[Secure-testing-commits] r12823 - data/CVE

Tue Sep 15 21:39:14 UTC 2009

Author: jmm-guest
Date: 2009-09-15 21:39:14 +0000 (Tue, 15 Sep 2009)
New Revision: 12823

Modified:
   data/CVE/list
Log:
radare fixed
track openssl point update fixes


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2009-09-15 21:14:11 UTC (rev 12822)
+++ data/CVE/list	2009-09-15 21:39:14 UTC (rev 12823)
@@ -4503,9 +4503,7 @@
 CVE-2009-1762 (Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess ...)
 	NOT-FOR-US: Novell GroupWise
 CVE-2009-XXXX [radare-common insecure temp files handling]
-	- radare (low)
-	TODO: file bug
-	NOTE: see the portions of code of #530178
+	- radare 1.4-1 (low)
 CVE-2009-1761 (The message engine in CA ARCserve Backup r12.0 and r12.0 SP1 for ...)
 	NOT-FOR-US: CA ARCserve Backup
 CVE-2009-1760 (Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar ...)
@@ -4518,7 +4516,6 @@
 	{DSA-1809-1}
 	- linux-2.6 2.6.28-1 (low; bug #536148)
 	- linux-2.6.24 <removed>
-	NOTE: maximum impact is denial-of-service, so low-urgency
 CVE-2009-1757 (Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 ...)
 	- transmission 1.61-1 (low)
 	[lenny] - transmission <not-affected> (Vulnerable code not present, the web interface was introduced in 1.30)
@@ -5572,9 +5569,11 @@
 	- linux-2.6.24 <not-affected> (problem in redhat-specific kernel patches)
 CVE-2009-1387 (The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in ...)
 	- openssl 0.9.8k-2 (low; bug #532037)
+	[lenny] - openssl 0.9.8g-15+lenny3
 	- openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
 CVE-2009-1386 (ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause ...)
 	- openssl 0.9.8k-1 (low; bug #532037)
+	[lenny] - openssl 0.9.8g-15+lenny3
 	- openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
 CVE-2009-1385 (Integer underflow in the e1000_clean_rx_irq function in ...)
 	{DSA-1865-1 DSA-1844-1}
@@ -5593,12 +5592,15 @@
 	RESERVED
 CVE-2009-1379 (Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment ...)
 	- openssl 0.9.8k-1 (low; bug #530400)
+	[lenny] - openssl 0.9.8g-15+lenny3
 	- openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
 CVE-2009-1378 (Multiple memory leaks in the dtls1_process_out_of_seq_message function ...)
 	- openssl 0.9.8k-1 (low; bug #530400)
+	[lenny] - openssl 0.9.8g-15+lenny3
 	- openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
 CVE-2009-1377 (The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and ...)
 	- openssl 0.9.8k-1 (low; bug #530400)
+	[lenny] - openssl 0.9.8g-15+lenny3
 	- openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
 CVE-2009-1376 (Multiple integer overflows in the msn_slplink_process_msg functions in ...)
 	{DSA-1805-1}
@@ -9006,8 +9008,6 @@
 	- tomcat5.5 <unfixed> (low; bug #532366)
 CVE-2009-0579 (Linux-PAM before 1.0.4 does not enforce the minimum password age ...)
 	- pam 1.0.1-10 (unimportant; bug #514437)
-	[etch] - pam <no-dsa> (violation of administrator's policy, not a vulnerability)
-	[lenny] - pam <no-dsa> (violation of administrator's policy, not a vulnerability)
 	NOTE: the ability to change a password earlier than scheduled is not a security 
 	NOTE: vulnerability in itself (unless the user changes their password back to 
 	NOTE: their previous password; thus violating the security policy as defined by


