[Secure-testing-commits] r13938 - in data: . CVE

[Moritz Muehlenhoff]

Author: jmm-guest
Date: 2010-01-27 20:30:13 +0000 (Wed, 27 Jan 2010)
New Revision: 13938

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
more lenny triage


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-01-27 20:29:32 UTC (rev 13937)
+++ data/CVE/list	2010-01-27 20:30:13 UTC (rev 13938)
@@ -325,7 +325,7 @@
 	NOTE: http://secunia.com/advisories/38205/
 CVE-2010-0286 [typo3 openid auth bypass]
 	RESERVED
-	- typo3-src <unfixed> (bug filed)
+	- typo3-src <unfixed> (bug #567163)
 	[lenny] - typo3-src <not-affected> (Only affects 4.3.x)
 	NOTE: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-001/
 CVE-2010-0285 [gnome screensaver not locking second screen]
@@ -8288,12 +8288,15 @@
 	NOT-FOR-US: TGS Content Management
 CVE-2008-6838 (Cross-site scripting (XSS) vulnerability in search.php in Zoph 0.7.2.1 ...)
 	- zoph 0.8.0.1-1 (low; bug #535188)
+	[lenny] - zoph <no-dsa> (Minor issue, fringe package)
 	NOTE: it seems a duplicate of CVE-2008-3258 
 CVE-2008-6837 (SQL injection vulnerability in Zoph 0.7.2.1 allows remote attackers to ...)
 	- zoph 0.8.0.1-1 (bug #535188)
+	[lenny] - zoph <no-dsa> (Minor issue, fringe package)
 	NOTE: the details are unknown
 CVE-2009-2343 (Cross-site scripting (XSS) vulnerability in people.php in Zoph before ...)
 	- zoph 0.7.5-1 (low; bug #535188)
+	[lenny] - zoph <no-dsa> (Minor issue, fringe package)
 	NOTE: http://sourceforge.net/tracker/?func=detail&aid=2815898&group_id=69353&atid=524249
 	NOTE: http://sourceforge.net/project/shownotes.php?group_id=69353&release_id=694128
 CVE-2008-6836 (Cross-site request forgery (CSRF) vulnerability in OpenID 5.x before ...)
@@ -9592,6 +9595,8 @@
 	NOTE: PoC https://cevans-app.appspot.com/static/webkitentityoffbyone.html
 CVE-2009-1724 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
 	- qt4-x11 <unfixed> (low; bug #538403)
+	[etch] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
+	[lenny] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
 	- webkit 1.1.13-1 (low; bug #538402)
 	NOTE: http://www.thespanner.co.uk/2009/06/19/minor-safari-cross-domain-bug/
 CVE-2009-1723 (CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL ...)
@@ -12379,6 +12384,8 @@
 CVE-2009-0945 (Array index error in the insertItemBefore method in WebKit, as used in ...)
 	{DSA-1950-1 DSA-1866-1}
 	- qt4-x11 4:4.5.2-1 (medium; bug #532718)
+	[etch] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
+	[lenny] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
 	- webkit 1.1.5-1 (medium; bug #532724; bug #532725)
 	NOTE: http://trac.webkit.org/changeset/43590
 	- kde4libs 4:4.3.0-1 (medium; bug #534917)
@@ -57405,10 +57412,10 @@
 	- thunderbird 1.5.0.4-1 (medium)
 	- mozilla 2:1.7.13-0.3 (medium)
 	- xulrunner 1.8.0.4-1 (medium)
-	- webkit <unfixed> (medium; bug #535793)
-	- qt4-x11 <unfixed> (low; bug #561760)
-	- kdelibs <unfixed> (low; bug #561765)
-	- kde4libs <unfixed> (low; bug #561762)
+	- webkit <undetermined> (bug #535793)
+	- qt4-x11 <undetermined> (bug #561760)
+	- kdelibs <undetermined> (bug #561765)
+	- kde4libs <undetermined> (bug #561762)
 	TODO: work with upstream to determine affected/not-affected webkit versions
 CVE-2006-2782 (Firefox 1.5.0.2 does not fix all test cases associated with ...)
 	{DSA-1134-1 DSA-1120 DSA-1118}

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2010-01-27 20:29:32 UTC (rev 13937)
+++ data/spu-candidates.txt	2010-01-27 20:30:13 UTC (rev 13938)
@@ -448,3 +448,9 @@
 
 zope2.10 (no CVE)
 https://mail.zope.org/pipermail/zope-announce/2010-January/002229.html
+
+--
+
+zoph (CVE-2008-6838, CVE-2008-6837, CVE-2009-2343)
+http://sourceforge.net/tracker/?func=detail&aid=2815898&group_id=69353&atid=524249
+http://sourceforge.net/project/shownotes.php?group_id=69353&release_id=694128