[Secure-testing-commits] r14523 - data/CVE

Raphael Geissert geissert at alioth.debian.org
Mon Apr 19 00:13:50 UTC 2010


Author: geissert
Date: 2010-04-19 00:13:11 +0000 (Mon, 19 Apr 2010)
New Revision: 14523

Modified:
   data/CVE/list
Log:
new fetchmail issue
some pidgin no-dsa issues were "fixed" by a dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-04-18 21:14:54 UTC (rev 14522)
+++ data/CVE/list	2010-04-19 00:13:11 UTC (rev 14523)
@@ -1,3 +1,9 @@
+CVE-2010-XXXX [fetchmail memory exhaustion DoS]
+	- fetchmail <unfixed> (low)
+	[lenny] - fetchmail <no-dsa> (only vulnerable when run under debug verbosity level)
+	NOTE: http://www.fetchmail.info/fetchmail-SA-2010-02.txt
+	NOTE: http://gitorious.org/fetchmail/fetchmail/commit/ec06293
+	TODO: file report
 CVE-2010-1457
 	RESERVED
 CVE-2010-1456
@@ -8472,11 +8478,9 @@
 CVE-2009-3084 (The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c ...)
 	{DSA-2038-1}
 	- pidgin 2.6.2-1 (low)
-	[lenny] - pidgin <no-dsa> (Minor issue)
 CVE-2009-3083 (The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the ...)
 	{DSA-2038-1}
 	- pidgin 2.6.2-1 (low)
-	[lenny] - pidgin <no-dsa> (Minor issue)
 CVE-2008-7185 (GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of ...)
 	- rhythmbox <unfixed> (unimportant)
 	NOTE: No practical security impact




More information about the Secure-testing-commits mailing list