[Secure-testing-commits] r14055 - in data: . CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Sun Feb 7 21:19:46 UTC 2010 

Author: jmm-guest
Date: 2010-02-07 21:19:46 +0000 (Sun, 07 Feb 2010)
New Revision: 14055

Modified:
   data/CVE/list
   data/package-tags
Log:
limited support for acidbase as discussed with maintainer
(the current default configuration already applies a similar setup)


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-02-07 19:07:29 UTC (rev 14054)
+++ data/CVE/list	2010-02-07 21:19:46 UTC (rev 14055)
@@ -177,10 +177,10 @@
 CVE-2010-0467 (Directory traversal vulnerability in the ccNewsletter ...)
 	TODO: check
 CVE-2010-XXXX [ocsinventory-server: multiple vulnerabilities]
-	- ocsinventory-server <undetermined> (medium)
+	- ocsinventory-server <unfixed> (unimportant)
 	NOTE: http://www.openwall.com/lists/oss-security/2010/02/01/4
 	NOTE: claimed fixed in upstream 1.02.1
-	TODO: check 
+	NOTE: Authentication is needed, only supported in trusted environments, see debtags
 CVE-2010-XXXX [nautilus: file preview html script execution]
 	- nautilus <not-affected> (proof-of-concept script is previewed as text, not executed)
 	NOTE: http://seclists.org/fulldisclosure/2010/Feb/112

Modified: data/package-tags
===================================================================
--- data/package-tags	2010-02-07 19:07:29 UTC (rev 14054)
+++ data/package-tags	2010-02-07 21:19:46 UTC (rev 14055)
@@ -40,3 +40,7 @@
 [etch] wireshark <limited-support> (Not suitable for network monitoring / intrusion detection, DoS issues fixed with low priority through point updates)
 [lenny] wireshark <limited-support> (Not suitable for network monitoring / intrusion detection, DoS issues fixed with low priority through point updates)
 [squeeze] wireshark <limited-support> (Not suitable for network monitoring / intrusion detection, DoS issues fixed with low priority through point updates)
+
+[etch] acidbase <limited-support> (Only supported behind an authenticated HTTP zone for trusted users)
+[lenny] acidbase <limited-support> (Only supported behind an authenticated HTTP zone for trusted users)
+[squeeze] acidbase <limited-support> (Only supported behind an authenticated HTTP zone for trusted users)

More information about the Secure-testing-commits mailing list