[Secure-testing-commits] r13974 - in data: . CVE
Giuseppe Iuculano
derevko-guest at alioth.debian.org
Sat Jan 30 19:11:29 UTC 2010
Author: derevko-guest
Date: 2010-01-30 19:11:22 +0000 (Sat, 30 Jan 2010)
New Revision: 13974
Modified:
data/CVE/list
data/spu-candidates.txt
Log:
stable point update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-01-30 19:03:23 UTC (rev 13973)
+++ data/CVE/list 2010-01-30 19:11:22 UTC (rev 13974)
@@ -60,7 +60,7 @@
[lenny] - sqlite3 <no-dsa> (Minor information leak)
CVE-2010-XXXX [backup-manager: make sure password is not written to world-readable files]
- backup-manager <undetermined> (low)
- TODO: after next stable point release: [lenny] - backup-manager 0.7.7-2
+ [lenny] - backup-manager 0.7.7-2
NOTE: http://lists.debian.org/debian-release/2010/01/msg00181.html
CVE-2010-XXXX [sudosh3: many security weaknesses]
- sudosh3 <unfixed> (high; bug #566142)
@@ -1367,20 +1367,17 @@
NOT-FOR-US: AlienVault Open Source Security Information Management
CVE-2009-4371 (Cross-site scripting (XSS) vulnerability in the Locale module ...)
- drupal6 6.15-1 (low; bug #562165)
- [lenny] - drupal6 <no-dsa> (Minor issue, requires auth)
- TODO: next point release: [lenny] - drupal6 6.6-3lenny4
+ [lenny] - drupal6 6.6-3lenny4
- drupal5 5.21-1
[lenny] - drupal5 <no-dsa> (Minor issue, requires auth)
CVE-2009-4370 (Cross-site scripting (XSS) vulnerability in the Menu module ...)
- drupal6 6.15-1 (low; bug #562165)
- [lenny] - drupal6 <no-dsa> (Minor issue, requires auth)
- TODO: next point release: [lenny] - drupal6 6.6-3lenny4
+ [lenny] - drupal6 6.6-3lenny4
- drupal5 5.21-1
[lenny] - drupal5 <no-dsa> (Minor issue, requires auth)
CVE-2009-4369 (Cross-site scripting (XSS) vulnerability in the Contact module ...)
- drupal6 6.15-1 (low; bug #562165)
- [lenny] - drupal6 <no-dsa> (Minor issue, requires auth)
- TODO: next point release: [lenny] - drupal6 6.6-3lenny4
+ [lenny] - drupal6 6.6-3lenny4
- drupal5 5.21-1 (low)
[lenny] - drupal5 <no-dsa> (Minor issue, requires auth)
CVE-2009-4368 (Multiple unspecified vulnerabilities in Centreon before 2.1.4 have ...)
@@ -1791,8 +1788,7 @@
CVE-2009-XXXX [unsafe xfs]
- xfs 1:1.0.8-6 (low; bug #521107)
[etch] - xfs <no-dsa> (minor issue)
- [lenny] - xfs <no-dsa> (minor issue)
- TODO: next point update: [lenny] - xfs 1:1.0.8-2.2+lenny1
+ [lenny] - xfs 1:1.0.8-2.2+lenny1
CVE-2009-XXXX [xserver-xorg: inherits user's mask]
- xorg-server 2:1.7.2-1 (low; bug #555308)
[lenny] - xorg-server <no-dsa> (Minor issue)
@@ -2500,8 +2496,7 @@
RESERVED
CVE-2009-4007 (Unspecified vulnerability in the NormaliseTrainConsist function in ...)
- openttd 0.7.5-1
- [lenny] - openttd <no-dsa> (Contrib not supported)
- TODO: next point update [lenny] - openttd 0.6.2-1+lenny1
+ [lenny] - openttd 0.6.2-1+lenny1
CVE-2009-4006 (Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft ...)
NOT-FOR-US: Serv-U FTP server
CVE-2009-4005 (The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the ...)
@@ -3347,8 +3342,7 @@
[etch] - w3c-libwww <no-dsa> (Minor issue, only used by fringe apps)
- python-xml <removed> (low; bug #560951)
[etch] - python-xml <no-dsa> (minor issue)
- [lenny] - python-xml <no-dsa> (minor issue)
- TODO: after next point release [lenny] - python-xml 0.8.4-10.1+lenny1
+ [lenny] - python-xml 0.8.4-10.1+lenny1
- python2.5 2.5.4-3.1 (low; bug #560912)
- python2.4 <unfixed> (low; bug #560913)
- python-4suite <unfixed> (low; bug #560914)
@@ -3582,8 +3576,7 @@
- kvm <removed> (medium; bug #562076)
CVE-2009-3637 (Stack-based buffer overflow in the M_AddToServerList function in ...)
