[Secure-testing-commits] r14516 - data/CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Sat Apr 17 22:17:17 UTC 2010 

Author: gilbert-guest
Date: 2010-04-17 22:17:17 +0000 (Sat, 17 Apr 2010)
New Revision: 14516

Modified:
   data/CVE/list
Log:
new issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-04-17 21:55:35 UTC (rev 14515)
+++ data/CVE/list	2010-04-17 22:17:17 UTC (rev 14516)
@@ -170,6 +170,14 @@
 	- sun-java6 <unfixed> (high)
 CVE-2010-XXXX [gource: predictable log file located in /tmp]
 	- gource 0.26-2 (low; bug #577958)
+CVE-2010-XXXX [webkit: lots of dns lookups]
+	- webkit <unfixed> (unimportant; bug #578019)
+	NOTE: i find it questionable whether this is really a security issue...
+	NOTE: iceweasel behaves the same way...it's probably the page caching feature
+CVE-2010-XXXX [irssi: ssl proxy issue]
+        - irssi <undetermined>
+        NOTE: http://www.openwall.com/lists/oss-security/2010/04/17/1
+        TODO: check
 CVE-2010-1564
 	REJECTED
 CVE-2010-1372 (SQL injection vulnerability in the HD FLV Player (com_hdflvplayer) ...)
@@ -693,8 +701,11 @@
 	RESERVED
 CVE-2010-1164
 	RESERVED
-CVE-2010-1163
+CVE-2010-1163 [another sudoedit issue]
 	RESERVED
+	- sudo <unfixed>
+	NOTE: http://www.openwall.com/lists/oss-security/2010/04/15/4
+	TODO: check
 CVE-2010-1162 [linux-2.6: tty pid issue]
 	RESERVED
 	- linux-2.6 <unfixed>
@@ -1934,6 +1945,7 @@
 CVE-2010-0750 (pkexec.c in pkexec in libpolkit in PolicyKit 0.96 allows local users ...)
 	- policykit <not-affected> (pkexec introduced in 0.92)
 	[lenny] - policykit <not-affected> (pkexec introduced in 0.92)
+        TODO: check when >= 0.92 gets uploaded
 CVE-2010-0749
 	RESERVED
 	- transmission 1.92-1 (unimportant; bug filed)
@@ -1944,7 +1956,7 @@
 CVE-2010-0746 [DeviceKit privilege escalation via pluggable storage device labels]
 	RESERVED
 	- devicekit-disks 1.0.0~git20100212.aae17d9-1
-	NOTE: s/devicekit-disks/udisks now?
+	TODO: s/devicekit-disks/udisks now?
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=523178
 	NOTE: http://cgit.freedesktop.org/DeviceKit/DeviceKit-disks/commit/?id=62f883c7d38e75d0669c162529062a1e81d00da2
 	NOTE: http://bugs.freedesktop.org/show_bug.cgi?id=23235

More information about the Secure-testing-commits mailing list