[Secure-testing-commits] r14039 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Thu Feb 4 23:17:03 UTC 2010 

Author: jmm-guest
Date: 2010-02-04 23:17:01 +0000 (Thu, 04 Feb 2010)
New Revision: 14039

Modified:
   data/CVE/list
Log:
asterisk EOLs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-02-04 23:13:07 UTC (rev 14038)
+++ data/CVE/list	2010-02-04 23:17:01 UTC (rev 14039)
@@ -2702,9 +2702,9 @@
 CVE-2009-4055 (rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before ...)
 	{DSA-1952-1}
 	- asterisk 1:1.6.2.0~rc7-1 (bug #559103)
+	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
 CVE-2009-4054
 	REJECTED
-	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2009-4053 (Multiple directory traversal vulnerabilities in Home FTP Server ...)
 	NOT-FOR-US: Home FTP Server
 CVE-2009-4052 (Multiple cross-site scripting (XSS) vulnerabilities in the JSF Widget ...)
@@ -3702,7 +3702,7 @@
 	{DSA-1952-1}
 	- asterisk 1:1.6.2.0~rc6-1
 	[lenny] - asterisk <no-dsa> (Minor issue)
-	[etch] - asterisk <no-dsa> (Minor issue)
+	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
 CVE-2009-3726 (The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client ...)
 	- linux-2.6 2.6.31-1 (medium)
 	[lenny] - linux-2.6 2.6.26-21
@@ -5303,7 +5303,7 @@
 	{DSA-1952-1}
 	- prototypejs 1.6.0.2-1
 	- asterisk 1:1.6.2.0~rc3-1 (low; bug #555220)
-	[etch] - asterisk <no-dsa> (Minor issue)
+	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
 	[lenny] - asterisk <no-dsa> (Minor issue)
 	- auth2db 0.2.5-2+dfsg-1 (low; bug #555217)
 	- libaws 2.7-1 (low; bug #555221)
@@ -8369,6 +8369,7 @@
 	- tiff 3.8.2-13
 CVE-2009-2346 (The IAX2 protocol implementation in Asterisk Open Source 1.2.x before ...)
 	- asterisk 1:1.6.2.0~dfsg~beta3-1 (bug #539473)
+	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
 	[lenny] - asterisk <no-dsa> (Intrusive protocol-level vulnerabilitity, see http://downloads.asterisk.org/pub/security/IAX2-security.pdf)
 CVE-2009-2345 (Multiple SQL injection vulnerabilities in ClanSphere before 2009.0.1 ...)
 	NOT-FOR-US: ClanSphere
@@ -16458,8 +16459,8 @@
 CVE-2009-0041 (IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before ...)
 	{DSA-1952-1}
 	- asterisk 1:1.6.1.0~dfsg~rc3-1 (low; bug #513413)
-	[lenny] - asterisk <no-dsa> (Minor issue)
-	[etch] - asterisk <no-dsa> (Minor issue)
+        [lenny] - asterisk <no-dsa> (Minor issue)
+	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
 CVE-2008-5867 (Directory traversal vulnerability in Yerba SACphp 6.3 allows remote ...)
 	NOT-FOR-US: Yerba
 CVE-2008-5866 (The Proxim Wireless Tsunami MP.11 2411 with firmware 3.0.3 has public ...)
@@ -17242,6 +17243,7 @@
 	NOT-FOR-US: PostEcards
 CVE-2008-5558 (Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition ...)
 	- asterisk 1:1.4.0~dfsg-1 (bug #509686)
+	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
 CVE-2008-5557 (Heap-based buffer overflow in ...)
 	{DSA-1789-1 DTSA-188-1}
 	- php5 5.2.6.dfsg.1-1 (bug #511493)
@@ -21323,7 +21325,7 @@
 CVE-2008-3903 (Asterisk Open Source 1.2.x before 1.2.32, 1.4.x before 1.4.24.1, and ...)
 	{DSA-1952-1}
 	- asterisk 1:1.6.1.0~dfsg-1 (low; bug #522528)
-	[etch] - asterisk <no-dsa> (Minor issue)
+	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
 	[lenny] - asterisk <no-dsa> (Minor issue)
 	NOTE: http://downloads.asterisk.org/pub/security/AST-2009-003.html
 CVE-2008-3902 (HP firmware 68DTT F.0D stores pre-boot authentication passwords in the ...)
@@ -22987,9 +22989,11 @@
 	NOT-FOR-US: DT Register
 CVE-2008-3264 (The FWDOWNL firmware-download implementation in Asterisk Open Source ...)
 	- asterisk 1:1.4.21.2~dfsg-1
+	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
 	NOTE: http://downloads.digium.com/pub/security/AST-2008-011.html
 CVE-2008-3263 (The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x ...)
 	- asterisk 1:1.4.21.2~dfsg-1
+	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
 	NOTE: http://downloads.digium.com/pub/security/AST-2008-010.html
 CVE-2008-3262 (Cross-site request forgery (CSRF) vulnerability in Claroline before ...)
 	NOT-FOR-US: Claroline
@@ -26150,6 +26154,7 @@
 	[etch] - util-linux <not-affected> (Audit support not available in Etch's version)
 CVE-2008-1923 (The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision ...)
 	- asterisk 1:1.4.19.1~dfsg-1 (medium)
+	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
 CVE-2008-1922 (Multiple stack-based buffer overflows in Sarg might allow attackers to ...)
 	- sarg 2.2.4-1
 CVE-2008-1921 (SQL injection vulnerability in store_pages/category_list.php in 5th ...)

More information about the Secure-testing-commits mailing list