[Secure-testing-commits] r12902 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Tue Sep 29 16:36:07 UTC 2009 

Author: jmm-guest
Date: 2009-09-29 16:36:06 +0000 (Tue, 29 Sep 2009)
New Revision: 12902

Modified:
   data/CVE/list
Log:
- new drupal issues (drupal5 seems to be back in Squeeze, we should
contact the maintainer that again like in Lenny only one version
gets included in the stable release)
- kernel issues fixed
- squid fixed (also affects squid3)
- movabletype spu fix scheduled



Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-09-29 13:27:36 UTC (rev 12901)
+++ data/CVE/list	2009-09-29 16:36:06 UTC (rev 12902)
@@ -91,6 +91,8 @@
 	- amsn <unfixed>
 	TODO: file bug
 	NOTE: http://www.juniper.net/security/auto/vulnerabilities/vuln35507.html
+CVE-2009-XXXX [SA-CORE-2009-008]
+	- drupal6 6.14-1 (bug #547140)
 CVE-2009-3391
 	RESERVED
 CVE-2009-3390 (Multiple unspecified vulnerabilities in the (1) iscsiadm and (2) ...)
@@ -1220,11 +1222,11 @@
 CVE-2009-3003 (Microsoft Internet Explorer 6 through 8 allows remote attackers to ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2009-3002 (The Linux kernel before 2.6.31-rc7 does not initialize certain data ...)
-	- linux-2.6 <unfixed> (low)
+	- linux-2.6 2.6.30-7 (low)
 	- linux-2.6.24 <removed>
 	NOTE: minor info leaks
 CVE-2009-3001 (The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel ...)
-	- linux-2.6 <unfixed> (low)
+	- linux-2.6 2.6.30-7 (low)
 	- linux-2.6.24 <removed>
 	NOTE: minor info leak
 CVE-2009-3000 (The sockfs module in the kernel in Sun Solaris 10 and OpenSolaris ...)
@@ -1801,7 +1803,8 @@
 CVE-2009-2856 (Sun Virtual Desktop Infrastructure (VDI) 3.0, when anonymous binding ...)
 	NOT-FOR-US: Sun Virtual Desktop Infrastructure
 CVE-2009-2855 (The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 ...)
-	- squid <unfixed> (low; bug #534982)
+	- squid 2.7.STABLE7-1 (low; bug #534982)
+	- squid3 3.0.STABLE19-1
 CVE-2009-2854 (Wordpress before 2.8.3 does not check capabilities for certain ...)
 	{DSA-1871-2 DSA-1871-1}
 	- wordpress 2.8.3-1
@@ -3096,6 +3099,7 @@
 CVE-2009-2492 (Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart ...)
 	- movabletype-opensource 4.2.6.1-1 (low; bug #537935) 
 	[lenny] - movabletype-opensource <no-dsa> (Minor information disclosure)
+	TODO: next point update: [lenny] - movabletype-opensource 4.2.3-1+lenny1
 CVE-2009-XXXX [mediawiki: XSS via specialblock]
 	- mediawiki 1:1.15.0-1.1 (low; bug #537634)
 	- mediawiki1.7 <removed>

More information about the Secure-testing-commits mailing list