[Secure-testing-commits] r12869 - in data: . CVE

[Giuseppe Iuculano]

Author: derevko-guest
Date: 2009-09-22 18:31:46 +0000 (Tue, 22 Sep 2009)
New Revision: 12869

Modified:
   data/CVE/list
   data/ospu-candidates.txt
   data/spu-candidates.txt
Log:
- spu notifications
- CVE-2009-3235 is a different vulnerability than CVE-2009-2632


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-09-22 09:14:19 UTC (rev 12868)
+++ data/CVE/list	2009-09-22 18:31:46 UTC (rev 12869)
@@ -74,7 +74,10 @@
 CVE-2009-3237 (Multiple cross-site scripting (XSS) vulnerabilities in Horde ...)
 	TODO: check
 CVE-2009-3235 (Multiple stack-based buffer overflows in the Sieve plugin in Dovecot ...)
+	- cyrus-imapd-2.2 <unfixed> (medium; bug #547947)
+	- kolab-cyrus-imapd <unfixed> (medium; bug #547712)
 	- dovecot 1:1.2.1-1 (medium; bug #546656)
+	NOTE: This is a different vulnerability than CVE-2009-2632, it covers a few additional buffer overflows
 CVE-2009-3228
 	RESERVED
 CVE-2005-4881
@@ -2386,10 +2389,8 @@
 CVE-2009-2632 (Buffer overflow in the SIEVE script component (sieve/script.c), as ...)
 	{DSA-1881-1}
 	- cyrus-imapd-2.2 2.2.13-15 (medium)
-	- kolab-cyrus-imapd (medium; bug #547712)
-	- dovecot 1:1.2.1-1 (medium)
-	NOTE: the CVE-2009-3235 text for dovecot says that that is a different issues, 
-	NOTE: but the advisories and code changes are the same as for this CVE
+	- kolab-cyrus-imapd <unfixed> (medium; bug #547712)
+	- dovecot 1:1.2.1-1 (medium; bug #546656)
 CVE-2009-2631
 	RESERVED
 CVE-2009-2630

Modified: data/ospu-candidates.txt
===================================================================
--- data/ospu-candidates.txt	2009-09-22 09:14:19 UTC (rev 12868)
+++ data/ospu-candidates.txt	2009-09-22 18:31:46 UTC (rev 12869)
@@ -573,6 +573,11 @@
 
 --
 
+rails (CVE-2009-3086)
+bug #545063
+
+--
+
 rancid (CVE-2008-4979)
 #496426
 notified maintainer

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2009-09-22 09:14:19 UTC (rev 12868)
+++ data/spu-candidates.txt	2009-09-22 18:31:46 UTC (rev 12869)
@@ -70,6 +70,7 @@
 
 gupnp (CVE-2009-2174)
 #534594
+notified maintainer
 
 --
 
@@ -231,6 +232,11 @@
 
 --
 
+rails (CVE-2009-3086)
+bug #545063
+
+--
+
 slim (CVE-2009-1756)
 bug #529306
 Maintainer notified through followup in #529306