[Secure-testing-commits] r14019 - in data: . CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Wed Feb 3 18:39:31 UTC 2010
Author: jmm-guest
Date: 2010-02-03 18:39:30 +0000 (Wed, 03 Feb 2010)
New Revision: 14019
Modified:
data/CVE/list
data/embedded-code-copies
data/spu-candidates.txt
Log:
- acl fixed
- xotcl fixed by using system copy of expat
- asterisk issue unstable/testing only
- acl/struts no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-02-03 17:21:41 UTC (rev 14018)
+++ data/CVE/list 2010-02-03 18:39:30 UTC (rev 14019)
@@ -61,9 +61,8 @@
CVE-2010-0441 [asterisk T.38 remote crash]
RESERVED
- asterisk <unfixed>
- NOTE: probably doesn't affect pre-squeeze
- NOTE: http://downloads.asterisk.org/pub/security/AST-2010-001.pdf
- TODO: check
+ [lenny] - asterisk <not-affected> (Only affects 1.6.x)
+ [etch] - asterisk <not-affected> (Only affects 1.6.x)
CVE-2010-0440
RESERVED
CVE-2010-0439
@@ -1412,10 +1411,9 @@
CVE-2009-4412 (Unrestricted file upload vulnerability in Serendipity before 1.5 ...)
- serendipity <unfixed> (low; bug #562634)
CVE-2009-4411 (The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when ...)
- - acl <unfixed> (low; bug #499076)
+ - acl 2.2.49-2 (low; bug #499076)
[etch] - acl <not-affected> (Vulnerable code not present)
[lenny] - acl <no-dsa> (Minor issue, symlink attack not always as root)
- NOTE: bug was closed but the fix seems incomplete
NOTE: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499076#51
CVE-2009-4409 (The (1) CHAP and (2) MS-CHAP-V2 authentication capabilities in the PPP ...)
NOT-FOR-US: Internet Initiative Japan SEIL/B1 firmware
@@ -3602,7 +3600,7 @@
- vnc4 <unfixed> (low; bug #560949)
[etch] - vnc4 <no-dsa> (minor issue)
[lenny] - vnc4 <no-dsa> (minor issue)
- - xotcl <unfixed> (low; bug #560950)
+ - xotcl 1.6.5-1.1 (low; bug #560950)
[lenny] - xotcl <no-dsa> (minor issue)
CVE-2009-3719 (Cross-site scripting (XSS) vulnerability in comment.asp in Battle Blog ...)
NOT-FOR-US: Battle Blog
@@ -25695,6 +25693,7 @@
NOT-FOR-US: RSA Authentication Agent
CVE-2008-2025 (Cross-site scripting (XSS) vulnerability in Apache Struts before ...)
- libstruts1.2-java 1.2.9-3.1 (low; bug #528352)
+ [lenny] - libstruts1.2-java <no-dsa> (Minor issue)
CVE-2008-2024 (Cross-site scripting (XSS) vulnerability in index.php in miniBB 2.2, ...)
NOT-FOR-US: miniBB
CVE-2008-2023 (Multiple SQL injection vulnerabilities in PD9 Software MegaBBS 2.2 ...)
Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies 2010-02-03 17:21:41 UTC (rev 14018)
+++ data/embedded-code-copies 2010-02-03 18:39:30 UTC (rev 14019)
@@ -1157,7 +1157,7 @@
- apache2 2.2 (embed)
- texlive-bin <not-affected> (Embedded code not compiled in)
- vnc4 <unfixed> (embed)
- - xotcl <unfixed> (embed)
+ - xotcl 1.6.5-1.1 (embed)
xerces-c
- xerces-c2 <unfixed> (old-version)
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2010-02-03 17:21:41 UTC (rev 14018)
+++ data/spu-candidates.txt 2010-02-03 18:39:30 UTC (rev 14019)
@@ -11,6 +11,12 @@
--
+acl (CVE-2009-4411)
+#499076
+notified maintainer
+
+--
+
asterisk (CVE-2009-0041)
#513413
notified maintainer
@@ -188,6 +194,11 @@
--
+libstruts1.2-java (CVE-2008-2025)
+#528352
+
+--
+
maradns
http://maradns.org/download/maradns-1.4.02-parse_segfault.patch
notified maintainer
More information about the Secure-testing-commits
mailing list