[Secure-testing-commits] r15148 - in data: . CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Thu Aug 12 13:46:08 UTC 2010 

Author: jmm-guest
Date: 2010-08-12 13:46:04 +0000 (Thu, 12 Aug 2010)
New Revision: 15148

Modified:
   data/CVE/list
   data/embedded-code-copies
Log:
- new mantis issue (doesn't affect versions in Debian)
- fix broken mediawiki entry
- new freetype issue
- wireshark CVEfied
- record kvirc fix in unstable
- knowledgeroot code copy has been fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-08-10 21:38:11 UTC (rev 15147)
+++ data/CVE/list	2010-08-12 13:46:04 UTC (rev 15148)
@@ -3,14 +3,14 @@
 	[lenny] - lynx <no-dsa> (Minor issue)
 	NOTE: exploit scenario really obscure
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/lynx-cur/+bug/613254
-CVE-2010-XXXX [Wireshark 1.2.10 SigComp Universal Decompressor Virtual Machine could overrun a buffer]
+CVE-2010-2995 [Wireshark 1.2.10 SigComp Universal Decompressor Virtual Machine could overrun a buffer]
 	- wireshark 1.2.10-1
-CVE-2010-XXXX [Wireshark 1.2.10 GSM A RR dissector could crash]
+CVE-2010-2992 [Wireshark 1.2.10 GSM A RR dissector could crash]
 	- wireshark 1.2.10-1
 	[lenny] - wireshark <not-affected> (Only affects 1.2.x)
-CVE-2010-XXXX [Wireshark 1.2.10 Due to a regression the ASN.1 BER dissector could overrun the stack]
+CVE-2010-2994 [Wireshark 1.2.10 Due to a regression the ASN.1 BER dissector could overrun the stack]
 	- wireshark 1.2.10-1
-CVE-2010-XXXX [Wireshark 1.2.10 The IPMI dissector could go into an infinite loop]
+CVE-2010-2993 [Wireshark 1.2.10 The IPMI dissector could go into an infinite loop]
 	- wireshark 1.2.10-1
 	[lenny] - wireshark <not-affected> (Only affects 1.2.x)
 CVE-2010-2971 (loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly ...)
@@ -265,7 +265,7 @@
 CVE-2010-2861
 	RESERVED
 CVE-2010-2860 (The EMC Celerra Network Attached Storage (NAS) appliance accepts ...)
-	TODO: check
+	NOT-FOR-US: EMC
 CVE-2009-4974 (Directory traversal vulnerability in box_display.php in TotalCalendar ...)
 	NOT-FOR-US: TotalCalendar
 CVE-2009-4973 (SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows ...)
@@ -455,7 +455,7 @@
 	[lenny] - zabbix <no-dsa> (Minor issue)
 CVE-2010-2789 [mediawiki "register_globals arbitrary inclusion"]
 	RESERVED
-	NOT-FOR-US: mediawiki
+	- mediawiki <undetermined>
 	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html
 	NOTE: Affects mediawiki 1:1.16.0beta* - was not and will not be in Debian
 CVE-2010-2788 [mediawiki XSS]
@@ -469,10 +469,10 @@
 	[lenny] - mediawiki <no-dsa> (Minor issue)
 	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html
 CVE-2010-2786 (Directory traversal vulnerability in Piwik 0.6 through 0.6.3 allows ...)
-	TODO: check
+	NOT-FOR-US: Piwik
 CVE-2010-2785 (The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not ...)
 	{DSA-2078-1}
-	TODO: check
+	- kvirc 4:4.0.0-3
 CVE-2010-2784
 	RESERVED
 CVE-2010-2783
@@ -1416,7 +1416,7 @@
 	- mahara 1.2.5-1
 	- moodle <unfixed> (low)
 	[lenny] - moodle <not-affected> (doesn't ship/use htmlpurifier)
-	- knowledgeroot <unfixed> (low)
+	- knowledgeroot 0.9.9.5-5
 	[lenny] - knowledgeroot <no-dsa> (low)
 CVE-2010-2419
 	RESERVED
@@ -1938,12 +1938,16 @@
 	RESERVED
 CVE-2010-2216
 	RESERVED
+	NOT-FOR-US: Adobe Flash Plugin
 CVE-2010-2215
 	RESERVED
+	NOT-FOR-US: Adobe Flash Plugin
 CVE-2010-2214
 	RESERVED
+	NOT-FOR-US: Adobe Flash Plugin
 CVE-2010-2213
 	RESERVED
+	NOT-FOR-US: Adobe Flash Plugin
 CVE-2010-2212 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x ...)
 	NOT-FOR-US: Adobe Reader
 CVE-2010-2211 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...)
@@ -2986,8 +2990,9 @@
 	RESERVED
 CVE-2010-1798
 	RESERVED
-CVE-2010-1797
+CVE-2010-1797 [freetype CFF buffer overflow]
 	RESERVED
+	- freetype 2.4.2-1
 CVE-2010-1796 (The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 ...)
 	- webkit <undetermined>
 	- chromium-browser <undetermined>
@@ -7846,6 +7851,7 @@
 	RESERVED
 CVE-2010-0209
 	RESERVED
+	NOT-FOR-US: Adobe Flash Plugin
 CVE-2010-0208
 	RESERVED
 CVE-2010-0207
@@ -13828,6 +13834,9 @@
 	NOT-FOR-US: Apple Mac OS X
 CVE-2009-2802
 	RESERVED
+	- mantis <not-affected> (Only affects 1.2.x)
+	NOTE: http://www.mantisbt.org/bugs/view.php?id=11952
+	NOTE: http://www.mantisbt.org/blog/?p=113
 CVE-2009-2801 (The Application Firewall in Apple Mac OS X 10.5.8 drops unspecified ...)
 	NOT-FOR-US: Apple Application Firewall
 CVE-2009-2800 (Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 ...)

Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies	2010-08-10 21:38:11 UTC (rev 15147)
+++ data/embedded-code-copies	2010-08-12 13:46:04 UTC (rev 15148)
@@ -66,7 +66,7 @@
 
 php-htmlpurifier
 	- mahara 1.2.5-1 (embed)
-	- knowledgeroot <unfixed> (embed)
+	- knowledgeroot 0.9.9.5-5 (embed)
 	- moodle <unfixed> (embed)
 
 peercast

More information about the Secure-testing-commits mailing list