- alien-arena 7.33-1 (medium; bug #552038)
- [lenny] - alien-arena <no-dsa> (Contrib not supported)
- TODO: next point-release: [lenny] - alien-arena 7.0-1+lenny1
+ [lenny] - alien-arena 7.0-1+lenny1
CVE-2009-3636 (Cross-site scripting (XSS) vulnerability in the Install Tool ...)
{DSA-1926-1}
- typo3-src 4.2.10-1 (medium; bug #552020)
@@ -3830,8 +3823,7 @@
[etch] - w3c-libwww <no-dsa> (Minor issue, only used by fringe apps)
- python-xml <removed> (low; bug #560951)
[etch] - python-xml <no-dsa> (minor issue)
- [lenny] - python-xml <no-dsa> (minor issue)
- TODO: after next point release [lenny] - python-xml 0.8.4-10.1+lenny1
+ [lenny] - python-xml 0.8.4-10.1+lenny1
- python2.5 2.5.4-3.1 (low; bug #560912)
- python2.4 <unfixed> (low; bug #560913)
- python2.6 2.6.4-4
@@ -4108,8 +4100,7 @@
- opensaml2 2.2.1-1
- shibboleth-sp <removed>
- shibboleth-sp2 2.2.1+dfsg-1
- [lenny] - opensaml <no-dsa> (Minor issue)
- TODO: next point update: [lenny] - opensaml 2.0-2+lenny1
+ [lenny] - opensaml 2.0-2+lenny1
CVE-2009-3473 (IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER privilege ...)
NOT-FOR-US: IBM DB2
CVE-2009-3472 (IBM DB2 8 before FP18, 9.1 before FP8, and 9.5 before FP4 allows ...)
@@ -4215,8 +4206,7 @@
- request-tracker3.8 3.8.5-1 (bug #546829)
- request-tracker3.6 3.6.9-1 (bug #546778)
[etch] - request-tracker3.6 <not-affected> (vulnerable code not present)
- [lenny] - request-tracker3.6 <no-dsa> (Minor issue)
- TODO: next point update: [lenny] - request-tracker3.6 3.6.7-5+lenny2
+ [lenny] - request-tracker3.6 3.6.7-5+lenny2
NOTE: CVE id requested
CVE-2009-3430 (SQL injection vulnerability in login.php in Allomani Mobile 2.5 allows ...)
NOT-FOR-US: Allomani Mobile
@@ -4589,8 +4579,7 @@
TODO: check php4
CVE-2009-3289 (The g_file_copy function in glib 2.0 sets the permissions of a target ...)
- glib2.0 2.22.0-1 (low)
- [lenny] - glib2.0 <no-dsa> (Minor issue)
- TODO: next point update: [lenny] - glib2.0 2.16.6-3
+ [lenny] - glib2.0 2.16.6-3
[etch] - glib2.0 <no-dsa> (Minor issue)
CVE-2009-3287 (lib/thin/connection.rb in Thin web server before 1.2.4 relies on the ...)
- thin 1.2.4-1 (low)
@@ -4723,8 +4712,7 @@
{DSA-1942-1}
- wireshark 1.2.2-1 (low; bug #547704)
[etch] - wireshark <not-affected> (Only affects >= 0.99.6)
- [lenny] - wireshark <no-dsa> (Minor issue, targeted for next point release)
- TODO: next point release: [lenny] - wireshark 1.0.2-3+lenny6
+ [lenny] - wireshark 1.0.2-3+lenny6
CVE-2009-3240 (Cross-site scripting (XSS) vulnerability in the Happy Linux XF-Section ...)
NOT-FOR-US: module for XOOPS
CVE-2009-3239
@@ -4922,8 +4910,7 @@
[etch] - libaws <no-dsa> (minor issue)
[lenny] - libaws <no-dsa> (minor issue)
- libjson-ruby 1.1.4-1 (low; bug #555223)
- [lenny] - libjson-ruby <no-dsa> (minor issue)
- TODO: next point release [lenny] - libjson-ruby 1.1.2-1+lenny1
+ [lenny] - libjson-ruby 1.1.2-1+lenny1
- lucene2 2.9.1+ds1-2 (unimportant; bug #555225)
[etch] - lucene2 <not-affected> (prototype.js not present)
NOTE: prototype.js copy unused per #555225
@@ -5271,8 +5258,7 @@
{DSA-1934-1}
- apache2 2.2.13-2 (low; bug #545951)
[etch] - apache2 <no-dsa> (minor issue)
- [lenny] - apache2 <no-dsa> (minor issue)
- TODO: scheduled for 5.0.4: [lenny] - apache2 2.2.9-10+lenny5 (low; bug #545951)
+ [lenny] - apache2 2.2.9-10+lenny5 (low; bug #545951)
NOTE: The attacker needs to have valid credentials for the FTP server, which
NOTE: makes this irrelevant in most cases.
