[Secure-testing-commits] r14853 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Thu Jun 10 17:14:29 UTC 2010 

Author: jmm-guest
Date: 2010-06-10 17:14:26 +0000 (Thu, 10 Jun 2010)
New Revision: 14853

Modified:
   data/CVE/list
Log:
- sudo bugnum
- two xinha embedders not-affected
- moodle temp entry was CVEfied
- record openjdk fixes using the same security branch as sun java
- fix samba version number for wide_links issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-06-10 15:58:35 UTC (rev 14852)
+++ data/CVE/list	2010-06-10 17:14:26 UTC (rev 14853)
@@ -791,8 +791,8 @@
 	- serendipity 1.5.3-1
 	[lenny] - serendipity <not-affected> (Only affects >= 1.4)
 	- horde3 <undetermined> (bug #585165)
-	- openacs <undetermined> (bug #585163)
-	- dotlrn <undetermined> (bug #585164)
+	- openacs <not-affected> (Doesn't use the PHP interface, see bug #585163)
+	- dotlrn <not-affected> (Doesn't use the PHP interface, see bug #585164)
 CVE-2010-1915 (The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through ...)
 	- php5 <unfixed> (unimportant)
 CVE-2010-1914 (The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows ...)
@@ -878,8 +878,8 @@
 	NOT-FOR-US: PHP Easy Shopping Cart
 CVE-2009-4855 (SQL injection vulnerability in index.php in TYPO3 4.0 allows remote ...)
 	- typo3-src 4.2.5-1+lenny3
-	NOTE: I have on idea when this was fixed, 4.2.5-1+lenny3 is the version currently in lenny
-	NOTE: which is not affected by this bug
+        NOTE: I have no idea when this was fixed, 4.2.5-1+lenny3 is the version currently in lenny
+        NOTE: which is not affected by this bug
 CVE-2009-4854 (addons/import.php in TalkBack 2.3.14 allows remote attackers to ...)
 	NOT-FOR-US: TalkBack
 CVE-2009-4853 (Multiple cross-site scripting (XSS) vulnerabilities in JumpBox before ...)
@@ -1351,7 +1351,7 @@
 	- mediawiki <unfixed>
 	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
 CVE-2010-1646 (The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and ...)
-	- sudo <unfixed> (bug filed)
+	- sudo <unfixed> (bug #585394)
 CVE-2010-1645
 	RESERVED
 CVE-2010-1644
@@ -3108,7 +3108,6 @@
 	[lenny] - alien-arena <no-dsa> (Contrib not supported)
 CVE-2010-XXXX [phpCAS XSS in final_uri; PHPCAS-52]
 	- glpi 0.72.4-2 (bug #574760)
-	- moodle <unfixed> (bug #574757)
 	NOTE: http://www.ja-sig.org/issues/browse/PHPCAS-52
 CVE-2010-1028 (Integer overflow in the decompression functionality in the Web Open ...)
 	- xulrunner <not-affected> (vulnerability introduced in firefox 3.6)
@@ -3433,8 +3432,8 @@
 	NOTE: somewhat impractical right now, but the openssl developers are working
 	NOTE: on a fix just in case
 CVE-2010-0926 (The default configuration of smbd in Samba before 3.3.11, 3.4.x before ...)
-	- samba 2:3.5.1~dfsg-1 (low; bug #568493; bug #572953)
-	[lenny] - samba <no-dsa> (Minor issue, patch breaks existing behaviour, can be fixed through configuration modifications)
+	- samba 2:3.4.6~dfsg-1 (low; bug #568493; bug #572953)
+	[lenny] - samba <no-dsa> (Minor issue, patch breaks existing behaviour, can be fixed through configuration modifications)  
 CVE-2010-0935 (Perforce Server 2009.2 and earlier, when the protection table is ...)
 	NOT-FOR-US: Perforce Server
 CVE-2010-0934 (The triggers functionality in Perforce Server 2008.1 allows remote ...)
@@ -7995,7 +7994,7 @@
 	NOTE: http://www.ocert.org/advisories/ocert-2009-013.html
 	NOTE: This doesn't affect Evolution, the TNEF plugin is external
 CVE-2009-3886 (The Java Web Start implementation in Sun Java SE 6 before Update 17 ...)
-	- openjdk-6 <unfixed> (medium; bug #560908)
+	- openjdk-6 6b17-1.7-1 (medium; bug #560908)
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3885 (Sun Java SE 5.0 before Update 22 and 6 before Update 17 on Windows ...)
@@ -8049,7 +8048,7 @@
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3872 (Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in ...)
-	- openjdk-6 <unfixed> (medium; bug #560908)
+	- openjdk-6 6b17-1.7-1 (medium; bug #560908)
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3871 (Heap-based buffer overflow in the setBytePixels function in the ...)
@@ -8065,15 +8064,15 @@
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3867 (Stack-based buffer overflow in the HsbParser.getSoundBank function in ...)
-	- openjdk-6 <unfixed> (medium; bug #560908)
+	- openjdk-6 6b17-1.7-1 (medium; bug #560908)
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3866 (The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before ...)
-	- openjdk-6 <unfixed> (medium; bug #560908)
+	- openjdk-6 6b17-1.7-1 (medium; bug #560908)
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3865 (The launch method in the Deployment Toolkit plugin in Java Runtime ...)
-	- openjdk-6 <unfixed> (medium; bug #560908)
+	- openjdk-6 6b17-1.7-1 (medium; bug #560908)
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3864 (The Java Update functionality in Java Runtime Environment (JRE) in Sun ...)
@@ -8481,7 +8480,7 @@
 CVE-2009-3730 (Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help ...)
 	NOT-FOR-US: ReqWeb
 CVE-2009-3729 (Unspecified vulnerability in the TrueType font parsing functionality ...)
-	- openjdk-6 <unfixed> (medium; bug #560908)
+	- openjdk-6 6b17-1.7-1 (medium; bug #560908)
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 CVE-2009-3728 (Directory traversal vulnerability in the ICC_Profile.getInstance ...)

More information about the Secure-testing-commits mailing list