[Secure-testing-commits] r14974 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Sat Jul 10 15:47:45 UTC 2010 

Author: jmm-guest
Date: 2010-07-10 15:47:43 +0000 (Sat, 10 Jul 2010)
New Revision: 14974

Modified:
   data/CVE/list
Log:
- mediawiki no-dsa
- maradns fixed
- mumble no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-07-10 08:16:42 UTC (rev 14973)
+++ data/CVE/list	2010-07-10 15:47:43 UTC (rev 14974)
@@ -370,10 +370,11 @@
 	TODO: check
 CVE-2010-2490 [murmur DoS via malformed client query]
 	RESERVED
+	- mumble <unfixed> (low)
+	[lenny] - mumble <no-dsa> (Minor issue)
+        TODO: File bug
 	- qt4-x11 <undetermined> (low; bug #587713)
-	- sqlite3 <undetermined>
 	NOTE: unclear whether is qt's or sqlite's fault
-	TODO: check
 CVE-2010-2489 [ruby buffer overflow on Windows]
 	RESERVED
 	- ruby1.8 <not-affected> (Windows-specific)
@@ -2498,9 +2499,11 @@
 	NOT-FOR-US: Joomla
 CVE-2010-1648 (Cross-site request forgery (CSRF) vulnerability in the login interface ...)
 	- mediawiki 1.15.4-1 (bug #585918; low)
+	[lenny] - mediawiki <no-dsa> (Minor issue)
 	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
 CVE-2010-1647 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.15 before ...)
 	- mediawiki 1.15.4-1 (bug #585918; low)
+	[lenny] - mediawiki <no-dsa> (Minor issue)
 	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
 CVE-2010-1646 (The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and ...)
 	{DSA-2062-1}
@@ -6358,10 +6361,9 @@
 	[lenny] - bozohttpd <no-dsa> (Minor issue)
 	[etch] - bozohttpd <no-dsa> (Minor issue)
 CVE-2010-2444 (parse/Csv2_parse.c in MaraDNS 1.3.03, and other versions before ...)
-	- maradns <unfixed> (low; bug #584587)
+	- maradns 1.4.03-1 (low; bug #584587)
 	[lenny] - maradns <no-dsa> (minor issue)
 	[etch] - maradns <not-affected> (vulnerable code introduced in 1.3.03)
-	NOTE: http://maradns.org/download/maradns-1.4.02-parse_segfault.patch
 CVE-2010-XXXX [sqlite: info leak]
 	- sqlite3 3.6.21-1 (low; bug #566326)
 	[lenny] - sqlite3 <no-dsa> (Minor information leak)

More information about the Secure-testing-commits mailing list