[Secure-testing-commits] r15004 - in data: . CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Tue Jul 20 06:22:41 UTC 2010 

Author: jmm-guest
Date: 2010-07-20 06:22:33 +0000 (Tue, 20 Jul 2010)
New Revision: 15004

Modified:
   data/CVE/list
   data/problematic-packages
Log:
- some packages are properly maintained or removed by now
- mlmmj fixed
- new rpcbind issue (fixed)
- tomcat fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-07-19 21:15:09 UTC (rev 15003)
+++ data/CVE/list	2010-07-20 06:22:33 UTC (rev 15004)
@@ -1144,7 +1144,7 @@
 	RESERVED
 CVE-2009-4896
 	RESERVED
-	- mlmmj <unfixed> (bug #588038)
+	- mlmmj 1.2.17-1.1 (bug #588038)
 CVE-2010-2294 (Cross-site request forgery (CSRF) vulnerability in Plume CMS 1.2.4 and ...)
 	NOT-FOR-US: Plume CMS
 CVE-2010-2293 (The Ping tools web interface in Dlink Di-604 router allows remote ...)
@@ -1327,7 +1327,7 @@
 	- moodle 1.9.9-1 (bug #586280)
 CVE-2010-2227 (Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 ...)
 	- tomcat5 <removed>
-	- tomcat6 <unfixed> (bug filed)
+	- tomcat6 6.0.28-1 (bug #588813)
 CVE-2010-2226 [xfs SWAPEXT ioctl permissions bypass]
 	RESERVED
 	- linux-2.6 <unfixed>
@@ -1757,6 +1757,7 @@
 	NOTE: DSA-2043 and DSA-2044
 CVE-2010-2061
 	RESERVED
+	- rpcbind 0.2.0-4.1
 CVE-2010-2060 (The put command functionality in beanstalkd 1.4.5 and earlier allows ...)
 	- beanstalkd 1.4.6-1 (unimportant; bug #585162)
 	NOTE: Package description reads: "Beanstalkd is meant to be ran in a trusted network,
@@ -11736,7 +11737,7 @@
 	[lenny] - glpi <no-dsa> (minor issue)
 	- knowledgeroot 0.9.9.5-1 (low; bug #555229)
 	[etch] - knowledgeroot <no-dsa> (minor issue)
-	[lenny] - knowledgeroot <no-dsa> (minor issue)
+	[lenny] - knowledgeroot <not-affected> (Vulnerable code not present)
 	- mt-daapd 0.9~r1696.dfsg-6 (low; bug #555231)
 	[etch] - mt-daapd 0.2.4+r1376-1.1+etch3
 	- mediatomb 0.12.0~svn2018-5 (low; bug #555232)

Modified: data/problematic-packages
===================================================================
--- data/problematic-packages	2010-07-19 21:15:09 UTC (rev 15003)
+++ data/problematic-packages	2010-07-20 06:22:33 UTC (rev 15004)
@@ -11,42 +11,7 @@
 Only one upload, maintainer has no other packages.
 pinged maintainer on 2009-11-29, maintainer reacted promptly
 
-----
-
-bugzilla: (Nov 2009)
-Maintainer active again, package is still quite old, though 3.2
-
-----
-
-jasper (June 2009)
-A security fix was dropped in a later upload, no followup on
-the respective bug for three weeks as of 2009-06-02.
-
-----
-
-libapache-mod-jk (May 2009)
-Group maintained by Java Team, but no reply to RC security bug
-#523054 for six weeks as of 2009-05-18.
-
-----
-
-xpdf: (Nov 2009)
-No maintainer upload for two years, frequent security issues.
-Removed from Squeeze, remaining packages using xpdf-* have been
-NMUed to use poppler
-
-----
-
-swftools: (Nov 2009)
-Similar situation as with xpdf (it embeds a copy of xpdf).
-Removed from squeeze, no maintainer response in more than three months.
-
 ---
 
-polipo (Dec 2009)
-maintainer seems inactive
-
----
-
 libmikmod (Mar 2010)
 maintainer seems MIA, latest upload in 2004

More information about the Secure-testing-commits mailing list