[Secure-testing-commits] r12968 - data/CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Fri Oct 9 23:03:23 UTC 2009 

Author: gilbert-guest
Date: 2009-10-09 23:03:06 +0000 (Fri, 09 Oct 2009)
New Revision: 12968

Modified:
   data/CVE/list
Log:
samba and openexr triage

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-10-09 21:14:16 UTC (rev 12967)
+++ data/CVE/list	2009-10-09 23:03:06 UTC (rev 12968)
@@ -1888,9 +1888,9 @@
 	RESERVED
 CVE-2009-2949
 	RESERVED
-CVE-2009-2948
+CVE-2009-2948 [samba: local password disclosure]
 	RESERVED
-	- samba 2:3.4.2-1
+	- samba 2:3.4.2-1 (medium; bug #550423)
 CVE-2009-2947 (Cross-site scripting (XSS) vulnerability in Xapian Omega before 1.0.16 ...)
 	{DSA-1882-1}
 	- xapian-omega 1.0.15-2
@@ -2076,9 +2076,9 @@
 	- linux-2.6.24 <removed> (medium)
 CVE-2009-2907
 	RESERVED
-CVE-2009-2906
+CVE-2009-2906 [samba: remote dos]
 	RESERVED
-	- samba 2:3.4.2-1
+	- samba 2:3.4.2-1 (low; bug #550423)
 CVE-2009-2905 (Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6, and ...)
 	{DSA-1894-1}
 	- newt 0.52.10-4.1 (medium; bug #548198)
@@ -2318,9 +2318,9 @@
 CVE-2009-2814 (Cross-site scripting (XSS) vulnerability in the Wiki Server in Apple ...)
 	NOT-FOR-US: Apple Mac OS X
 CVE-2009-2813 (The SMB (aka Samba) subsystem in Apple Mac OS X 10.5.8, when Windows ...)
-	- samba 2:3.4.2-1
-	TODO: check
-	NOTE: details are unknown
+	- samba 2:3.4.2-1 (unimportant; bug #550422)
+	NOTE: requires an administrator to manually configure a user account without
+	NOTE: a home dir, otherwise, this is ineffective
 CVE-2009-2812 (Launch Services in Apple Mac OS X 10.5.8 does not properly recognize ...)
 	NOT-FOR-US: Apple Mac OS X
 CVE-2009-2811 (Incomplete blacklist vulnerability in Launch Services in Apple Mac OS ...)
@@ -5579,13 +5579,13 @@
 	NOT-FOR-US: CFNetwork in Apple Mac OS X
 CVE-2009-1722 (Heap-based buffer overflow in the compression implementation in ...)
 	{DSA-1842-1}
-	- openexr <unfixed>
+	- openexr <unfixed> (medium; bug #540424)
 CVE-2009-1721 (The decompression implementation in the Imf::hufUncompress function in ...)
 	{DSA-1842-1}
-	- openexr <unfixed>
+	- openexr <unfixed> (medium; bug #540424)
 CVE-2009-1720 (Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow ...)
 	{DSA-1842-1}
-	- openexr <unfixed>
+	- openexr <unfixed> (medium; bug #540424)
 CVE-2009-1719 (The Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X ...)
 	NOT-FOR-US: Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X
 CVE-2009-1718 (WebKit in Apple Safari before 4.0 allows user-assisted remote ...)

More information about the Secure-testing-commits mailing list