[Secure-testing-commits] r15062 - in data: . CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Thu Jul 29 17:33:37 UTC 2010 

Author: jmm-guest
Date: 2010-07-29 17:33:35 +0000 (Thu, 29 Jul 2010)
New Revision: 15062

Added:
   data/next-point-update.txt
Modified:
   data/CVE/list
Log:
- move the scheduled spu uploads to a separate file, they distract from the real TODOs
- remove some historic TODOs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-07-29 15:59:26 UTC (rev 15061)
+++ data/CVE/list	2010-07-29 17:33:35 UTC (rev 15062)
@@ -893,7 +893,6 @@
 	RESERVED
 	- git-core 1:1.7.1-1.1 (low; bug #590026)
 	[lenny] - git-core <no-dsa> (Minor issue)
-	TODO: next point update [lenny] - git-core 1:1.5.6.5-3+lenny4.1
 CVE-2010-2541
 	RESERVED
 CVE-2010-2540
@@ -927,7 +926,6 @@
 CVE-2010-2529 (Unspecified vulnerability in ping.c in iputils 20020927, 20070202, ...)
 	- iputils 3:20100418-2
 	[lenny] - iputils <no-dsa> (Minor issue)
-	TODO: next point update: [lenny] - iputils 3:20071127-1+lenny1
 CVE-2010-2528 [pidgin]
 	RESERVED
 	- pidgin 2.7.2-1
@@ -2090,7 +2088,6 @@
 CVE-2010-2074 (istream.c in w3m 0.5.2 and possibly other versions, when ...)
 	- w3m 0.5.2-5 (low; bug #587445)
 	[lenny] - w3m <no-dsa> (Minor issue)
-	TODO: next point release: [lenny] - w3m 0.5.2-2+lenny1
 CVE-2010-2073 (auth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames and ...)
 	- pyftpd 0.8.5 (low; bug #585776)
 	[lenny] - pyftpd 0.8.4.6+lenny1
@@ -6804,7 +6801,6 @@
 CVE-2010-0463 (Horde IMP 4.3.6 and earlier does not request that the web browser ...)
 	- imp4 4.3.7+debian0-2 (low; bug #569661)
 	[lenny] - imp4 <no-dsa> (Minor issue)
-	TODO: next point update: [lenny] - imp4 4-2_4-2lenny2
 CVE-2010-0462 (Heap-based buffer overflow in IBM DB2 9.7 and 9.7.1 on Linux allows ...)
 	NOT-FOR-US: IBM DB2
 CVE-2010-0461 (SQL injection vulnerability in the casino (com_casino) component 1.0 ...)
@@ -10352,11 +10348,11 @@
 	- mutt <not-affected> (uses GnuTLS and not OpenSSL)
 	NOTE: our mutt is linked against gnutls
 CVE-2009-3764 (Unspecified vulnerability in the OpenSSO component in Oracle OpenSSO ...)
-	TODO: check
+	NOT-FOR-US: Oracle OpenSSO
 CVE-2009-3763 (Unspecified vulnerability in the Access Manager / OpenSSO component in ...)
-	TODO: check
+	NOT-FOR-US: Oracle OpenSSO
 CVE-2009-3762 (Unspecified vulnerability in Oracle OpenSSO Enterprise 8.0 allows ...)
-	TODO: check
+	NOT-FOR-US: Oracle OpenSSO
 CVE-2009-3761
 	RESERVED
 CVE-2009-3760 (Static code injection vulnerability in config/writeconfig.php in the ...)
@@ -17523,7 +17519,7 @@
 CVE-2009-1565 (vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 ...)
 	NOT-FOR-US: VMware Movie Decoder
 CVE-2009-1564 (Heap-based buffer overflow in vmnc.dll in the VMnc media codec in ...)
-	TODO: VMware products
+	NOT-FOR-US: VMwar
 CVE-2009-1563
 	REJECTED
 CVE-2009-1562
@@ -43324,7 +43320,6 @@
 	- libarchive-tar-perl 1.38-1 (low; bug #449544)
 	[sarge] - libarchive-tar-perl <no-dsa> (Minor issue)
 	[etch] - libarchive-tar-perl <no-dsa> (Minor issue)
-	TODO: next point release [etch] - libarchive-tar-perl 1.38-3~etch1
 CVE-2007-4828 (Cross-site scripting (XSS) vulnerability in the API pretty-printing ...)
 	- mediawiki 1.10.2-1 (low; bug #442255)
 	[etch] - mediawiki <not-affected> (Does not include the vulnerable code)
@@ -49280,7 +49275,6 @@
 	[lenny] - knowledgeroot <not-affected> (Uses the prototype.js copy from scriptaculous)
 	- mt-daapd 0.9~r1696.dfsg-6 (low; bug #555231)
 	[etch] - mt-daapd <no-dsa> (minor issue)
-	TODO:	[etch] - mt-daapd 0.2.4+r1376-1.1+etch3
