[Secure-testing-commits] r14470 - in data: . CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Tue Apr 13 21:44:57 UTC 2010


Author: jmm-guest
Date: 2010-04-13 21:44:56 +0000 (Tue, 13 Apr 2010)
New Revision: 14470

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
- konversation not-affected
- trac no-dsa
- more information on RTSP issue affecting mplayer and VLC
- opendchub not-affected in Lenny
- tgt fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-04-13 21:14:45 UTC (rev 14469)
+++ data/CVE/list	2010-04-13 21:44:56 UTC (rev 14470)
@@ -514,6 +514,7 @@
 	[lenny] - linux-2.6 <not-affected> (vulnerable code not yet present)
 CVE-2010-1147 (Stack-based buffer overflow in Open Direct Connect Hub (aka Open DC ...)
 	- opendchub <unfixed> (bug #576308)
+	[lenny] - opendchub <not-affected> (Vulnerable code not present)
 CVE-2010-1146 (The Linux kernel 2.6.33.2 and earlier, when a ReiserFS filesystem ...)
 	- linux-2.6 <unfixed>
 	[lenny] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.30)
@@ -1720,7 +1721,7 @@
 	NOTE: http://www.juniper.net/security/auto/vulnerabilities/vuln35507.html
 CVE-2010-0743 (Multiple format string vulnerabilities in isns.c in (1) Linux SCSI ...)
 	- iscsitarget <unfixed> (medium; bug #574935)
-	- tgt <unfixed> (medium; bug #576086) 
+	- tgt 1:1.0.3-2 (medium; bug #576086) 
 CVE-2010-0742
 	RESERVED
 CVE-2010-0741 (The virtio_net_bad_features function in hw/virtio-net.c in the ...)
@@ -1943,6 +1944,7 @@
 	- linux-2.6.24 <not-affected> (fixed before 2.6.24)
 CVE-2010-XXXX [konversation DoS]
 	- konversation 1.2.3-1 (low)
+	[lenny] - konversation <not-affected> (Doesn't affect the combination of kdelibs/QT in Lenny)
 	NOTE: http://bugs.kde.org/show_bug.cgi?id=219985
 CVE-2010-0664 (Stack consumption vulnerability in the ...)
 	- chromium-browser <itp> (bug #520334)
@@ -4025,7 +4027,8 @@
 CVE-2009-4406 (Cross-site scripting (XSS) vulnerability in Forms/login1 in American ...)
 	NOT-FOR-US: APC Switched Rack PDU AP7932 B2
 CVE-2009-4405 (Multiple unspecified vulnerabilities in Trac before 0.11.6 have ...)
-	- trac 0.11.6-1
+	- trac 0.11.6-1 (low)
+	[lenny] - trac <no-dsa> (Minor information disclosure)
 CVE-2009-4404 (Unspecified vulnerability in t-prot (TOFU Protection) before 2.8 ...)
 	- t-prot 2.8-1 (low)
 	[etch] - t-prot <no-dsa> (Minor issue)
@@ -9985,11 +9988,12 @@
 CVE-2008-6892 (SQL injection vulnerability in lire/index.php in Peel 3.1 allows ...)
 	NOT-FOR-US: Peel
 CVE-2009-XXXX [VLC: integer underflow in Real RTSP]
-	- vlc 1.0.1-1
+	- vlc <unfixed>
 	- mplayer <unfixed>
 	- xine-lib <not-affected> (immune due to additional check in xio_rw_abbort())
-	NOTE: Posting on full-disclosure contains details
-	TODO: Which posting?
+	TODO: File bugs
+	NOTE: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=dc74600c97eb834c08674676e209afa842053aca
+	NOTE: http://dzcore.wordpress.com/2009/07/27/dzc-2009-001-the-movie-player-and-vlc-media-player-real-data-transport-parsing-integer-underflow/
 CVE-2009-2655 (mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2009-2654 (Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote ...)

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2010-04-13 21:14:45 UTC (rev 14469)
+++ data/spu-candidates.txt	2010-04-13 21:44:56 UTC (rev 14470)
@@ -434,6 +434,10 @@
 
 --
 
+trac (CVE-2009-4405)
+
+--
+
 udev (#462655)
 notified maintainer
 




More information about the Secure-testing-commits mailing list