanda Recovery ...)
NOT-FOR-US: Zmanda Recovery Manager
CVE-2009-3101 (xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 10, and ...)
- NOT-FOR-US: xscreensaver on opensolaris (patch 120094-22 causes this)
+ - xscreensaver <not-affected> (OpenSolaris-specific, patch 120094-22 causes this)
CVE-2009-3100 (xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 9 and 10, ...)
- NOT-FOR-US: xscreensaver on opensolaris (patch 120094-22 causes this)
+ - xscreensaver <not-affected> (OpenSolaris-specific, patch 120094-22 causes this)
CVE-2009-3099 (Unspecified vulnerability in HP OpenView Operations Manager 8.1 on ...)
NOT-FOR-US: HP OpenView Operations Manager
CVE-2009-3098 (Unspecified vulnerability in the Portal in HP Operations Dashboard 2.1 ...)
@@ -1138,7 +1143,7 @@
NOT-FOR-US: EVA CMS
CVE-2009-XXXX [viewvc: XSS and illegal characters while printing name-value pairs]
- viewvc <unfixed> (low; bug #545779)
- NOTE: CVE id has been requested
+ NOTE: CVE id has been requested, fixed in 1.1.2
CVE-2009-3082 (SQL injection vulnerability in wcategory.php in Snow Hall Silurus ...)
NOT-FOR-US: Snow Hall Silurus System
CVE-2009-3081 (SQL injection vulnerability in index.php in Uiga Church Portal allows ...)
@@ -1307,8 +1312,7 @@
- linux-2.6 <unfixed> (medium)
[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31)
[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31)
- - linux-2.6.24 <removed> (medium)
- [etch] - linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.31)
+ - linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.31)
CVE-2008-7158 (Numara FootPrints 7.5a through 7.5a1 and 8.0 through 8.0a allows ...)
NOT-FOR-US: Numara FootPrints
CVE-2008-7157 (Unrestricted file upload vulnerability in EkinBoard 1.1.0 and earlier ...)
@@ -1765,8 +1769,9 @@
- planet <removed> (low; bug #546178)
[lenny] - planet <no-dsa> (Minor issue)
[etch] - planet <no-dsa> (Minor issue)
- - planet-venus <unfixed> (low; bug #546179)
+ - planet-venus 0~bzr116-1 (low; bug #546179)
[lenny] - planet-venus <no-dsa> (Minor issue)
+ TODO: next point update [lenny] - planet-venus 0~bzr95-2+lenny1
[etch] - planet-venus <no-dsa> (Minor issue)
CVE-2009-2936
RESERVED
@@ -4997,9 +5002,9 @@
- libcompress-raw-bzip2-perl 2.018-1 (medium; bug #542777)
[lenny] - libcompress-raw-bzip2-perl 2.011-2lenny1
CVE-2009-1883 (The z90crypt_unlocked_ioctl function in the z90crypt driver in the ...)
- - linux-2.6 2.6.19-1
- - linux-2.6.24 <removed>
- [etch] - linux-2.6.24 <not-affected> (problem was fixed before first upload)
+ - linux-2.6 2.6.19-1 (unimportant)
+ - linux-2.6.24 <not-affected> (problem was fixed before first upload, 2.6.19)
+ NOTE: See Solar Designer's posting to oss-security
CVE-2009-1882 (Integer overflow in the XMakeImage function in magick/xwindow.c in ...)
{DSA-1858-1}
- imagemagick 7:6.5.1.0-1.1 (medium; bug #530838)
Modified: data/ospu-candidates.txt
===================================================================
--- data/ospu-candidates.txt 2009-10-02 22:34:53 UTC (rev 12921)
+++ data/ospu-candidates.txt 2009-10-02 23:18:07 UTC (rev 12922)
@@ -62,6 +62,11 @@
--
+backuppc [BackupPC ClientNameAlias ssh rsync backup security bypass]
+#542218
+
+--
+
beagle (CVE-2005-4791)
notified maintainer
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2009-10-02 22:34:53 UTC (rev 12921)
+++ data/spu-candidates.txt 2009-10-02 23:18:07 UTC (rev 12922)
@@ -21,6 +21,11 @@
--
+backuppc [BackupPC ClientNameAlias ssh rsync backup security bypass]
+#542218
+
+--
+
bugzilla (CVE-2009-0481 to CVE-2009-0485)
notified maintainer
@@ -282,11 +287,6 @@
--
-planet-venus (CVE-2009-2937)
-bug #546179
-
---
-
webkit (CVE-2008-4724)
#520052
asked maintainer
More information about the Secure-testing-commits
mailing list