[Secure-testing-commits] r14482 - in data: . CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Wed Apr 14 17:42:01 UTC 2010 

Author: jmm-guest
Date: 2010-04-14 17:41:59 +0000 (Wed, 14 Apr 2010)
New Revision: 14482

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
- logrotate no-dsa
- fix source package names for kdm
- add refs to texlive issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-04-14 13:32:42 UTC (rev 14481)
+++ data/CVE/list	2010-04-14 17:41:59 UTC (rev 14482)
@@ -1474,6 +1474,7 @@
 	- moin 1.9.2-3 (low; bug #575995)
 CVE-2010-0827 [dvips integer overflow]
 	RESERVED
+	NOTE: http://www.tug.org/svn/texlive/trunk/Build/source/texk/dvipsk/ChangeLog?view=log
 	- texlive-bin <unfixed> (low)
 	[lenny] - texlive-bin <no-dsa> (minor issue)
 CVE-2010-0826 (The Free Software Foundation (FSF) Berkeley DB NSS module (aka ...)
@@ -1742,6 +1743,7 @@
 	NOTE: http://www.openssl.org/news/secadv_20100324.txt
 CVE-2010-0739 [dvips sprintf buffer overflow]
 	RESERVED
+	NOTE: http://www.tug.org/svn/texlive/trunk/Build/source/texk/dvipsk/ChangeLog?view=log
 	- texlive-bin <unfixed> (low)
 	[lenny] - texlive-bin <no-dsa> (minor issue)
 CVE-2010-0738
@@ -2589,8 +2591,11 @@
 	- linux-2.6 2.6.26-9
 CVE-2010-0436 [KDE Security Advisory: KDM Local Privilege Escalation Vulnerability]
 	RESERVED
-	- kdm <unfixed>
+	- kdebase 4:4.0
+	- kdebase-workspace <unfixed>
 	NOTE: http://www.kde.org/info/security/advisory-20100413-1.txt
+	NOTE: The binary package kdm was built from kdebase in Lenny and from kdebase-workspace
+	NOTE: in KDE 4.x, i.e. Squeeze onwards
 CVE-2010-0435
 	RESERVED
 CVE-2010-0434 (The ap_read_request function in server/protocol.c in the Apache HTTP ...)
@@ -9474,6 +9479,7 @@
 	RESERVED
 CVE-2009-XXXX [logrotate race condition could lead to file disclosure]
 	- logrotate 3.7.8-4 (low)
+	[lenny] - logrotate <no-dsa> (Minor issue)
 CVE-2008-6973 (Multiple unspecified vulnerabilities in IBM WebSphere Commerce 6.0 ...)
 	NOT-FOR-US: IBM WebSphere 
 CVE-2008-6961 (mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before ...)

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2010-04-14 13:32:42 UTC (rev 14481)
+++ data/spu-candidates.txt	2010-04-14 17:41:59 UTC (rev 14482)
@@ -245,6 +245,11 @@
 
 --
 
+logrotate [logrotate race condition could lead to file disclosure]
+Fixed in sid in 3.7.8-4
+
+--
+
 makepasswd (no CVE ID)
 #564559
 notified maintainer
@@ -434,6 +439,11 @@
 
 --
 
+texlive-bin (CVE-2010-0739, CVE-2010-0827)
+notified maintainer
+
+--
+
 trac (CVE-2009-4405)
 
 --

More information about the Secure-testing-commits mailing list