[Secure-testing-commits] r15669 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Thu Dec 9 08:19:15 UTC 2010 

Author: jmm-guest
Date: 2010-12-09 08:19:13 +0000 (Thu, 09 Dec 2010)
New Revision: 15669

Modified:
   data/CVE/list
Log:
- kernel updates merged from kernel-sec
- pootle CVEfied
- new puppet issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-12-08 21:14:58 UTC (rev 15668)
+++ data/CVE/list	2010-12-09 08:19:13 UTC (rev 15669)
@@ -1,3 +1,5 @@
+CVE-2010-XXXX 
+	- puppet 2.6.2-3
 CVE-2011-0025
 	RESERVED
 CVE-2011-0024
@@ -645,12 +647,12 @@
 CVE-2010-4247 [linux xen: request-processing loop is unbounded in blkback]
 	RESERVED
 	- linux-2.6 <unfixed>
-	TODO: check
-	NOTE: 4CEB7F72.2020202 at redhat.com
 CVE-2010-4246 (Multiple cross-site scripting (XSS) vulnerabilities in graph.php in ...)
 	TODO: check
 CVE-2010-4245
 	RESERVED
+	- pootle 2.0.5-0.3 (low; bug #604060)
+	[lenny] - pootle <not-affected> (Vulnerable code not present)
 CVE-2010-4244
 	RESERVED
 CVE-2010-4243 [linux: mem allocated invisible to oom_kill() when not attached to any threads]
@@ -709,9 +711,6 @@
 CVE-2010-4221 (Multiple stack-based buffer overflows in the pr_netio_telnet_gets ...)
 	- proftpd-dfsg 1.3.3a-5 (bug #603511; bug #602279)
 	[lenny] - proftpd-dfsg <not-affected> (Introduced in 1.3.2rc3)
-CVE-2010-XXXX [pootle XSS vulnerability via 'match_names']
-	- pootle 2.0.5-0.3 (low; bug #604060)
-	[lenny] - pootle <not-affected> (Vulnerable code not present)
 CVE-2010-4220 (Cross-site scripting (XSS) vulnerability in the Integrated Solution ...)
 	NOT-FOR-US: IBM WebSphere
 CVE-2010-4219 (Cross-site scripting (XSS) vulnerability in SemanticTagService.js in ...)
@@ -841,7 +840,7 @@
 CVE-2010-4170 (The staprun runtime tool in SystemTap 1.3 does not properly clear the ...)
 	- systemtap 1.2-3 (bug #603946)
 CVE-2010-4169 (Use-after-free vulnerability in mm/mprotect.c in the Linux kernel ...)
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.32-29
 CVE-2010-4168 (Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5 ...)
 	- openttd 1.0.4-3 (bug #603752)
 	[lenny] - openttd <not-affected> (Introduced in 1.0)
@@ -858,8 +857,10 @@
 	- linux-2.6 2.6.32-28
 CVE-2010-4163
 	RESERVED
+	- linux-2.6 2.6.32-29
 CVE-2010-4162
 	RESERVED
+	- linux-2.6 2.6.32-29
 CVE-2010-4161 [linux deadlock]
 	RESERVED
 	- linux-2.6 <undetermined>
@@ -1513,7 +1514,7 @@
 	NOT-FOR-US: CMS Made Simple
 CVE-2010-3881
 	RESERVED
-	- linux-2.6 <unfixed> (low)
+	- linux-2.6 2.6.32-29 (low)
 CVE-2010-3880
 	RESERVED
 	{DSA-2126-1}

More information about the Secure-testing-commits mailing list