[Secure-testing-commits] r15711 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Wed Dec 15 22:25:15 UTC 2010 

Author: jmm-guest
Date: 2010-12-15 22:25:15 +0000 (Wed, 15 Dec 2010)
New Revision: 15711

Modified:
   data/CVE/list
Log:
- gnome-schedule/pythonpath fixed
- mono fixed
- two xpdf non-issues
- cakephp fixed (in delayed/2)


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-12-15 21:14:46 UTC (rev 15710)
+++ data/CVE/list	2010-12-15 22:25:15 UTC (rev 15711)
@@ -419,7 +419,7 @@
 	[squeeze] - libio-socket-ssl-perl 1.33-1+squeeze1
 CVE-2010-4335 [cakephp controller/component/security.php unsafe unserialize]
 	RESERVED
-	- cakephp <unfixed> (bug #606386)
+	- cakephp 1.3.2-1.1 (bug #606386)
 	[lenny] - cakephp <not-affected>
 	NOTE: https://github.com/cakephp/cakephp/commit/e431e86aa4301ced4273dc7919b59362cbb353cb
 CVE-2010-4336 [collectd: DoS in RRDtool and RRDCacheD plugins]
@@ -702,7 +702,7 @@
 	- dlr-languages 20090805+git.e6b28d27+dfsg-3 (low; bug #605158)
 	[lenny] - ironpython <no-dsa> (Minor issue)
 CVE-2010-XXXX [python path]
-	- gnome-schedule <unfixed> (low; bug #605169)
+	- gnome-schedule 2.1.1-3.1 (low; bug #605169)
 	[lenny] - gnome-schedule <no-dsa> (Minor issue)
 CVE-2010-XXXX [python path]
 	- gnumed-client 0.8.5-1 (low; bug #605159)
@@ -1057,7 +1057,7 @@
 	- linux-2.6 2.6.28-1 
 	NOTE: https://bugzilla.redhat.com/CVE-2010-4161
 CVE-2010-4159 (Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 ...)
-	- mono <unfixed> (bug #605097)
+	- mono 2.6.7-4 (bug #605097)
 	[lenny] - mono <no-dsa> (Minor issue)
 CVE-2010-4156 (The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through ...)
 	- php5 5.3.3-4 (bug #603751)
@@ -1712,7 +1712,6 @@
 CVE-2010-3879 [fuse: unprivileged user can unmount arbitrary locations via symlink attack]
 	RESERVED
 	- fuse <unfixed>
-	TODO: check
 CVE-2010-3878
 	RESERVED
 CVE-2010-3877
@@ -12242,16 +12241,18 @@
 	RESERVED
 CVE-2010-0207 [xpdf: XRef table parsing infinite loop]
 	RESERVED
-	- kdegraphics 4.0
-	- xpdf <unfixed>
-	- poppler <unfixed>
+	- kdegraphics 4.0 (unimportant)
+	- xpdf <unfixed> (unimportant)
+	- poppler <unfixed> (unimportant)
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=28172
+	NOTE: Just a crasher, not treated as a security issue
 CVE-2010-0206 [xpdf: Invalid pointer dereference by processing JBIG2 PDF stream objects]
 	RESERVED
-	- kdegraphics 4.0
-	- xpdf <unfixed>
-	- poppler <unfixed>
+	- kdegraphics 4.0 (unimportant)
+	- xpdf <unfixed>  (unimportant)
+	- poppler <unfixed> (unimportant)
 	NOTE: https://bugzilla.redhat.com/CVE-2010-0206
+	NOTE: Just a crasher, not treated as a security issue
 CVE-2010-0205 (The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before ...)
 	{DSA-2032-1}
 	- libpng 1.2.43-1 (low; bug #572308)

More information about the Secure-testing-commits mailing list