[Secure-testing-commits] r13963 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Fri Jan 29 17:54:51 UTC 2010 

Author: jmm-guest
Date: 2010-01-29 17:54:51 +0000 (Fri, 29 Jan 2010)
New Revision: 13963

Modified:
   data/CVE/list
Log:
- evolution issue only in external plugin, ytnef affects Debian
- new wireshark issue
- new issues in mount apps for fuse and cifs
- mysql/yassl issue already tracked


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-01-29 17:26:56 UTC (rev 13962)
+++ data/CVE/list	2010-01-29 17:54:51 UTC (rev 13963)
@@ -1,9 +1,5 @@
-CVE-2010-XXXX [mysql buffer overflow in yassl]
-	- mysql-dfsg-5.1 <unfixed>
-	- mysql-dfsg-5.0 <removed>
-	TODO: check affected versions and other packages embedding yassl
-	NOTE: http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html
-	NOTE: http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1
+CVE-2010-XXXX [wireshark LWRES issue]
+	- wireshark 1.2.6-1
 CVE-2010-0392 (Stack-based buffer overflow in vpnconf.exe in TheGreenBow IPSec VPN ...)
 	NOT-FOR-US: TheGreenBow IPSec VPN Client
 CVE-2010-0391 (Multiple stack-based buffer overflows in Embarcadero Technologies ...)
@@ -2105,8 +2101,7 @@
 CVE-2009-4143 (PHP before 5.2.12 does not properly handle session data, which has ...)
 	- php5 5.2.12.dfsg.1-1 (low)
 CVE-2009-4142 (The htmlspecialchars function in PHP before 5.2.12 does not properly ...)
-	- php5 5.2.12.dfsg.1-1
-	TODO: determine real impact
+	- php5 5.2.12.dfsg.1-1 (medium)
 CVE-2009-4141 (Use-after-free vulnerability in the fasync_helper function in ...)
 	- linux-2.6 <unfixed>
 	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
@@ -2810,10 +2805,11 @@
 	- linux-2.6 <unfixed> (unimportant)
 	- linux-2.6.24 <unfixed> (unimportant)
 	NOTE: All Debian kernels have MMU support enabled
-CVE-2009-3887 [evolution path traversal]
+CVE-2009-3887 [ytnef path traversal]
 	RESERVED
-	- evolution <unfixed>
+	- ytnef <unfixed>
 	NOTE: http://www.ocert.org/advisories/ocert-2009-013.html
+	NOTE: This doesn't affect Evolution, the TNEF plugin is external
 CVE-2009-3886 (The Java Web Start implementation in Sun Java SE 6 before Update 17 ...)
 	- openjdk-6 <unfixed> (medium; bug #560908)
 	- sun-java6 6-17-1
@@ -3333,10 +3329,11 @@
 	- kvm 88+dfsg-2 (low; bug #557739)
 	NOTE: http://bugzilla.redhat.com/531660
 	NOTE: http://git.kernel.org/linus/0a79b009525b160081d75cef5dbf45817956acf2
-CVE-2009-3721 [evolution buffer overflow]
+CVE-2009-3721 [ytnef buffer overflow]
 	RESERVED
-	- evolution <unfixed>
+	- ytnef <unfixed>
 	NOTE: http://www.ocert.org/advisories/ocert-2009-013.html
+	NOTE: This doesn't affect Evolution, the TNEF plugin is external
 CVE-2009-3720 (The updatePosition function in lib/xmltok_impl.c in libexpat in Expat ...)
 	{DSA-1977-1 DSA-1921-1}
 	- expat 2.0.1-5 (low; bug #551936)
@@ -4546,8 +4543,12 @@
 	{DSA-1924-1}
 	- mahara 1.1.7-1 (low)
 	NOTE: http://mahara.org/interaction/forum/topic.php?id=1169
-CVE-2009-3297
+CVE-2009-3297 [mount race conditions]
 	RESERVED
+	- fuse <unfixed>
+	- samba <unfixed>
+	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=6853
+	TODO: File bugs
 CVE-2009-3296 (Multiple integer overflows in tiffread.c in CamlImages 2.2 might allow ...)
 	{DSA-1912-2 DSA-1912-1}
 	- camlimages 1:3.0.1-5 (low)

More information about the Secure-testing-commits mailing list