[Secure-testing-commits] r14842 - in data: . CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Wed Jun 9 21:47:47 UTC 2010 

Author: jmm-guest
Date: 2010-06-09 21:47:47 +0000 (Wed, 09 Jun 2010)
New Revision: 14842

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
python no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-06-09 21:40:40 UTC (rev 14841)
+++ data/CVE/list	2010-06-09 21:47:47 UTC (rev 14842)
@@ -1379,11 +1379,13 @@
 	- samba <unfixed> (unimportant)
 	NOTE: Only crashes a single connection, not the entire smbd
 CVE-2010-1634 (Multiple integer overflows in audioop.c in the audioop module in ...)
-	- python3.1 <unfixed>
-	- python2.7 <unfixed>
-	- python2.6 <unfixed>
-	- python2.5 <unfixed>
-	- python2.4 <removed>
+	- python3.1 <unfixed> (low)
+	- python2.7 <unfixed> (low)
+	- python2.6 <unfixed> (low)
+	- python2.5 <unfixed> (low)
+	[lenny] - python2.5 <no-dsa> (Minor issue)
+	- python2.4 <removed> (low)
+	[lenny] - python2.4 <no-dsa> (Minor issue)
 CVE-2010-1633 (RSA verification recovery in the EVP_PKEY_verify_recover function in ...)
 	- openssl <not-affected> (This bug is only present in OpenSSL 1.0.0)
 	TODO: recheck once >= 1.0.0 gets uploaded        
@@ -1961,14 +1963,18 @@
 	- python3.1 <not-affected> (rgbimgmodule no longer included in source)
 	- python2.7 <not-affected> (rgbimgmodule no longer included in source)
 	- python2.6 <not-affected> (rgbimgmodule no longer included in source)
-	- python2.5 <unfixed>
-	- python2.4 <removed>
+	- python2.5 <unfixed> (low)
+	[lenny] - python2.5 <no-dsa> (Minor issue)
+	- python2.4 <removed> (low)
+	[lenny] - python2.4 <no-dsa> (Minor issue)
 CVE-2010-1449 (Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 ...)
 	- python3.1 <not-affected> (rgbimgmodule no longer included in source)
 	- python2.7 <not-affected> (rgbimgmodule no longer included in source)
 	- python2.6 <not-affected> (rgbimgmodule no longer included in source)
-	- python2.5 <unfixed>
-	- python2.4 <removed>
+	- python2.5 <unfixed> (low)
+	[lenny] - python2.5 <no-dsa> (Minor issue)
+	- python2.4 <removed> (low)
+	[lenny] - python2.4 <no-dsa> (Minor issue)
 CVE-2010-1448 [lxr XSS on the search page]
 	RESERVED
 	- lxr-cvs <unfixed>
@@ -7293,8 +7299,10 @@
 	- python3.1 <not-affected> (rgbimgmodule no longer included in source)
 	- python2.7 <not-affected> (rgbimgmodule no longer included in source)
 	- python2.6 <not-affected> (rgbimgmodule no longer included in source)
-	- python2.5 <unfixed>
-	- python2.4 <removed>
+	- python2.5 <unfixed> (low)
+	[lenny] - python2.5 <no-dsa> (Minor issue)
+	- python2.4 <removed> (low)
+	[lenny] - python2.4 <no-dsa> (Minor issue)
 CVE-2009-4133 (Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for ...)
 	- condor <itp> (bug #233482)
 CVE-2009-4132

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2010-06-09 21:40:40 UTC (rev 14841)
+++ data/spu-candidates.txt	2010-06-09 21:47:47 UTC (rev 14842)
@@ -406,8 +406,18 @@
 #560914
 notified maintainer
 
+
 --
 
+python2.4 (CVE-2010-2089, CVE-2010-1634, CVE-2010-1450, CVE-2010-1449, CVE-2009-4134)
+
+
+--
+
+python2.5 (CVE-2010-2089, CVE-2010-1634, CVE-2010-1450, CVE-2010-1449, CVE-2009-4134)
+
+--
+
 rails (CVE-2009-3086)
 bug #545063
 notified maintainer

More information about the Secure-testing-commits mailing list