TODO: check
@@ -5283,8 +5269,7 @@
{DSA-1934-1}
- apache2 2.2.13-2 (low; bug #545951)
[etch] - apache2 <no-dsa> (minor issue)
- [lenny] - apache2 <no-dsa> (minor issue)
- TODO: scheduled for 5.0.4: [lenny] - apache2 2.2.9-10+lenny5 (low; bug #545951)
+ [lenny] - apache2 2.2.9-10+lenny5 (low; bug #545951)
CVE-2009-3093 (Unspecified vulnerability on the ASUS WL-500W wireless router has ...)
NOT-FOR-US: ASUS WL-500W
CVE-2009-3092 (Buffer overflow on the ASUS WL-500W wireless router has unknown impact ...)
@@ -5697,8 +5682,7 @@
NOT-FOR-US: Android
CVE-2009-XXXX [serveez: buffer overflow in header parser]
- serveez <removed> (low)
- [lenny] - serveez <no-dsa> (Fringe package, mostly unused)
- TODO: next point release [lenny] - serveez 0.1.5-2.1+lenny1
+ [lenny] - serveez 0.1.5-2.1+lenny1
[etch] - serveez <no-dsa> (Fringe package, mostly unused)
TODO: next point release [etch] - serveez 0.1.5-2+etch1
CVE-2009-2998 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...)
@@ -5934,8 +5918,7 @@
- devscripts 2.10.54
CVE-2009-2945 (weblogin/login.fcgi (aka the WebLogin login script) in Stanford ...)
- webauth 3.6.2-1 (low)
- [lenny] - webauth <no-dsa> (Minor issue, maintainer prepares update for spu)
- TODO: next point update: [lenny] - webauth 3.6.0-1+lenny1
+ [lenny] - webauth 3.6.0-1+lenny1
[etch] - webauth <not-affected> (Vulnerable code not present)
CVE-2009-2944 (Incomplete blacklist vulnerability in the teximg plugin in ikiwiki ...)
{DSA-1875-1}
@@ -5964,8 +5947,7 @@
[lenny] - planet <no-dsa> (Minor issue)
[etch] - planet <no-dsa> (Minor issue)
- planet-venus 0~bzr116-1 (low; bug #546179)
- [lenny] - planet-venus <no-dsa> (Minor issue)
- TODO: next point update [lenny] - planet-venus 0~bzr95-2+lenny1
+ [lenny] - planet-venus 0~bzr95-2+lenny1
[etch] - planet-venus <no-dsa> (Minor issue)
CVE-2009-2936
RESERVED
@@ -6186,8 +6168,7 @@
CVE-2009-3369 (CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in ...)
- backuppc 3.1.0-8 (low; bug #542218)
[etch] - backuppc <not-affected> (No configuration GUI)
- [lenny] - backuppc <no-dsa> (Requires access)
- TODO: next point release: [lenny] - backuppc 3.1.0-4lenny2
+ [lenny] - backuppc 3.1.0-4lenny2
CVE-2009-XXXX [burn: Insecure escaping of file names]
- burn 0.4.5-1 (low; bug #542329)
[lenny] - burn 0.4.3-2.1+lenny1
@@ -6879,8 +6860,7 @@
- xscreensaver 5.05-3+nmu1 (low; bug #539699)
TODO: request CVE id
[etch] - xscreensaver <not-affected> (vulnerable code not present)
- [lenny] - xscreensaver <no-dsa> (Minor issue)
- TODO: next point release [lenny] - xscreensaver 5.05-3+lenny1
+ [lenny] - xscreensaver 5.05-3+lenny1
CVE-2009-2626 (The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, ...)
{DSA-1940-1}
- php5 5.2.11.dfsg.1-1 (low; bug #540605)
@@ -7247,8 +7227,7 @@
RESERVED
CVE-2009-2620 (src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before ...)
- firebird2.0 2.0.5.13206-0.ds2-4 (low; bug #539477)
- [lenny] - firebird2.0 <no-dsa> (Minor issue)
- TODO: next point update: [lenny] - firebird2.0 2.0.4.13130-1.ds1-4+lenny1
+ [lenny] - firebird2.0 2.0.4.13130-1.ds1-4+lenny1
- firebird2.1 2.1.2.18118-0.ds1-4 (low; bug #539478)
CVE-2009-2619 (SQL injection vulnerability in login.asp in DataCheck Solutions ...)
