[Secure-testing-commits] r13900 - in data: . CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Sun Jan 24 23:48:49 UTC 2010
Author: gilbert-guest
Date: 2010-01-24 23:48:49 +0000 (Sun, 24 Jan 2010)
New Revision: 13900
Modified:
data/CVE/list
data/embedded-code-copies
Log:
various new issues; many libltdl, prototype, and expat issues fixed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-01-24 23:31:05 UTC (rev 13899)
+++ data/CVE/list 2010-01-24 23:48:49 UTC (rev 13900)
@@ -8,6 +8,19 @@
[lenny] - gtk+2.0 <not-affected> (issue only exposed by gnome-screensaver 2.28)
[etch] - gtk+2.0 <not-affected> (issue only exposed by gnome-screensaver 2.28)
NOTE: http://osvdb.org/show/osvdb/61203
+CVE-2010-XXXX [sqlite: info leak]
+ - sqlite3 <unfixed> (low; bug #566326)
+CVE-2010-XXXX [backup-manager: make sure password is not written to world-readable files]
+ - backup-manager <undetermined> (low)
+ TODO: after next stable point release: [lenny] - backup-manager 0.7.7-2
+ NOTE: http://lists.debian.org/debian-release/2010/01/msg00181.html
+CVE-2010-XXXX [sudosh3: many security weaknesses]
+ - sudosh3 <unfixed> (high; bug #566142)
+ NOTE: package is likely to be removed
+CVE-2010-XXXX [phpbb: many issues]
+ - phpbb <undetermined>
+ NOTE: http://www.openwall.com/lists/oss-security/2010/01/16/2
+ TODO: check
CVE-2010-0379 (Multiple unspecified vuilnerabilities in the Macromedia Flash ActiveX ...)
TODO: check
CVE-2010-0378 (Use-after-free vulnerability in Adobe Flash Player 6.0.79, as ...)
@@ -193,6 +206,7 @@
CVE-2010-0319 (Cross-site scripting (XSS) vulnerability in index.php in Docmint 1.0 ...)
NOT-FOR-US: Docmint
CVE-2010-0318 (The replay functionality for ZFS Intent Log (ZIL) in FreeBSD 7.1, 7.2, ...)
+ - kfreebsd-6 <not-affected> (vulnerable code introduced in freebsd 7)
- kfreebsd-7 7.2-10 (bug #566684)
- kfreebsd-8 8.0-2
CVE-2010-0317 (Novell Netware 6.5 SP8 allows remote attackers to cause a denial of ...)
@@ -268,8 +282,10 @@
RESERVED
CVE-2010-0291
RESERVED
-CVE-2010-0290
+CVE-2010-0290 [bind: CVE-2009-4022 fix incomplete]
RESERVED
+ - bind <unfixed>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=554851#c7
CVE-2010-0289 [dokuwiki CSRF]
RESERVED
{DSA-1976-1}
@@ -3109,7 +3125,7 @@
- hamlib <unfixed> (low; bug #559814)
[lenny] - hamlib <no-dsa> (Minor issue)
[etch] - hamlib <no-dsa> (Minor issue)
- - hercules <unfixed> (low; bug #559815)
+ - hercules 3.06-1.2 (low; bug #559815)
[lenny] - hercules <no-dsa> (Minor issue)
[etch] - hercules <no-dsa> (Minor issue)
- jags 1.0.4-1 (low; bug #559816)
@@ -3140,7 +3156,7 @@
[lenny] - siproxd <no-dsa> (Minor issue)
[etch] - siproxd <no-dsa> (Minor issue)
- ski <unfixed> (low; bug #559828)
- - synfig <unfixed> (low; bug #559829)
+ - synfig 0.62.00-1 (low; bug #559829)
[lenny] - synfig <no-dsa> (Minor issue)
- xmlsec1 1.2.14-1 (unimportant; bug #559831)
NOTE: Embedded code copy isn't used
@@ -3267,7 +3283,7 @@
- grmonitor <removed> (unimportant; bug #560931)
- iceape <unfixed> (unimportant; bug #560932)
- insighttoolkit 3.16.0-1 (unimportant; bug #560933)
- - paraview <unfixed> (unimportant; bug #560935)
+ - paraview 3.6.2-1 (unimportant; bug #560935)
- poco <unfixed> (unimportant; bug #560936)
- simgear <unfixed> (unimportant; bug #560937)
- smart <unfixed> (low; bug #560953)
@@ -3750,7 +3766,7 @@
- grmonitor <removed> (unimportant; bug #560931)
- iceape <unfixed> (unimportant; bug #560932)
- insighttoolkit 3.16.0-1 (unimportant; bug #560933)
- - paraview <unfixed> (unimportant; bug #560935)
+ - paraview 3.6.2-1 (unimportant; bug #560935)
- poco <unfixed> (unimportant; bug #560936)
- simgear <unfixed> (unimportant; bug #560937)
- smart <unfixed> (low; bug #560953)
@@ -4854,7 +4870,7 @@
- otrs2 2.3.4-6 (low; bug #555266)
[etch] - otrs2 <not-affected> (prototype.js not present)
[lenny] - otrs2 <not-affected> (prototype.js not present)
- - webcalendar <unfixed> (low; bug #555268)
+ - webcalendar 1.2~b1-2 (low; bug #555268)
[lenny] - webcalendar <not-affected> (prototype.js not present)
- libhtml-prototype-perl 1.48-3 (low; bug #558977)
[etch] - libhtml-prototype-perl <no-dsa> (minor issue)
@@ -5400,7 +5416,7 @@
CVE-2008-7149 (Unspecified vulnerability in AgileWiki before 0.10.1 has unknown ...)
