[Secure-testing-commits] r15656 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Tue Dec 7 21:07:48 UTC 2010 

Author: jmm-guest
Date: 2010-12-07 21:07:47 +0000 (Tue, 07 Dec 2010)
New Revision: 15656

Modified:
   data/CVE/list
Log:
- pythonpath fixed in distcc, gquilt and dlr-languages
- fontforge, openssl fixed
- NFUs
- one awstats issue windows-specific


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-12-07 01:59:18 UTC (rev 15655)
+++ data/CVE/list	2010-12-07 21:07:47 UTC (rev 15656)
@@ -82,20 +82,20 @@
 CVE-2010-4375
 	RESERVED
 CVE-2010-4374 (The in_mkv plugin in Winamp before 5.6 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Winamp
 CVE-2010-4373 (The in_mp4 plugin in Winamp before 5.6 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Winamp
 CVE-2010-4372 (Integer overflow in the in_nsv plugin in Winamp before 5.6 allows ...)
-	TODO: check
+	NOT-FOR-US: Winamp
 CVE-2010-4371 (Buffer overflow in the in_mod plugin in Winamp before 5.6 allows ...)
-	TODO: check
+	NOT-FOR-US: Winamp
 CVE-2010-4370 (Multiple integer overflows in the in_midi plugin in Winamp before 5.6 ...)
-	TODO: check
+	NOT-FOR-US: Winamp
 CVE-2010-4369 (Directory traversal vulnerability in AWStats before 7.0 allows remote ...)
 	- awstats <unfixed>
 	TODO: check
 CVE-2010-4368 (awstats.cgi in AWStats before 7.0 on Windows accepts a configdir ...)
-	- awstats <unfixed> (unimportant)
+	- awstats <not-affected> (Windows-specific issue)
 	NOTE: looks like it's the same as CVE-2010-4367
 CVE-2010-4367 (awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the ...)
 	- awstats <unfixed>
@@ -281,13 +281,13 @@
 	- calendarserver <unfixed> (low; bug #605157)
 	[lenny] - calendarserver <no-dsa> (Minor issue)
 CVE-2010-XXXX [python path]
-	- gquilt <unfixed> (low; bug #605152)
+	- gquilt 0.22-1.1 (low; bug #605152)
 	[lenny] - gquilt <no-dsa> (Minor issue)
 CVE-2010-XXXX [python path]
 	- snappea <unfixed> (low; bug #605151)
 	[lenny] - snappea <no-dsa> (Minor issue)
 CVE-2010-XXXX [python path]
-	- ironpython <removed> (low; bug #605158)
+	- dlr-languages 20090805+git.e6b28d27+dfsg-3 (low; bug #605158)
 	[lenny] - ironpython <no-dsa> (Minor issue)
 CVE-2010-XXXX [python path]
 	- gnome-schedule <unfixed> (low; bug #605169)
@@ -296,7 +296,7 @@
 	- gnumed-client <unfixed> (low; bug #605159)
 	[lenny] - gnumed-client <no-dsa> (Minor issue)
 CVE-2010-XXXX [python path]
-	- distcc <unfixed> (low; bug #605168)
+	- distcc 3.1-3.2 (low; bug #605168)
 	[lenny] - distcc <not-affected> (Vulnerable code not present)
 CVE-2010-XXXX [python path]
 	- mmass 3.8.0-2 (low; bug #605150)
@@ -329,17 +329,17 @@
 CVE-2010-4284
 	RESERVED
 CVE-2010-4283 (PHP remote file inclusion vulnerability in extras/pandora_diag.php in ...)
-	TODO: check
+	NOT-FOR-US: Pandora FMS
 CVE-2010-4282 (Multiple directory traversal vulnerabilities in Pandora FMS before ...)
-	TODO: check
+	NOT-FOR-US: Pandora FMS
 CVE-2010-4281 (Incomplete blacklist vulnerability in the safe_url_extraclean function ...)
-	TODO: check
+	NOT-FOR-US: Pandora FMS
 CVE-2010-4280 (Multiple SQL injection vulnerabilities in Pandora FMS before 3.1.1 ...)
-	TODO: check
+	NOT-FOR-US: Pandora FMS
 CVE-2010-4279 (The default configuration of Pandora FMS 3.1 and earlier specifies an ...)
-	TODO: check
+	NOT-FOR-US: Pandora FMS
 CVE-2010-4278 (operation/agentes/networkmap.php in Pandora FMS before 3.1.1 allows ...)
-	TODO: check
+	NOT-FOR-US: Pandora FMS
 CVE-2010-4277
 	RESERVED
 CVE-2010-4276
@@ -388,7 +388,7 @@
 	TODO: check
 CVE-2010-4259 [fontforge BDF files buffer overflow]
 	RESERVED
-	- fontforge <unfixed> (bug #605537)
+	- fontforge 0.0.20100501-4 (bug #605537)
 CVE-2010-4258 [linux failure to revert address limit override in OOPS error path]
 	RESERVED
 	- linux-2.6 <unfixed>
@@ -591,7 +591,7 @@
 	- yaws <not-affected> (Only affects Windows)
 CVE-2010-4180 [OpenSSL Ciphersuite Downgrade Attack]
 	RESERVED
-	- openssl <unfixed>
+	- openssl 0.9.8o-4
 	NOTE: http://www.openssl.org/news/secadv_20101202.txt
 CVE-2010-4179
 	RESERVED
@@ -2930,9 +2930,9 @@
 CVE-2010-3268
 	RESERVED
 CVE-2010-3267 (Multiple SQL injection vulnerabilities in BugTracker.NET before 3.4.5 ...)
-	TODO: check
+	NOT-FOR-US: BugTracker.NET
 CVE-2010-3266 (Multiple cross-site scripting (XSS) vulnerabilities in BugTracker.NET ...)
-	TODO: check
+	NOT-FOR-US: BugTracker.NET
 CVE-2010-3265
 	RESERVED
 CVE-2010-3264 (The engine installer in Novell Identity Manager (aka IDM) 3.6.1 stores ...)

More information about the Secure-testing-commits mailing list