NOT-FOR-US: DataCheck Solutions V-SpacePal
@@ -7415,8 +7394,7 @@
CVE-2009-2562 (Unspecified vulnerability in the AFS dissector in Wireshark 0.9.2 ...)
{DSA-1942-1}
- wireshark 1.2.1-1 (low; bug #538237)
- [lenny] - wireshark <no-dsa> (Minor issue, targeted for lenny point update)
- TODO: next point release: [lenny] - wireshark 1.0.2-3+lenny6
+ [lenny] - wireshark 1.0.2-3+lenny6
[etch] - wireshark <no-dsa> (Minor issue)
CVE-2009-2561 (Unspecified vulnerability in the sFlow dissector in Wireshark 1.2.0 ...)
- wireshark 1.2.1-1 (bug #538237)
@@ -7569,8 +7547,7 @@
NOT-FOR-US: Microsoft Visual Studio .NET
CVE-2009-2492 (Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart ...)
- movabletype-opensource 4.2.6.1-1 (low; bug #537935)
- [lenny] - movabletype-opensource <no-dsa> (Minor information disclosure)
- TODO: next point update: [lenny] - movabletype-opensource 4.2.3-1+lenny1
+ [lenny] - movabletype-opensource 4.2.3-1+lenny1
CVE-2009-4589 (Cross-site scripting (XSS) vulnerability in the Special:Block ...)
- mediawiki 1:1.15.0-1.1 (low; bug #537634)
- mediawiki1.7 <removed>
@@ -9469,8 +9446,7 @@
CVE-2009-1829 (Unspecified vulnerability in the PCNFSD dissector in Wireshark 0.8.20 ...)
{DSA-1942-1}
- wireshark 1.0.8-1 (low; bug #533347)
- [lenny] - wireshark <no-dsa> (Minor issue, targeted for lenny point update)
- TODO: next point release: [lenny] - wireshark 1.0.2-3+lenny6
+ [lenny] - wireshark 1.0.2-3+lenny6
[etch] - wireshark <no-dsa> (Minor issue)
CVE-2009-1808 (Microsoft Windows XP SP3 allows local users to cause a denial of ...)
NOT-FOR-US: Microsoft
@@ -11143,8 +11119,7 @@
CVE-2009-1284 (Buffer overflow in BibTeX 0.99 allows context-dependent attackers to ...)
- texlive-bin 2009-1 (low; bug #520920)
[etch] - texlive-bin <no-dsa> (Minor issue)
- [lenny] - texlive-bin <no-dsa> (Minor issue)
- TODO: next point release: [lenny] - texlive-bin 2007.dfsg.2-4+lenny2
+ [lenny] - texlive-bin 2007.dfsg.2-4+lenny2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=492136
CVE-2009-1283 (glFusion before 1.1.3 performs authentication with a user-provided ...)
NOT-FOR-US: glFusion
@@ -45141,7 +45116,7 @@
- galeon <unfixed> (unimportant; bug #556270)
- kazehakase 0.5.8-2 (unimportant; bug #556271)
TODO: next point release: [etch] - kazehakase 0.4.2-1etch2
- TODO: next point release: [lenny] - kazehakase 0.5.4-2lenny1
+ [lenny] - kazehakase 0.5.4-2lenny1
- conkeror <not-affected> (doesn't support bookmarks)
- webkit <not-affected> (doesn't support javascript embedded in bookmarks)
CVE-2007-1083 (Buffer overflow in the Configuration Checker (ConfigChk) ActiveX ...)
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2010-01-30 19:03:23 UTC (rev 13973)
+++ data/spu-candidates.txt 2010-01-30 19:11:22 UTC (rev 13974)
@@ -32,12 +32,6 @@
--
-backuppc (CVE-2009-3369)
-#542218
-notified maintainer
-
---
-
bugzilla (CVE-2009-0481 to CVE-2009-0485)
notified maintainer
@@ -99,18 +93,6 @@
--
-firebird2.0 (CVE-2009-2620)
-#539477
-notified maintainer
-
---
-
-glib2.0 (CVE-2009-3289)
-https://bugzilla.gnome.org/show_bug.cgi?id=593406
-notified maintainer
-
---
-
libgnucrypto-java (CVE-2008-5659)
#559789
@@ -227,12 +209,6 @@
--
-movabletype-opensource (CVE-2009-2492)
-#537935
-notified maintainer
-
---
-
mpg123 (CVE-2009-1301)
notified maintainer
More information about the Secure-testing-commits
mailing list