NOT-FOR-US: AgileWiki
CVE-2008-7148 (Unspecified vulnerability in Synfig Animation Studio before 0.61.08 ...)
- NOT-FOR-US: Synfig Animation Studio
+ - synfig 0.61.08-1
CVE-2008-7147 (Multiple cross-site scripting (XSS) vulnerabilities in IntraLearn ...)
NOT-FOR-US: IntraLearn Software IntraLearn
CVE-2008-7146 (IntraLearn Software IntraLearn 2.1, and possibly other versions before ...)
@@ -30087,9 +30103,7 @@
CVE-2007-6673 (Cross-site scripting (XSS) vulnerability in Makale Scripti allows ...)
NOT-FOR-US: Makale Scripti
CVE-2007-6672 (Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass ...)
- - jetty <not-affected> (medium; bug #462793; bug #559765)
- NOTE: only applies to version >= 6
- TODO: maintainer checking on status; follow up
+ - jetty 6.1.18-1 (medium; bug #462793; bug #559765)
CVE-2007-6671 (SQL injection vulnerability in login_form.asp in Instant Softwares ...)
NOT-FOR-US: Instant Softwares Dating Site
CVE-2007-6670 (SQL injection vulnerability in search.php in PHCDownload 1.1.0 allows ...)
@@ -41715,7 +41729,7 @@
- activeldap <not-affected> (fixed since initial inclusion)
- mantis <not-affected> (fixed since initial inclusion)
- otrs2 <not-affected> (fixed since initial inclusion)
- - webcalendar <unfixed> (low; bug #555268)
+ - webcalendar 1.2~b1-2 (low; bug #555268)
[lenny] - webcalendar <not-affected> (prototype.js not present)
- plone3 <removed> (low; bug #555274)
- wesnoth <not-affected> (fixed since initial inclusion)
Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies 2010-01-24 23:31:05 UTC (rev 13899)
+++ data/embedded-code-copies 2010-01-24 23:48:49 UTC (rev 13900)
@@ -757,7 +757,7 @@
- libv8 <not-affected> (contains a google-specific implementation of prototype.js)
- mantis 1.1.2+dfsg-1 (embed; bug #555265)
- otrs2 2.3.4-6 (embed; bug #555267)
- - webcalendar <unfixed> (embed; bug #555269)
+ - webcalendar 1.2~b1-2 (embed; bug #555269)
- redmine 0.9.0~svn2907-1 (embed; bug #555270)
- jifty 0.90519-1 (embed; bug #555271)
- jquery 1.4-1 (embed; bug #555272)
@@ -883,11 +883,6 @@
- kdepimlibs 4.2.0-1 (fork)
- claws-mail-extra-plugins <unfixed> (fork)
-libltdl3
- - kdelibs <unfixed> (embed)
- NOTE: it's been said it sets RT_GLOBAL (or something like that) at runtime and version in experimental of libltdl can optionally set it
- - synfig <unfixed> (embed)
-
harfbuzz
- qt4-x11 <unfixed> (embed)
- pango1.0 <unfixed> (embed)
@@ -1141,7 +1136,7 @@
- insighttoolkit 3.16.0-1 (embed)
NOTE: insighttoolkit might've been fixed earlier
- libparagui1.1 1.0.2-1 (embed)
- - paraview <unfixed> (embed)
+ - paraview 3.6.2-1 (embed)
- poco <unfixed> (embed)
- simgear <unfixed> (embed)
- sitecopy 1:0.16.0-1
@@ -1594,7 +1589,7 @@
NOTE: The etch version of graphviz was the earliest version checked, might be fixed earlier
- guile-1.6 1.6.8-7 (embed)
- hamlib <unfixed> (embed)
- - hercules <unfixed> (embed)
+ - hercules 3.06-1.2 (embed)
- jags 1.0.4-3 (embed; bug #560864)
- kdelibs <unfixed> (embed)
- libannodex <removed> (embed)
@@ -1608,7 +1603,7 @@
- redland <unfixed> (embed)
- siproxd <unfixed> (embed)
- ski <unfixed> (embed)
- - synfig <unfixed> (embed)
+ - synfig 0.62.00-1 (embed)
- unixodbc 2.2.4-5 (embed)
- xmlsec1 <not-affected> (Doesn't enable dynamic loading of crypto modules)
- clamav 0.95+dfsg-1 (embed)
More information about the Secure-testing-commits
mailing list