[Secure-testing-commits] r12960 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Fri Oct 9 17:21:44 UTC 2009 

Author: jmm-guest
Date: 2009-10-09 17:21:44 +0000 (Fri, 09 Oct 2009)
New Revision: 12960

Modified:
   data/CVE/list
Log:
- wireshark updates (spu, not-affected)
- qt4 fixed
- new phpgroupware issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-10-09 15:43:23 UTC (rev 12959)
+++ data/CVE/list	2009-10-09 17:21:44 UTC (rev 12960)
@@ -32,6 +32,10 @@
 	- jetty <unfixed> (unimportant)
 	NOTE: http://www.coresecurity.com/content/jetty-persistent-xss
 	NOTE: only an example application
+CVE-2009-XXXX [phpgroupware XSS]
+	- phpgroupware 1:0.9.16.012+dfsg-9
+CVE-2009-XXXX [phpgroupware unspecified addressbook issue]
+	- phpgroupware 1:0.9.16.012+dfsg-9
 CVE-2009-3566
 	RESERVED
 CVE-2009-3565
@@ -771,9 +775,13 @@
 	- wireshark <not-affected> (Windows-only issue)
 CVE-2009-3242 (Unspecified vulnerability in packet.c in the GSM A RR dissector in ...)
 	- wireshark 1.2.2-1 (low; bug #547704)
-	NOTE: no-dsa candidate, application crash
+	[etch] - wireshark <not-affected> (Only affects 1.2.x)
+	[lenny] - wireshark <not-affected> (Only affects 1.2.x)
 CVE-2009-3241 (Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark ...)
 	- wireshark 1.2.2-1 (low; bug #547704)
+	[etch] - wireshark <not-affected> (Only affects >= 0.99.6)
+	[lenny] - wireshark <no-dsa> (Minor issue, targeted for next point release)
+	TODO: next point release: [lenny] - wireshark 1.0.2-3+lenny6
 CVE-2009-3240 (Cross-site scripting (XSS) vulnerability in the Happy Linux XF-Section ...)
 	NOT-FOR-US: module for XOOPS
 CVE-2009-3239 (Buffer overflow in the EMF parser implementation in OpenOffice.org ...)
@@ -2853,7 +2861,7 @@
 	[etch] - zodb <not-affected> (The vulnerability was introduced in ZODB 3.8)
 	[lenny] - zodb <not-affected> (The vulnerability was introduced in ZODB 3.8)
 CVE-2009-2700 (src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not ...)
-	- qt4-x11 <unfixed> (medium; bug #545793)
+	- qt4-x11 4:4.5.3-1 (medium; bug #545793)
 	[etch] - qt4-x11 <not-affected> (QSsl* classes were introduced in Qt 4.3)
 CVE-2009-2699 [apr DoS on Solaris]
 	RESERVED
@@ -3314,6 +3322,7 @@
 CVE-2009-2562 (Unspecified vulnerability in the AFS dissector in Wireshark 0.9.2 ...)
 	- wireshark 1.2.1-1 (low; bug #538237)
 	[lenny] - wireshark <no-dsa> (Minor issue, targeted for lenny point update)
+	TODO: next point release: [lenny] - wireshark 1.0.2-3+lenny6
 	[etch] - wireshark <no-dsa> (Minor issue)
 CVE-2009-2561 (Unspecified vulnerability in the sFlow dissector in Wireshark 1.2.0 ...)
 	- wireshark 1.2.1-1 (bug #538237)
@@ -5368,6 +5377,7 @@
 CVE-2009-1829 (Unspecified vulnerability in the PCNFSD dissector in Wireshark 0.8.20 ...)
 	- wireshark 1.0.8-1 (low; bug #533347)
 	[lenny] - wireshark <no-dsa> (Minor issue, targeted for lenny point update)
+	TODO: next point release: [lenny] - wireshark 1.0.2-3+lenny6
 	[etch] - wireshark <no-dsa> (Minor issue)
 CVE-2009-1808 (Microsoft Windows XP SP3 allows local users to cause a denial of ...)
 	NOT-FOR-US: Microsoft

More information about the Secure-testing-commits mailing list