[Secure-testing-commits] r15658 - in data: . CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Tue Dec 7 21:22:49 UTC 2010 

Author: jmm-guest
Date: 2010-12-07 21:22:48 +0000 (Tue, 07 Dec 2010)
New Revision: 15658

Modified:
   data/CVE/list
   data/next-point-update.txt
Log:
hamlib spu fix
wordpress CVEfied and fixed
clamav fixed
pootle fixed, rewrite broken not-affected entry


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-12-07 21:16:04 UTC (rev 15657)
+++ data/CVE/list	2010-12-07 21:22:48 UTC (rev 15658)
@@ -333,10 +333,6 @@
 	RESERVED
 CVE-2010-4334
 	RESERVED
-CVE-2010-XXXX
-	NOTE: http://codex.wordpress.org/Version_3.0.2
-	NOTE: http://core.trac.wordpress.org/changeset/16625
-	- wordpress <unfixed> (bug #605603)
 CVE-2010-4333
 	RESERVED
 CVE-2010-4332
@@ -520,25 +516,23 @@
 	- linux-2.6 <unfixed>
 CVE-2010-4262 [xfig color definition parsing stack buffer overflow]
 	RESERVED
-	- xfig <unfixed>
-	TODO: check
+	- xfig <unfixed> (bug #606257)
 	NOTE: details and patch at https://bugzilla.redhat.com/659676
 CVE-2010-4261 (Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ...)
-	- clamav <unfixed>
+	- clamav 0.96.5+dfsg-1
 	[lenny] - clamav <end-of-life>
-	TODO: check
 CVE-2010-4260 (Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV ...)
-	- clamav <unfixed>
+	- clamav 0.96.5+dfsg-1
 	[lenny] - clamav <end-of-life>
-	TODO: check
 CVE-2010-4259 (Stack-based buffer overflow in FontForge 20100501 allows remote ...)
 	- fontforge 0.0.20100501-4 (bug #605537)
 CVE-2010-4258 [linux failure to revert address limit override in OOPS error path]
 	RESERVED
 	- linux-2.6 <unfixed>
 CVE-2010-4257 (SQL injection vulnerability in the do_trackbacks function in ...)
-	- wordpress <unfixed>
-	TODO: check
+	NOTE: http://codex.wordpress.org/Version_3.0.2
+	NOTE: http://core.trac.wordpress.org/changeset/16625
+	- wordpress 3.0.2-1 (bug #605603)
 CVE-2010-4256 [linux: pipe_fcntl local DoS]
 	RESERVED
 	- linux-2.6 <unfixed>
@@ -631,8 +625,8 @@
 	- proftpd-dfsg 1.3.3a-5 (bug #603511; bug #602279)
 	[lenny] - proftpd-dfsg <not-affected> (Introduced in 1.3.2rc3)
 CVE-2010-XXXX [pootle XSS vulnerability via 'match_names']
-	- pootle <unfixed> (low; bug #604060)
-	[lenny] - pootle <not-affected> (Minor issue)
+	- pootle 2.0.5-0.3 (low; bug #604060)
+	[lenny] - pootle <not-affected> (Vulnerable code not present)
 CVE-2010-4220 (Cross-site scripting (XSS) vulnerability in the Integrated Solution ...)
 	NOT-FOR-US: IBM WebSphere
 CVE-2010-4219 (Cross-site scripting (XSS) vulnerability in SemanticTagService.js in ...)

Modified: data/next-point-update.txt
===================================================================
--- data/next-point-update.txt	2010-12-07 21:16:04 UTC (rev 15657)
+++ data/next-point-update.txt	2010-12-07 21:22:48 UTC (rev 15658)
@@ -1,6 +1,7 @@
 CVE-2010-3763
 	[lenny] - mantis 1.1.6+dfsg-2lenny4
+CVE-2009-3736
+	[lenny] - hamlib 1.2.7.1-1+lenny1
 
 
 
-

More information about the Secure-testing-commits mailing list