[Secure-testing-commits] r14094 - data/CVE

Giuseppe Iuculano derevko-guest at alioth.debian.org
Sat Feb 13 10:13:57 UTC 2010 

Author: derevko-guest
Date: 2010-02-13 10:13:55 +0000 (Sat, 13 Feb 2010)
New Revision: 14094

Modified:
   data/CVE/list
Log:
another gnome-screensaver issue
NFUs
mysql triage


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-02-13 09:47:14 UTC (rev 14093)
+++ data/CVE/list	2010-02-13 10:13:55 UTC (rev 14094)
@@ -137,7 +137,9 @@
 CVE-2009-4642 (gnome-screensaver 2.26.1 relies on the gnome-session D-Bus interface ...)
 	TODO: check
 CVE-2009-4641 (gnome-screensaver 2.28.0 does not resume adherence to its activation ...)
-	TODO: check
+	- gnome-screensaver <unfixed> (low; bug #569667)
+	[etch] - gnome-screensaver <not-affected> (Vulnerable code not present)
+	[lenny] - gnome-screensaver <not-affected> (Vulnerable code not present)
 CVE-2001-1586
 	RESERVED
 CVE-2010-XXXX [multiple mod_security issues]
@@ -228,17 +230,17 @@
 CVE-2003-1583 (Cross-site scripting (XSS) vulnerability in WebTrends allows remote ...)
 	TODO: check
 CVE-2003-1582 (Microsoft Internet Information Services (IIS) 6.0, when DNS resolution ...)
-	TODO: check
+	NOT-FOR-US: Microsoft
 CVE-2003-1581 (The Apache HTTP Server 2.0.44, when DNS resolution is enabled for ...)
 	TODO: check
 CVE-2003-1580 (The Apache HTTP Server 2.0.44, when DNS resolution is enabled for ...)
 	TODO: check
 CVE-2003-1579 (Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is ...)
-	TODO: check
+	NOT-FOR-US: Sun ONE (aka iPlanet) Web Server 6 on Windows
 CVE-2003-1578 (Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, ...)
-	TODO: check
+	NOT-FOR-US: Sun ONE (aka iPlanet) Web Server 6 on Windows
 CVE-2003-1577 (Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, ...)
-	TODO: check
+	NOT-FOR-US: Sun ONE (aka iPlanet) Web Server 6 on Windows
 CVE-2010-0555 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2010-0554 (The HTTP Authentication implementation in Geo++ GNCASTER 1.4.0.7 and ...)
@@ -653,6 +655,7 @@
 CVE-2010-0383 (Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, uses deprecated ...)
 	- tor 0.2.1.22-1 (low)
 	TODO: check
+	NOTE: This doesn't seem a security issue, old clients won't accept two directory authorities anymore due to the renewed keys
 CVE-2010-0382 (ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before ...)
 	- bind9 <unfixed>
 	TODO: check
@@ -3062,9 +3065,8 @@
 	- linux-2.6.24 <not-affected> (kvm introduced in 2.6.25)
 	- kvm <removed> (low; bug #562075)
 CVE-2009-4030 (MySQL 5.1.x before 5.1.41 allows local users to bypass certain ...)
-	- mysql-dfsg-5.1 5.1.41-1
+	- mysql-dfsg-5.1 5.1.43-1
 	- mysql-dfsg-5.0 <removed>
-	TODO: check
 CVE-2009-4029 (The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, ...)
 	- automake 1:1.11-1
 	[lenny] - automake <no-dsa> (Minor issue)
@@ -3120,7 +3122,6 @@
 CVE-2009-4019 (mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not ...)
 	- mysql-dfsg-5.1 5.1.41-1
 	- mysql-dfsg-5.0 <removed>
-	TODO: check
 	NOTE: http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html
 	NOTE: http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html
 	NOTE: http://bugs.mysql.com/47780

More information about the Secure-testing-commits mailing list