[Secure-testing-commits] r15079 - in data: CVE NMU

Nico Golde nion at alioth.debian.org
Sat Jul 31 14:26:08 UTC 2010 

Author: nion
Date: 2010-07-31 14:26:07 +0000 (Sat, 31 Jul 2010)
New Revision: 15079

Modified:
   data/CVE/list
   data/NMU/list
Log:
CVE-2010-1448, CVE-2010-1625, CVE-2009-4497 will be fixed in lxr-cvs 0.9.5+cvs20071020-1.1
CVE-2010-1738 looks like a dupe of CVE-2010-1448, asking for lxr deletion, this package/code is a mess



Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-07-31 12:05:10 UTC (rev 15078)
+++ data/CVE/list	2010-07-31 14:26:07 UTC (rev 15079)
@@ -3009,6 +3009,7 @@
 CVE-2010-1738 (Cross-site scripting (XSS) vulnerability in lib/LXR/Common.pm in LXR ...)
 	- lxr <unfixed> (low; bug #585411)
 	- lxr-cvs <unfixed> (low; bug #585412)
+	NOTE: looks like a dupe of CVE-2010-1448 to me, checked back with oss-sec
 CVE-2010-1737 (PHP remote file inclusion vulnerability in ...)
 	NOT-FOR-US: Gallo
 CVE-2010-1736 (KrM Haber 1.0 stores sensitive information under the web root with ...)
@@ -3296,8 +3297,8 @@
 	- mysql-dfsg-5.0 <removed> (low; bug #584400)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=553648
 CVE-2010-1625 (Cross-site scripting (XSS) vulnerability in LXR Cross Referencer ...)
-	- lxr <unfixed> (bug #588138)
-	- lxr-cvs <unfixed> (bug #588137)
+	- lxr <unfixed> (low; bug #588138)
+	- lxr-cvs 0.9.5+cvs20071020-1.1 (low; bug #588137)
 CVE-2010-1624 (The msn_emoticon_msg function in slp.c in the MSN protocol plugin in ...)
 	- pidgin 2.7.0-1 (low)
 	[lenny] - pidgin 2.4.3-4lenny6
@@ -3866,7 +3867,7 @@
 	- python2.4 <removed> (low)
 	[lenny] - python2.4 <no-dsa> (Minor issue)
 CVE-2010-1448 (Cross-site scripting (XSS) vulnerability in lib/LXR/Common.pm in LXR ...)
-	- lxr-cvs <unfixed> (bug #588036)
+	- lxr-cvs 0.9.5+cvs20071020-1.1 (low; bug #588036)
 	TODO: prod maintainer (and find out why we have lxr and lxr-cvs)
 CVE-2010-1447 (The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for ...)
 	{DSA-2051-1}
@@ -8154,7 +8155,7 @@
 CVE-2009-4498 (The node_process_command function in Zabbix Server before 1.8 allows ...)
 	- zabbix 1:1.8-1 (bug #562613)
 CVE-2009-4497 (Cross-site scripting (XSS) vulnerability in LXR Cross Referencer 0.9.5 ...)
-	- lxr-cvs <unfixed> (bug #575745)
+	- lxr-cvs 0.9.5+cvs20071020-1.1 (low; bug #575745)
 	NOTE: http://sourceforge.net/mailarchive/forum.php?thread_name=E1NS2s4-0001PE-F2@3bkjzd1.ch3.sourceforge.com&forum_name=lxr-developer
 CVE-2009-4496 (Boa 0.94.14rc21 writes data to a log file without sanitizing ...)
 	- boa <unfixed> (unimportant)

Modified: data/NMU/list
===================================================================
--- data/NMU/list	2010-07-31 12:05:10 UTC (rev 15078)
+++ data/NMU/list	2010-07-31 14:26:07 UTC (rev 15079)
@@ -203,3 +203,4 @@
 2010-06-20 libnids 1.23-1.2
 2010-06-20 netpbm-free 2:10.0-12.2
 2010-07-30 xemacs21 21.4.22-3.1
+2010-07-31 lxr-cvs 0.9.5+cvs20071020-1.1

More information about the Secure-testing-commits mailing list