[Secure-testing-commits] r13924 - in data: . CVE

[Moritz Muehlenhoff]

Author: jmm-guest
Date: 2010-01-26 20:59:29 +0000 (Tue, 26 Jan 2010)
New Revision: 13924

Modified:
   data/CVE/list
   data/embedded-code-copies
Log:
- mysql fixed
- python2.6 fixed
- remove errerous ilohamail entry
- add now fixed gzip copy in velvet
- smart fixed, dunno if the second expat was fixed as well, only saw the changelog
- libsndfile issue unimportant


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-01-26 20:52:35 UTC (rev 13923)
+++ data/CVE/list	2010-01-26 20:59:29 UTC (rev 13924)
@@ -971,7 +971,7 @@
 	RESERVED
 CVE-2009-4484 (Buffer overflow in the server in MySQL 5.0.51a on Linux allows remote ...)
 	- mysql-dfsg-5.0 <removed> (medium)
-	- mysql-dfsg-5.1 <unfixed> (medium)
+	- mysql-dfsg-5.1 5.1.41-4 (medium)
 	NOTE: maintainer working on updates
 CVE-2009-4483 (Unspecified vulnerability in LDAP3A.exe in MailSite 8.0.4 allows ...)
 	NOT-FOR-US: MailSite
@@ -3285,7 +3285,7 @@
 	- paraview 3.6.2-1 (unimportant; bug #560935)
 	- poco 1.3.6p1-1 (unimportant; bug #560936)
 	- simgear <unfixed> (unimportant; bug #560937)
-	- smart <unfixed> (low; bug #560953)
+	- smart 1.2-5 (low; bug #560953)
 	[etch] - smart <no-dsa> (minor issue)
 	[lenny] - smart <no-dsa> (minor issue)
 	- tla 1.3.5+dfsg-15 (unimportant; bug #560940)
@@ -3741,6 +3741,7 @@
 	TODO: after next point release [lenny] - python-xml 0.8.4-10.1+lenny1
 	- python2.5 2.5.4-3.1 (low; bug #560912)
 	- python2.4 <unfixed> (low; bug #560913)
+	- python2.6 2.6.4-4
 	- python-4suite <unfixed> (low; bug #560914)
 	[etch] - python-4suite <no-dsa> (Minor issue)
 	[lenny] - python-4suite <no-dsa> (Minor issue)
@@ -8013,9 +8014,8 @@
 	NOTE: This is mostly a missing feature, it's unlikely that any threaded application
 	NOTE: is using libdkim in the current state, so the practical impact is none
 CVE-2009-XXXX [libsndfile: potential dos via crafted input]
-	- libsndfile <unfixed> (low; bug #530831)
-	[etch] - libsndfile <no-dsa> (minor issue)
-	[lenny] - libsndfile <no-dsa> (minor issue)
+	- libsndfile <unfixed> (unimportant; bug #530831)
+	NOTE: Just a crasher, no code injection
 CVE-2009-XXXX [mimedecode: potential dos/crash due to invalid input]
 	- mimedecode <removed> (low; bug #530430)
 	[etch] - mimedecode <no-dsa> (minor issue)
@@ -61213,7 +61213,6 @@
 CVE-2006-1236 (Buffer overflow in the SetUp function in socket/request.c in CrossFire ...)
 	{DSA-1010-1 DSA-1009-1}
 	- crossfire 1.9.0-2 (medium)
-	- ilohamail 0.8.14-0rc3sarge1 (medium)
 CVE-2006-1235 (Directory traversal vulnerability in admin/deleteuser.php in HitHost ...)
 	NOT-FOR-US: HitHost
 CVE-2006-1234 (SQL injection vulnerability in index.php in DSCounter 1.2, with ...)

Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies	2010-01-26 20:52:35 UTC (rev 13923)
+++ data/embedded-code-copies	2010-01-26 20:59:29 UTC (rev 13924)
@@ -120,6 +120,7 @@
 	- plt-scheme <unfixed>
 	- perl <unfixed>
 	- paraview <unfixed>
+	- velvet 0.7.56~nozlibcopy-1
 	- gcvs <unfixed>
 	- dump <unfixed>
 	- aide <unfixed> (static)