[Secure-testing-commits] r13949 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Thu Jan 28 18:43:31 UTC 2010 

Author: jmm-guest
Date: 2010-01-28 18:43:30 +0000 (Thu, 28 Jan 2010)
New Revision: 13949

Modified:
   data/CVE/list
Log:
- systemtap doesn't affect Lenny
- automaken no-dsa
- postgres CVEfied
- classpath no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-01-28 14:01:06 UTC (rev 13948)
+++ data/CVE/list	2010-01-28 18:43:30 UTC (rev 13949)
@@ -38,13 +38,12 @@
 CVE-2010-XXXX [gmetad incorrect file permissions]
 	- gmetad <unfixed> (low; bug #567175)
 	TODO: check old/stable versions
-CVE-2010-XXXX [postgres bitsubstr overflow]
+CVE-2010-0442 [postgres bitsubstr overflow]
 	- postgresql-7.4 <removed>
 	- postgresql-8.1 <removed>
 	- postgresql-8.2 <removed>
 	- postgresql-8.3 <unfixed> (bug #567058)
 	- postgresql-8.4 <unfixed>
-	NOTE: CVE id requested on oss-sec
 CVE-2010-XXXX [bozohttpd DoS on incomplete requests]
 	- bozohttpd <unfixed> (low; bug #566325)
 	[lenny] - bozohttpd <no-dsa> (Minor issue)
@@ -1736,7 +1735,8 @@
 	RESERVED
 CVE-2009-4273 (stap-server in SystemTap before 1.1 allows remote attackers to execute ...)
 	- systemtap 1.1-1
-	TODO: check
+	[lenny] - systemtap <not-affected> (Server component not yet present)
+	[etch] - systemtap <not-affected> (Server component not yet present)
 CVE-2009-4272 [linux deadlock or null pointer dereference via routing hash table's emergency route flush]
 	RESERVED
 	- linux-2.6 <unfixed> (medium)
@@ -2396,7 +2396,13 @@
 	TODO: check
 CVE-2009-4029 (The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, ...)
 	- automake 1:1.11-1
-	TODO: check
+	[lenny] - automake <no-dsa> (Minor issue)
+	- automake1.9 <unfixed>
+	[lenny] - automake1.9 <no-dsa> (Minor issue)
+	- automake1.7 <unfixed>
+	[lenny] - automake1.7 <no-dsa> (Minor issue)
+	- automake1.10 <unfixed>
+	[lenny] - automake1.10 <no-dsa> (Minor issue)
 	NOTE: it also affects every Makefile.in generated by automake
 	NOTE: but it doesn't really affect Debian
 	NOTE: http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html
@@ -16523,6 +16529,7 @@
 	NOT-FOR-US: Sun Solaris
 CVE-2008-5659 (The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and ...)
 	- classpath 2:0.98-1 (bug #512532; low)
+	[lenny] - classpath <no-dsa> (Minor issue)
 	- libgnucrypto-java <removed> (low; bug #559789)
 	[lenny] - libgnucrypto-java <no-dsa> (Minor issue)
 CVE-2008-5657 (CRLF injection vulnerability in Quassel Core before 0.3.0.3 allows ...)

More information about the Secure-testing-commits mailing list