[Secure-testing-commits] r14082 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Fri Feb 12 17:46:06 UTC 2010 

Author: jmm-guest
Date: 2010-02-12 17:46:05 +0000 (Fri, 12 Feb 2010)
New Revision: 14082

Modified:
   data/CVE/list
Log:
- open-iscsi fixed
- kernel fixed
- ffmpeg CVEfied
- fetchmail issue doesn't affect Lenny or Etch
- Flash NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-02-12 04:12:58 UTC (rev 14081)
+++ data/CVE/list	2010-02-12 17:46:05 UTC (rev 14082)
@@ -56,6 +56,8 @@
 	NOT-FOR-US: IBM WebSphere Application
 CVE-2010-0562 (The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13, ...)
 	- fetchmail 6.3.13-2 (low)
+	[lenny] - fetchmail <not-affected> (This issue was introduced in 6.3.11)
+	[etch] - fetchmail <not-affected> (This issue was introduced in 6.3.11)
 	NOTE: the conditions so that this is exploitable are rather obscure
 CVE-2010-0561 (Integer signedness error in NetBSD 4.0, 5.0, and NetBSD-current before ...)
 	TODO: check
@@ -405,7 +407,6 @@
 	- gnome-screensaver 2.28.2-1 (bug #569084)
 	[etch] - gnome-screensaver <not-affected> (Vulnerable code not present)
 	[lenny] - gnome-screensaver <not-affected> (Vulnerable code not present)
-	NOTE: Posted to oss-sec
 CVE-2010-0413
 	RESERVED
 CVE-2010-0412
@@ -800,7 +801,7 @@
 	- linux-2.6.24 <removed>
 CVE-2010-0306 [kvm privilege escalation]
 	RESERVED
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.32-8
 	[etch] - linux-2.6 <not-affected> (kvm introduced in 2.6.25)
 	- linux-2.6.24 <not-affected> (kvm introduced in 2.6.25)
 CVE-2010-0305 (ejabberd_c2s.erl in ejabberd before 2.1.3 allows remote attackers to ...)
@@ -827,7 +828,7 @@
 	- linux-2.6.24 <removed>
 CVE-2010-0298 [kvm privilege escalation]
 	RESERVED
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.32-8
 	[etch] - linux-2.6 <not-affected> (kvm introduced in 2.6.25)
 	- linux-2.6.24 <not-affected> (kvm introduced in 2.6.25)
 	- kvm <removed>
@@ -1145,8 +1146,10 @@
 	RESERVED
 CVE-2010-0187
 	RESERVED
+	NOT-FOR-US: Adobe Flash plugin
 CVE-2010-0186
 	RESERVED
+	NOT-FOR-US: Adobe Flash plugin
 CVE-2010-0185 (The default configuration of Adobe ColdFusion 9.0 does not restrict ...)
 	NOT-FOR-US: Adobe ColdFusion
 CVE-2010-0184 (The (1) domainutility and (2) domainutilitycmd components in TIBCO ...)
@@ -4678,12 +4681,6 @@
 	NOT-FOR-US: BakBone NetVault Backup
 CVE-2009-3447 (Unrestricted file upload vulnerability in RADactive I-Load before ...)
 	NOT-FOR-US: RADactive I-Load
-CVE-2009-XXXX [ffmpeg missing input sanitization/crashes]
-	- ffmpeg 4:0.5+svn20090706-3 (medium; bug #550442)
-	- xmovie <removed> (medium)
-	- ffmpeg-debian <removed> (medium)
-	NOTE: https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240
-	NOTE: https://roundup.ffmpeg.org/roundup/ffmpeg/issue1245
 CVE-2009-XXXX [xen-tools: world readable disk image files]
 	- xen-tools <removed> (low; bug #548909)
 	[lenny] - xen-tools <no-dsa> (Minor issue)
@@ -11512,7 +11509,7 @@
 	[lenny] - linux-2.6 <not-affected> (introduced in 2.6.29)
 	- linux-2.6.24 <not-affected> (introduced in 2.6.29)
 CVE-2009-1297 (iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and ...)
-	- open-iscsi <unfixed> (low; bug #547011)
+	- open-iscsi 2.0.871-1 (low; bug #547011)
 	[lenny] - open-iscsi <no-dsa> (Minor issue)
 	[etch] - open-iscsi <not-affected> (Vulnerable script not yet present)
 CVE-2009-1296 (The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on ...)

More information about the Secure-testing-commits mailing list