 	- mediatomb 0.11.0-3 (low; bug #555232)
 	- op-panel 0.30~dfsg-1 (low; bug #555234)
 	- ebug-http 0.31-2.1 (low; bug #555235)
@@ -52602,7 +52596,6 @@
 	NOTE: only epiphany-gecko backend affected
 	- galeon 2.0.7-2 (unimportant; bug #556270)
 	- kazehakase 0.5.8-2 (bug #556271)
-	TODO: next point release: [etch] - kazehakase 0.4.2-1etch2
 	[lenny] - kazehakase 0.5.4-2lenny1
 	- conkeror <not-affected> (doesn't support bookmarks)
 	- webkit <not-affected> (doesn't support javascript embedded in bookmarks)
@@ -60290,7 +60283,6 @@
 CVE-2006-4799 (Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow ...)
 	{DSA-1215}
 	- xine-lib 1.1.2-1 (bug #369876; medium)
-	TODO: When was ffmpeg fixed?
 	NOTE: according to the changelog, libxine (starting from 1.1.2-4) links dynamically against ffmpeg
 CVE-2006-4798 (SQL-Ledger before 2.4.4 stores a password in a query string, which ...)
 	- sql-ledger 2.4.5-1
@@ -66728,7 +66720,6 @@
 	[etch] - liferea <no-dsa> (Minor issue)
 	- blam 1.8.4-1 (low)
 	[etch] - blam <no-dsa> (Minor issue)
-	TODO: check all packages
 	NOTE: lintian bug filed: #451559
 CVE-2005-4790 (Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and ...)
 	- tomboy 0.8.1-2 (low)
@@ -71796,7 +71787,6 @@
 	NOTE: uses the system copy of tinymce and the exact fixed version is not
 	NOTE: really determinably anymore
 CVE-2005-4599 (Cross-site scripting (XSS) vulnerability in tiny_mce_gzip.php in ...)
-	TODO: check wordpress, moodle
 	- knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
 CVE-2005-4598 (Cross-site scripting (XSS) vulnerability in home.php in OoApp ...)
 	NOT-FOR-US: OoApp Guestbook
@@ -73887,7 +73877,6 @@
 	NOTE: of saxon are aware of this. A warning has been added to the readme.
 	NOTE: Current rdependencies:
 	- ooo2dbk <not-affected> (uses it's own xslt unless overridden by command line arg)
-	TODO: check zope-zms (stef-guest: pinged maintainers)
 CVE-2005-3756 (Google Mini Search Appliance, and possibly Google Search Appliance, ...)
 	NOT-FOR-US: Google search appliance
 CVE-2005-3755 (Directory traversal vulnerability in Google Mini Search Appliance, and ...)
@@ -77037,7 +77026,6 @@
 CVE-2005-2734 (Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and ...)
 	{DSA-1148-1}
 	- gallery 1.5-2 (bug #325285; medium)
-	TODO: check gallery2
 CVE-2005-2733 (upload_img_cgi.php in Simple PHP Blog (SPHPBlog) does not properly ...)
 	NOT-FOR-US: Simple PHP Blog
 CVE-2005-2732 (AWStats 6.4, and possibly earlier versions, allows remote attackers to ...)
@@ -83288,7 +83276,6 @@
 CVE-2005-1316 (Cross-site scripting (XSS) vulnerability in Horde Accounts module ...)
 	- sork-accounts 2.1.2-1
 CVE-2005-1315 (Cross-site scripting (XSS) vulnerability in Horde Turba module before ...)
-	TODO: Maintainer wanted to check whether turba2 needs fixing as well, re-check with him
 	- turba 1.2.5-1
 CVE-2005-1314 (Cross-site scripting (XSS) vulnerability in Horde Kronolith module ...)
 	- kronolith 1.1.4-1

Added: data/next-point-update.txt
===================================================================
--- data/next-point-update.txt	                        (rev 0)
+++ data/next-point-update.txt	2010-07-29 17:33:35 UTC (rev 15062)
@@ -0,0 +1,12 @@
+CVE-2010-2242
+	[lenny] - libvirt 0.4.6-10+lenny1
+CVE-2010-2542
+	[lenny] - git-core 1:1.5.6.5-3+lenny4.1
+CVE-2010-2529
+	[lenny] - iputils 3:20071127-1+lenny1
+CVE-2010-2074
+	[lenny] - w3m 0.5.2-2+lenny1
+CVE-2010-0463
+	[lenny] - imp4 4-2_4-2lenny2
+
+

More information about the Secure-testing-commits mailing list