[Secure-testing-commits] r15022 - data/CVE
Nico Golde
nion at alioth.debian.org
Sun Jul 25 18:14:11 UTC 2010
Author: nion
Date: 2010-07-25 18:14:05 +0000 (Sun, 25 Jul 2010)
New Revision: 15022
Modified:
data/CVE/list
Log:
- CVE-2010-2490 fixed in mumble 1.2.2-4, bug has been assigned
- bozohttpd bug filed
- wget bug filed
- CVE-2010-1622 fixed in libspring-2.5-java 2.5.6.SEC02-1
- CVE-2010-0825/emacs22 bug filed, emacs23 has been fixed in 23.2+1-1
- camserv removal requested
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-07-24 20:42:21 UTC (rev 15021)
+++ data/CVE/list 2010-07-25 18:14:05 UTC (rev 15022)
@@ -815,9 +815,8 @@
TODO: check
CVE-2010-2490 [murmur DoS via malformed client query]
RESERVED
- - mumble <unfixed> (low)
+ - mumble 1.2.2-4 (bug #587713)
[lenny] - mumble <no-dsa> (Minor issue)
- TODO: File bug
- qt4-x11 <undetermined> (low; bug #587713)
NOTE: unclear whether is qt's or sqlite's fault
CVE-2010-2489 (Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow ...)
@@ -1197,9 +1196,8 @@
NOTE: of the weird CVE assignments on this one
CVE-2010-2320 [information disclosure: existing vs non-existing users]
RESERVED
- - bozohttpd <unfixed> (low)
+ - bozohttpd <unfixed> (low; bug #590298)
[lenny] - bozohttpd <no-dsa> (Minor information leak)
- TODO: File bug
CVE-2010-2319 (SQL injection vulnerability in index.php in IDevSpot TextAds 2.08 ...)
NOT-FOR-US: IDevSpot TextAds
CVE-2010-2318 (Cross-site scripting (XSS) vulnerability in cms_data.php in ...)
@@ -1412,7 +1410,7 @@
- libwww-perl 5.835-1 (low)
[lenny] - libwww-perl <no-dsa> (Minor issue)
CVE-2010-2252 (GNU Wget 1.12 and earlier uses a server-provided filename instead of ...)
- - wget <unfixed>
+ - wget <unfixed> (low; bug #590296)
CVE-2010-2251 (The get1 command, as used by lftpget, in LFTP before 4.0.6 does not ...)
- lftp 4.0.6-1 (low)
[lenny] - lftp <no-dsa> (Minor issue)
@@ -1550,9 +1548,8 @@
RESERVED
CVE-2010-2195 [bozohttpd DoS through code miscompilation]
RESERVED
- - bozohttpd <unfixed>
+ - bozohttpd <unfixed> (low; bug #590298)
[lenny] - bozohttpd <not-affected> (Only affects 20090522 to 20100512)
- TODO: File bug
CVE-2010-2194
RESERVED
CVE-2010-2193 (Multiple unspecified vulnerabilities in the CA (1) PSFormX and (2) ...)
@@ -3029,7 +3026,7 @@
CVE-2010-1623
RESERVED
CVE-2010-1622 (SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before ...)
- - libspring-2.5-java
+ - libspring-2.5-java 2.5.6.SEC02-1 (medium)
CVE-2010-1621 (The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL ...)
- mysql-5.1 5.1.46-1
- mysql-dfsg-5.0 <not-affected> (Vulnerable code not present)
@@ -5466,13 +5463,12 @@
- emacs21 <removed> (low)
[lenny] - emacs21 <no-dsa> (Minor issue)
NOTE: Only exploitable when configured as setgid mail, which isn't set by default
- - emacs22 <unfixed> (low)
+ - emacs22 <unfixed> (low; bug #590301)
[lenny] - emacs22 <no-dsa> (Minor issue)
- xemacs21 <unfixed> (low)
[lenny] - xemacs21 <no-dsa> (Minor issue)
[lenny] - xmacs21 <no-dsa> (Minor issue)
- - emacs23 <unfixed> (low)
- TODO: check and file bugs, can still be fixed through spus by the maintainers
+ - emacs23 23.2+1-1 (low)
CVE-2009-4664 (Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, ...)
- fwbuilder 3.0.7-1 (bug #547390; medium)
[lenny] - fwbuilder <not-affected> (only versions 3.0.4, 3.0.5 and 3.0.6 are affected)
@@ -6810,10 +6806,6 @@
- postgresql-8.2 <removed>
- postgresql-8.3 <removed> (low; bug #567058)
- postgresql-8.4 8.4.3-1
-CVE-2010-XXXX [bozohttpd DoS on incomplete requests]
- - bozohttpd 20090522-2 (low; bug #566325)
- [lenny] - bozohttpd <no-dsa> (Minor issue)
- [etch] - bozohttpd <no-dsa> (Minor issue)
CVE-2010-2444 (parse/Csv2_parse.c in MaraDNS 1.3.03, and other versions before ...)
- maradns 1.4.03-1 (low; bug #584587)
[lenny] - maradns <no-dsa> (minor issue)
@@ -10156,6 +10148,7 @@
- arts <not-affected> (Uses absolute path to the sound backend)
- bochs <not-affected> (additional hardening in this package prevents this type of attack; bug #559799)
- camserv <unfixed> (low; bug #559800)
+ NOTE: requested camserv removal
[lenny] - camserv <no-dsa> (Minor issue)
[etch] - camserv <no-dsa> (Minor issue)
- collectd 4.8.2-1 (low; bug #559801)
More information about the Secure-testing-commits
mailing list