[Secure-testing-commits] r14529 - in data: . CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Mon Apr 19 22:34:53 UTC 2010
Author: jmm-guest
Date: 2010-04-19 22:34:53 +0000 (Mon, 19 Apr 2010)
New Revision: 14529
Modified:
data/CVE/list
data/spu-candidates.txt
Log:
- rewrite clamav with EOL tag
- couchdb fixed
- two fixes in Sun Java 6
- couchdb no-dsa
- begin qt4-x11 triage
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-04-19 21:14:22 UTC (rev 14528)
+++ data/CVE/list 2010-04-19 22:34:53 UTC (rev 14529)
@@ -1584,8 +1584,14 @@
TODO: check
CVE-2010-0887
RESERVED
+ - openjdk-6 <undetermined>
+ - sun-java6 6.20-1
+ [lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2010-0886
RESERVED
+ - openjdk-6 <undetermined>
+ - sun-java6 6.20-1
+ [lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2010-0885 (Unspecified vulnerability in the Sun Java System Communications ...)
TODO: check
CVE-2010-0884 (Unspecified vulnerability in the Sun Cluster component in Oracle Sun ...)
@@ -4016,8 +4022,7 @@
RESERVED
CVE-2010-0098 (ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z ...)
- clamav 0.96+dfsg-1
- [lenny] - clamav <no-dsa> (no longer supported)
- TODO: check
+ [lenny] - clamav <end-of-life> (No longer supported in Lenny)
CVE-2010-0097 (ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before ...)
- bind9 1:9.7.0.dfsg-1
CVE-2010-0096
@@ -4801,8 +4806,8 @@
NOTE: not by a client. No sane person uses apache 1.3 as forward proxy and in reverse
NOTE: proxy situations, the backend server is usually trusted, anyway.
CVE-2010-0009 (Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain ...)
- - couchdb <unfixed> (bug #576304)
- NOTE: I don't really see the security implications?
+ - couchdb 0.11.0-1 (bug #576304)
+ [lenny] - couchdb <no-dsa> (Minor information leak)
CVE-2010-0008 (The sctp_rcv_ootb function in the SCTP implementation in the Linux ...)
- linux-2.6 2.6.23-1
CVE-2010-0007 (net/bridge/netfilter/ebtables.c in the ebtables module in the ...)
@@ -12862,7 +12867,7 @@
NOTE: patch http://trac.webkit.org/changeset/44799/
NOTE: PoC https://cevans-app.appspot.com/static/webkitentityoffbyone.html
CVE-2009-1724 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
- - qt4-x11 <unfixed> (low; bug #538403)
+ - qt4-x11 <undetermined> (bug #538403)
[etch] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
- webkit 1.1.13-1 (low; bug #538402)
- kdelibs <unfixed> (unimportant)
@@ -13020,14 +13025,15 @@
- webkit 1.1.12-1 (medium; bug #535793)
- kdelibs <not-affected>
- kde4libs <not-affected>
- - qt4-x11 <undetermined>
+ - qt4-x11 <unfixed>
NOTE: http://trac.webkit.org/changeset/35928
CVE-2009-1692 (WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, ...)
{DSA-1950-1}
- webkit 1.1.12-1 (low; bug #535793)
- kdelibs <unfixed> (unimportant)
- kde4libs <unfixed> (unimportant)
- - qt4-x11 <undetermined> (unimportant)
+ - qt4-x11 4:4.6.2-4 (unimportant)
+ NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
NOTE: upstream (undisclosed) bug report is https://bugs.webkit.org/show_bug.cgi?id=23319
NOTE: http://trac.webkit.org/changeset/41741
CVE-2009-1691 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2010-04-19 21:14:22 UTC (rev 14528)
+++ data/spu-candidates.txt 2010-04-19 22:34:53 UTC (rev 14529)
@@ -66,6 +66,11 @@
--
+couchdb (CVE-2010-0009)
+#576304
+
+--
+
cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked
#528434
notified maintainer
More information about the Secure-testing-commits
mailing list