[Secure-testing-commits] r14136 - in data: . CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Mon Feb 22 18:10:23 UTC 2010 

Author: jmm-guest
Date: 2010-02-22 18:10:14 +0000 (Mon, 22 Feb 2010)
New Revision: 14136

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
- webworker issues affects Firefox 3.0 according to Mozilla
- remove dead ITP for webmin
- iceape fixed
- don't treat pidgin as unimportant
- ircd-hybrid fixed
- automake1.10 fixed
- makepasswd fixed
- overkill fixed
- pyfribidi fixed
- python-4suite fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-02-21 07:25:59 UTC (rev 14135)
+++ data/CVE/list	2010-02-22 18:10:14 UTC (rev 14136)
@@ -92,7 +92,7 @@
 	- fwbuilder 3.0.7-1 (low)
 	NOTE: http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7
 CVE-2010-XXXX [pfribidi buffer overflow]
-	- pyfribidi <undetermined> (medium; bug #570068)
+	- pyfribidi 0.10.0-2 (bug #570068)
 	TODO: check
 CVE-2010-XXXX [phpbb3 weak captcha]
 	- phpbb3 <unfixed> (unimportant; bug #570011)
@@ -649,7 +649,7 @@
 	RESERVED
 CVE-2010-0423 [pidgin remote denial-of-service]
 	RESERVED
-	- pidgin 2.6.6-1 (unimportant)
+	- pidgin 2.6.6-1 (low)
 CVE-2010-0422 [another gnome-screensaver issue]
 	RESERVED
 	- gnome-screensaver 2.28.3-1
@@ -658,8 +658,7 @@
 	RESERVED
 CVE-2010-0420 [pidgin crash]
 	RESERVED
-	- pidgin 2.6.6-1
-	TODO: unimportant?
+	- pidgin 2.6.6-1 (low)
 CVE-2010-0419
 	RESERVED
 CVE-2010-0418
@@ -945,7 +944,8 @@
 	TODO: check
 	NOTE: bug report is very speculative, but is probably worth checking
 CVE-2010-XXXX [makepasswd: insecure passwords generated with default settings]
-	- makepasswd <unfixed> (high; bug #564559)
+	- makepasswd 1.10-5 (low; bug #564559)
+	[lenny] - makepasswd <no-dsa> (Minor issue)
 CVE-2010-XXXX [mydms multiple issues]
 	- mydms <undetermined> (low)
 	TODO: check
@@ -1471,22 +1471,23 @@
 	{DSA-1999-1}
 	- xulrunner 1.9.1.8-1
 	[etch] - xulrunner <end-of-life>
-	- iceape <unfixed>
+	- iceape 2.0.3-1
+	[lenny] - iceape <not-affected> (Lenny package only provide xpcom stubs)
 CVE-2010-0161
 	RESERVED
 CVE-2010-0160 [vulnerability in web workers]
-	RESERVED
 	{DSA-1999-1}
 	- xulrunner 1.9.1.8-1
 	[etch] - xulrunner <not-affected> (web workers introduced in firefox 3.5)
-	[lenny] - xulrunner <not-affected> (web workers introduced in firefox 3.5)
-	- iceape <unfixed>
+	- iceape 2.0.3-1
+	[lenny] - iceape <not-affected> (Lenny package only provide xpcom stubs)
 CVE-2010-0159 [several vulnerabilities]
 	RESERVED
 	{DSA-1999-1}
 	- xulrunner 1.9.1.8-1
 	[etch] - xulrunner <end-of-life>
-	- iceape <unfixed>
+	- iceape 2.0.3-1
+	[lenny] - iceape <not-affected> (Lenny package only provide xpcom stubs)
 CVE-2010-0158 (** DISPUTED ** ...)
 	NOT-FOR-US: JoomlaBamboo (JB) Simpla Admin template
 CVE-2010-0157 (Directory traversal vulnerability in the Bible Study (com_biblestudy) ...)
@@ -1609,7 +1610,7 @@
 CVE-2009-4569 (SQL injection vulnerability in elkagroup Image Gallery allows remote ...)
 	NOT-FOR-US: elkagroup Image Gallery
 CVE-2009-4568 (Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and ...)
-	- webmin <itp> (bug #377948)
+	NOT-FOR-US: Webmin
 CVE-2009-4567 (Multiple cross-site scripting (XSS) vulnerabilities in editprofile.php ...)
 	NOT-FOR-US: Viscacha
 CVE-2009-4566 (SQL injection vulnerability in index.php in Zenphoto 1.2.5 allows ...)
@@ -1911,7 +1912,7 @@
 CVE-2009-4458 (Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.2 ...)
 	- freepbx <itp> (bug #464926)
 CVE-2009-4457 (Multiple unspecified vulnerabilities in the Vsftpd Webmin module ...)
