[Secure-testing-commits] r13833 - in data: . CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Sat Jan 16 11:46:49 UTC 2010 

Author: jmm-guest
Date: 2010-01-16 11:46:47 +0000 (Sat, 16 Jan 2010)
New Revision: 13833

Modified:
   data/CVE/list
   data/embedded-code-copies
Log:
- knowledgeroot code copies
- openssl fixed
- align drupal5 no-dsa with drupal6 no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-01-16 02:47:26 UTC (rev 13832)
+++ data/CVE/list	2010-01-16 11:46:47 UTC (rev 13833)
@@ -792,34 +792,36 @@
 	NOTE: http://sourceforge.net/mailarchive/forum.php?thread_name=E1NS2s4-0001PE-F2@3bkjzd1.ch3.sourceforge.com&forum_name=lxr-developer
 CVE-2009-4496 (Boa 0.94.14rc21 writes data to a log file without sanitizing ...)
 	- boa <unfixed> (unimportant)
-	NOTE: same as CVE-2009-4487
+	NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487
 CVE-2009-4495 (Yaws 1.85 writes data to a log file without sanitizing non-printable ...)
 	- yaws <unfixed> (unimportant)
-	NOTE: same as CVE-2009-4487
+	NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487
 CVE-2009-4494 (AOLserver 4.5.1 writes data to a log file without sanitizing ...)
 	- aolserver4 <unfixed> (unimportant)
-	NOTE: same as CVE-2009-4487
+	NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487
 CVE-2009-4493 (Orion Application Server 2.0.7 writes data to a log file without ...)
 	NOT-FOR-US: Orion httpd
 CVE-2009-4492 (WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through ...)
 	- ruby1.8 1.8.7.249-1 (unimportant; bug #564598)
+	- ruby1.8 1.8.7.249-1 (unimportant; bug #564598)
 	- ruby1.9 <unfixed> (unimportant; bug #564647)
+	NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487
 	NOTE: same as CVE-2009-4487
 CVE-2009-4491 (thttpd 2.25b0 writes data to a log file without sanitizing ...)
 	- thttpd <unfixed> (unimportant)
-	NOTE: same as CVE-2009-4487
+	NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487
 CVE-2009-4490 (mini_httpd 1.19 writes data to a log file without sanitizing ...)
 	- mini-httpd <unfixed> (unimportant)
-	NOTE: same as CVE-2009-4487
+	NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487
 CVE-2009-4489 (header.c in Cherokee before 0.99.32 writes data to a log file without ...)
 	- cherokee 0.99.37-1 (unimportant)
-	NOTE: same as CVE-2009-4487
+	NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487
 CVE-2009-4488 (** DISPUTED ** Varnish 2.0.6 writes data to a log file without ...)
 	- varnish <unfixed> (unimportant)
-	NOTE: same as CVE-2009-4487
+	NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487
 CVE-2009-4487 (nginx 0.7.64 writes data to a log file without sanitizing ...)
 	- nginx <unfixed> (unimportant)
-	NOTE: http://www.ush.it/team/ush/hack_httpd_escape/adv.txt
+	NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487
 CVE-2009-4486 (Stack-based buffer overflow in the eDirectory plugin in Novell ...)
 	NOT-FOR-US: iManager
 CVE-2009-4485
@@ -1151,14 +1153,17 @@
 	- drupal6 6.15-1 (low; bug #562165)
 	[lenny] - drupal6 <no-dsa> (Minor issue, requires auth)
 	- drupal5 5.21-1
+	[lenny] - drupal5 <no-dsa> (Minor issue, requires auth)
 CVE-2009-4370 (Cross-site scripting (XSS) vulnerability in the Menu module ...)
 	- drupal6 6.15-1 (low; bug #562165)
 	[lenny] - drupal6 <no-dsa> (Minor issue, requires auth)
 	- drupal5 5.21-1
+	[lenny] - drupal5 <no-dsa> (Minor issue, requires auth)
 CVE-2009-4369 (Cross-site scripting (XSS) vulnerability in the Contact module ...)
 	- drupal6 6.15-1 (low; bug #562165)
 	[lenny] - drupal6 <no-dsa> (Minor issue, requires auth)
 	- drupal5 5.21-1 (low)
+	[lenny] - drupal5 <no-dsa> (Minor issue, requires auth)
 CVE-2009-4368 (Multiple unspecified vulnerabilities in Centreon before 2.1.4 have ...)
 	NOT-FOR-US: Centreon
 CVE-2009-4367 (The Staging Webservice (&quot;sitecore modules/staging/service/api.asmx&quot;) ...)
@@ -1188,7 +1193,7 @@
 	NOT-FOR-US: Winamp
 CVE-2009-4355 (Memory leak in the zlib_stateful_finish function in ...)
 	{DSA-1970-1}
-	- openssl <unfixed> (low)
+	- openssl 0.9.8k-8 (low)
 	[etch] - openssl <not-affected> (affects only 0.9.8f and later)
 	NOTE: apache2 packages in squeeze/sid do not seem to allow exploit
 CVE-2009-4354 (TransWARE Active! mail 2003 build 2003.0139.0871 and earlier does not ...)

Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies	2010-01-16 02:47:26 UTC (rev 13832)
+++ data/embedded-code-copies	2010-01-16 11:46:47 UTC (rev 13833)
@@ -828,6 +828,7 @@
 php-gettext
 	- wordpress 2.8.4-1 (embed; bug #504242)
 	- docbookwiki <unfixed> (embed)
+	- knowledgeroot 0.9.9.5-1
 	NOTE: non-free
 
 libphp-ixr (name may change, it is the Incutio XML-RPC)

More information about the Secure-testing-commits mailing list