[Secure-testing-commits] r13023 - in data: . CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Thu Oct 15 21:47:53 UTC 2009 

Author: jmm-guest
Date: 2009-10-15 21:47:53 +0000 (Thu, 15 Oct 2009)
New Revision: 13023

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
- oping CVEfied
- xscreensaver spu fix
- dhttpd no-dsa
- mono fixed
- new backintime issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-10-15 21:14:22 UTC (rev 13022)
+++ data/CVE/list	2009-10-15 21:47:53 UTC (rev 13023)
@@ -173,14 +173,18 @@
 	RESERVED
 CVE-2009-3615
 	RESERVED
-CVE-2009-3614
+CVE-2009-3614 [oping suid 0 arbitrary file disclosure]
 	RESERVED
+	- liboping 1.3.3-1 (low; bug #548684)
+	[lenny] - liboping <not-affected> (doesn't have -f option yet)
+	[etch] - liboping <not-affected> (doesn't have -f option yet)
 CVE-2009-3613
 	RESERVED
 CVE-2009-3612
 	RESERVED
-CVE-2009-3611
+CVE-2009-3611 [backintime information disclosure]
 	RESERVED
+	- backintime 0.9.26-3 (bug #543785)
 CVE-2009-3609
 	RESERVED
 CVE-2009-3608
@@ -692,11 +696,6 @@
 	RESERVED
 CVE-2009-3392
 	RESERVED
-CVE-2009-XXXX [oping suid 0 arbitrary file disclosure]
-	- liboping 1.3.3-1 (low; bug #548684)
-	[lenny] - liboping <not-affected> (doesn't have -f option yet)
-	[etch] - liboping <not-affected> (doesn't have -f option yet)
-	TODO: request CVE id
 CVE-2009-XXXX [merkaartor merkaartor.log minor symlink attack]
 	- merkaartor 0.14+svnfixes~20090912-2 (unimportant; bug #548546)
 	[lenny] - merkaartor <not-affected> (vulnerable code not present)
@@ -3077,6 +3076,7 @@
 	TODO: request CVE id
 	[etch] - xscreensaver <no-dsa> (Minor issue)
 	[lenny] - xscreensaver <no-dsa> (Minor issue)
+	TODO: next point release [lenny] - xscreensaver 5.05-3+lenny1
 CVE-2009-XXXX [php5: remote information disclosure]
 	- php5 5.2.11.dfsg.1-1 (low; bug #540605)
 	TODO: check php4
@@ -4852,7 +4852,9 @@
 	- apache <removed> (medium; bug #533662)
 	- squid <unfixed> (medium; bug #533663)
 	- squid3 <unfixed> (medium; bug #533664)
-	- dhttpd <unfixed> (medium; bug #533665)
+	- dhttpd <unfixed> (low; bug #533665)
+	[etch] - dhttpd <no-dsa> (Minor issue)
+	[lenny] - dhttpd <no-dsa> (Minor issue)
 	- lighttpd <not-affected>
 	TODO: follow-up with maintainers (exploit site says these servers vulnerable, but i have not checked, asked maintainers to do so)
 	TODO: determine if any of the other webservers are affected
@@ -11636,7 +11638,7 @@
 	{DSA-1849-1}
 	- xml-security-c 1.4.0-4
 	- xmlsec1 <unfixed>
-	- mono <unfixed>
+	- mono 2.4.2.3+dfsg-1
 	NOTE: http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html
 	NOTE: http://anonsvn.mono-project.com/viewvc?view=rev&revision=137891
 	NOTE: http://www.aleksey.com/xmlsec/download.html (1.2.12 has fix)

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2009-10-15 21:14:22 UTC (rev 13022)
+++ data/spu-candidates.txt	2009-10-15 21:47:53 UTC (rev 13023)
@@ -353,11 +353,5 @@
 
 --
 
-xscreensaver (no CVE)
-#539699
-notified maintainer
-
---
-
 ziproxy (CVE-2009-0804)
 #521051

More information about the Secure-testing-commits mailing list