-	- webmin <itp> (bug #377948)
+	NOT-FOR-US: Webmin
 CVE-2009-4456 (SQL injection vulnerability in news_detail.php in Green Desktiny ...)
 	NOT-FOR-US: Green Desktiny
 CVE-2009-4455 (The default configuration of Cisco ASA 5500 Series Adaptive Security ...)
@@ -3210,7 +3211,7 @@
 	[lenny] - automake1.9 <no-dsa> (Minor issue)
 	- automake1.7 <unfixed>
 	[lenny] - automake1.7 <no-dsa> (Minor issue)
-	- automake1.10 <unfixed>
+	- automake1.10 1:1.10.3-1
 	[lenny] - automake1.10 <no-dsa> (Minor issue)
 	NOTE: spu will be released to avoid spreading the bug even further
 	NOTE: http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html
@@ -3273,7 +3274,7 @@
 CVE-2009-4016 (Integer underflow in the clean_string function in irc_string.c in (1) ...)
 	{DSA-1980-1}
 	- ircd-ratbox 3.0.6.dfsg-1 (medium; bug #567191)
-	- ircd-hybrid <unfixed> (medium; bug #567192)
+	- ircd-hybrid 1:7.2.2.dfsg.2-6.1 (medium; bug #567192)
 	- oftc-hybrid <unfixed> (medium; bug #567193)
 CVE-2009-4015 (Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x ...)
 	{DSA-1979-1}
@@ -3349,7 +3350,8 @@
 	{DSA-1999-1}
 	- xulrunner 1.9.1.8-1
 	[etch] - xulrunner <end-of-life>
-	- iceape <unfixed>
+	- iceape 2.0.3-1
+	[lenny] - iceape <not-affected> (Lenny package only provide xpcom stubs)
 CVE-2009-3987 (The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and ...)
 	- xulrunner <not-affected> (Windows-specific vulnerability)
 CVE-2009-3986 (Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey ...)
@@ -4165,7 +4167,7 @@
 	[lenny] - python-xml 0.8.4-10.1+lenny1
 	- python2.5 2.5.4-3.1 (low; bug #560912)
 	- python2.4 <unfixed> (low; bug #560913)
-	- python-4suite <unfixed> (low; bug #560914)
+	- python-4suite 1.0.2-7.2 (low; bug #560914)
 	[etch] - python-4suite <no-dsa> (Minor issue)
 	[lenny] - python-4suite <no-dsa> (Minor issue)
 	- wxwindows2.4 <removed> (unimportant; bug #560915)
@@ -4649,7 +4651,7 @@
 	- python2.5 2.5.4-3.1 (low; bug #560912)
 	- python2.4 <unfixed> (low; bug #560913)
 	- python2.6 2.6.4-4
-	- python-4suite <unfixed> (low; bug #560914)
+	- python-4suite 1.0.2-7.2 (low; bug #560914)
 	[etch] - python-4suite <no-dsa> (Minor issue)
 	[lenny] - python-4suite <no-dsa> (Minor issue)
 	- wxwindows2.4 <removed> (unimportant; bug #560915)
@@ -4799,7 +4801,7 @@
 	NOTE: A user must have access to a guest hard drive image in order to boot it,
 	NOTE:  so he can simply mount the drive and remove the password option.
 CVE-2009-XXXX [buffer overflow in overkill]
-	- overkill <unfixed> (bug #549310; low)
+	- overkill 0.16-14.1 (bug #549310; low)
 	[lenny] - overkill <no-dsa> (Minor issue)
 	[etch] - overkill <no-dsa> (Minor issue)
 CVE-2009-3524 (Unspecified vulnerability in ashWsFtr.dll in avast! Home and ...)
@@ -10939,7 +10941,8 @@
 	{DSA-1999-1}
 	- xulrunner 1.9.1.8-1
 	[etch] - xulrunner <end-of-life>
-	- iceape <unfixed>
+	- iceape 2.0.3-1
+	[lenny] - iceape <not-affected> (Lenny package only provide xpcom stubs)
 CVE-2009-1570 (Integer overflow in the ReadImage function in ...)
 	- gimp 2.6.7-1.1 (medium; bug #555929)
 CVE-2009-1569 (Multiple stack-based buffer overflows in Novell iPrint Client 4.38, ...)

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2010-02-21 07:25:59 UTC (rev 14135)
+++ data/spu-candidates.txt	2010-02-22 18:10:14 UTC (rev 14136)
@@ -201,6 +201,11 @@
 
 --
 
+makepasswd (no CVE ID)
+#564559
+
+--
+
 maradns
 http://maradns.org/download/maradns-1.4.02-parse_segfault.patch
 notified maintainer

More information about the Secure-testing-commits mailing list