[Secure-testing-commits] r14851 - in data: CVE DSA

Nico Golde nion at alioth.debian.org
Thu Jun 10 14:56:11 UTC 2010 

Author: nion
Date: 2010-06-10 14:56:08 +0000 (Thu, 10 Jun 2010)
New Revision: 14851

Modified:
   data/CVE/list
   data/DSA/list
Log:
- more cleanup of old non-issues
- new mono issue CVE-2010-1459
- CVE-2010-1447 fixed in postgresql-8.4 8.4.4-1, added to DSA to mark as fixed in stable as well


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-06-10 14:09:47 UTC (rev 14850)
+++ data/CVE/list	2010-06-10 14:56:08 UTC (rev 14851)
@@ -1934,8 +1934,7 @@
 CVE-2010-1460 (The IBM BladeCenter with Advanced Management Module (AMM) firmware ...)
 	NOT-FOR-US: IBM BladeCenter Management Module
 CVE-2010-1459 (The default configuration of ASP.NET in Mono before 2.6.4 has a value ...)
-	- mono <undetermined>
-	TODO: check
+	- mono <unfixed> (bug #585440)
 CVE-2010-1458 (Stack-based buffer overflow in Create and Extract Zips TweakFS Zip ...)
 	NOT-FOR-US: TweakFS
 CVE-2010-1167 (fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not ...)
@@ -1982,9 +1981,8 @@
 	- lxr-cvs <unfixed>
 	TODO: prod maintainer (and find out why we have lxr and lxr-cvs)
 CVE-2010-1447 (PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, ...)
-	- postgresql-8.4 <undetermined>
-	- postgresql-8.3 <undetermined>
-	TODO: check
+	- postgresql-8.4 8.4.4-1
+	- postgresql-8.3 <removed>
 CVE-2010-1446 (arch/powerpc/mm/fsl_booke_mmu.c in KGDB in the Linux kernel 2.6.30 and ...)
 	{DSA-2053-1}
 	- linux-2.6 2.6.32-12 (unimportant)
@@ -25110,7 +25108,7 @@
 	- fml <removed> (low; bug #496370)
 	[etch] - fml <no-dsa> (Minor issue)
 CVE-2008-4957 (find_flags in Kitware GCC-XML (gccxml) 0.9.0 allows local users to ...)
-	- gccxml <unfixed> (unimportant; bug #496391)
+	- gccxml 0.9.0+cvs20100501-1 (unimportant; bug #496391)
 	NOTE: Only applies to a script used for an obscure SGI compiler
 CVE-2008-4943 (bulmages-servers 0.11.1 allows local users to overwrite arbitrary ...)
 	- bulmages <unfixed> (unimportant; bug #496382)
@@ -25324,7 +25322,7 @@
 	{DSA-1675-1}
 	- phpmyadmin 4:2.11.8.1-3
 CVE-2008-4325 (lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the ...)
-	- viewvc <unfixed> (bug #500779; unimportant)
+	- viewvc 1.0.9-1 (bug #500779; unimportant)
 CVE-2008-4324 (The user interface event dispatcher in Mozilla Firefox 3.0.3 on ...)
 	- iceweasel <unfixed> (unimportant)
 	NOTE: reproducible but browser DoS not treated as security issue
@@ -25642,7 +25640,7 @@
 	NOTE: the changelog doesn't mention the fix but its included in -10
 	[etch] - chillispot <no-dsa> (minor issue)
 CVE-2008-XXXX [unsafe usage of temp file]
-	- debtorrent <unfixed> (unimportant; bug #500180)
+	- debtorrent 0.1.10 (unimportant; bug #500180)
 	NOTE: Only exploitable when upgrading from an ancient version, package also not in Etch
 	NOTE: Marking as unimportant
 CVE-2008-4189
@@ -50544,7 +50542,7 @@
 	- iceape <unfixed> (unimportant)
 	- epiphany-browser <unfixed> (unimportant; bug #556272)
 	NOTE: only epiphany-gecko backend affected
-	- galeon <unfixed> (unimportant; bug #556270)
+	- galeon 2.0.7-2 (unimportant; bug #556270)
 	- kazehakase 0.5.8-2 (bug #556271)
 	TODO: next point release: [etch] - kazehakase 0.4.2-1etch2
 	[lenny] - kazehakase 0.5.4-2lenny1
@@ -79426,7 +79424,7 @@
 	- moodle 1.4.4.dfsg.1-3
 CVE-2005-2351 [Minor DoS condition in mutt due to preditable tempfiles]
 	RESERVED
-	- mutt <unfixed> (bug #311296; unimportant)
+	- mutt 1.5.20-7 (bug #311296; unimportant)
 	[sarge] - mutt <no-dsa> (Minor annoyance, not a real DoS)
 	NOTE: An "attacker" could achieve the same by simply filling up /tmp
 CVE-2005-XXXX [gforge arbitrary code execution through viewFile.php]

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2010-06-10 14:09:47 UTC (rev 14850)
+++ data/DSA/list	2010-06-10 14:56:08 UTC (rev 14851)
@@ -20,7 +20,7 @@
 	{CVE-2010-1321}
 	[lenny] - krb5 1.6.dfsg.4~beta1-5lenny4
 [24 May 2010] DSA-2051-1 postgresql-8.3 - several
-	{CVE-2010-0442 CVE-2010-1169 CVE-2010-1170 CVE-2010-1975}
+	{CVE-2010-0442 CVE-2010-1169 CVE-2010-1170 CVE-2010-1975 CVE-2010-1447}
 	[lenny] - postgresql-8.3 8.3.11-0lenny1
 [24 May 2010] DSA-2050-1 kdegraphics - several vulnerabilities
 	{CVE-2009-1188 CVE-2009-3603 CVE-2009-3604 CVE-2009-3606 CVE-2009-3608 CVE-2009-3609}

More information about the Secure-testing-commits mailing list