[Secure-testing-commits] r13896 - in data: . CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Sun Jan 24 19:57:07 UTC 2010 

Author: gilbert-guest
Date: 2010-01-24 19:57:06 +0000 (Sun, 24 Jan 2010)
New Revision: 13896

Modified:
   data/CVE/list
   data/embedded-code-copies
Log:
gnome-screensaver issue; libgnucrypto-java removed; add kfreebsd packages to the embedded code copies list

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-01-24 17:26:55 UTC (rev 13895)
+++ data/CVE/list	2010-01-24 19:57:06 UTC (rev 13896)
@@ -3,6 +3,11 @@
 	[lenny] - maradns <no-dsa> (minor issue)
 	[etch] - maradns <not-affected> (vulnerable code introduced in 1.3.03)
 	NOTE: http://maradns.org/download/maradns-1.4.02-parse_segfault.patch
+CVE-2010-XXXX [gnome-screensaver always unlocks after five failed attempts]
+	- gtk+2.0 2.18.5-1
+	[lenny] - gtk+2.0 <not-affected> (issue only exposed by gnome-screensaver 2.28)
+	[etch] - gtk+2.0 <not-affected> (issue only exposed by gnome-screensaver 2.28)
+	NOTE: http://osvdb.org/show/osvdb/61203
 CVE-2010-0379 (Multiple unspecified vuilnerabilities in the Macromedia Flash ActiveX ...)
 	TODO: check
 CVE-2010-0378 (Use-after-free vulnerability in Adobe Flash Player 6.0.79, as ...)
@@ -16395,7 +16400,7 @@
 	NOT-FOR-US: Sun Solaris
 CVE-2008-5659 (The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and ...)
 	- classpath 2:0.98-1 (bug #512532; medium)
-	- libgnucrypto-java <unfixed> (medium; bug #559789)
+	- libgnucrypto-java <removed> (medium; bug #559789)
 CVE-2008-5657 (CRLF injection vulnerability in Quassel Core before 0.3.0.3 allows ...)
 	- quassel 0.2~rc1-1.1 (bug #506550)
 CVE-2008-5656 (Cross-site scripting (XSS) vulnerability in the frontend plugin for ...)

Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies	2010-01-24 17:26:55 UTC (rev 13895)
+++ data/embedded-code-copies	2010-01-24 19:57:06 UTC (rev 13896)
@@ -1567,7 +1567,7 @@
 	- php4 <removed> (old-version)
 
 classpath
-	- libgnucrypto-java <unfixed> (embed; bug #559788)
+	- libgnucrypto-java <removed> (embed; bug #559788)
 
 libtool
 	- apr <unfixed> (static; bug #489625)
@@ -1727,3 +1727,7 @@
 
 libxerces2
         - openjdk-6 <unfixed> (embed)
+
+kfreebsd-8
+        - kfreebsd-7 <unfixed> (old-version)
+        - kfreebsd-6 <removed> (old-version)

More information about the Secure-testing-commits mailing list