[Secure-testing-commits] r14897 - in data: . CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Wed Jun 23 20:29:15 UTC 2010
Author: jmm-guest
Date: 2010-06-23 20:29:12 +0000 (Wed, 23 Jun 2010)
New Revision: 14897
Modified:
data/CVE/list
data/embedded-code-copies
data/spu-candidates.txt
Log:
- new squirrelmail non-issue (Thijs, please change severity
if you disagree)
- pyftpd fixed in spu upload
- hamlib/ltdl code copy fixed
- multiple moodle issues fixed
- new moodle issues
- new htmlpurifier issue
- new bozohttpd issues
- horde not affected by Xinha issue
- new ziproxy issue not in Lenny
- activeldap prototype.js code copy fixed
- mono fixed
- new round of mozilla issues, already fixed in unstable and experimental for
xulrunner and in iceape
- two new pscs assignments already covered by CVE ID from DSA
- new fastjar issue no-dsa
- xen issue is in the Hypervisor, not the kernel (but already fixed anyway)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-06-23 00:08:44 UTC (rev 14896)
+++ data/CVE/list 2010-06-23 20:29:12 UTC (rev 14897)
@@ -1,3 +1,5 @@
+CVE-2010-XXXX [IE-specific XSS issue]
+ - php-htmlpurifier 4.1.1+dfsg1-1
CVE-2010-2419
RESERVED
CVE-2010-2418
@@ -137,8 +139,9 @@
CVE-2010-2351 (Stack-based buffer overflow in the CIFS.NLM driver in Netware SMB 1.0 ...)
NOT-FOR-US: Novell Netware
CVE-2010-2350 (Heap-based buffer overflow in the PNG decoder in Ziproxy 3.1.0 allows ...)
- - ziproxy <undetermined>
- TODO: check
+ - ziproxy <unfixed>
+ [lenny] - ziproxy <not-affected> (Introduced in 3.1.0)
+ TODO: file bug
CVE-2010-2349 (H264WebCam 3.7 allows remote attackers to cause a denial of service ...)
NOT-FOR-US: H264WebCam
CVE-2010-2348 (Stack-based buffer overflow in Batch Audio Converter Lite Edition ...)
@@ -194,16 +197,24 @@
CVE-2010-2323 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS ...)
NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-2322 (Absolute path traversal vulnerability in the extract_jar function in ...)
- - fastjar 2:0.98-3
+ - fastjar 2:0.98-3 (low)
+ [lenny] - fastjar <no-dsa> (Minor issue)
- openjdk <undetermined>
CVE-2010-2321 (Buffer overflow in Adobe InDesign CS3 10.0 allows user-assisted remote ...)
NOT-FOR-US: Adobe InDesign
CVE-2009-4902 (Buffer overflow in the MSGFunctionDemarshall function in ...)
- TODO: check
+ - pcsc-lite <not-affected> (Covered by initial CVE-2010-0407 fix)
+ NOTE: See https://bugzilla.redhat.com/show_bug.cgi?id=596426#c20 for an explanation
+ NOTE: of the weird CVE assignments on this one
CVE-2009-4901 (The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC ...)
- TODO: check
-CVE-2010-2320
+ - pcsc-lite <not-affected> (Covered by initial CVE-2010-0407 fix)
+ NOTE: See https://bugzilla.redhat.com/show_bug.cgi?id=596426#c20 for an explanation
+ NOTE: of the weird CVE assignments on this one
+CVE-2010-2320 [information disclosure: existing vs non-existing users]
RESERVED
+ - bozohttpd <unfixed> (low)
+ [lenny] - bozohttpd <no-dsa> (Minor information leak)
+ TODO: File bug
CVE-2010-2319 (SQL injection vulnerability in index.php in IDevSpot TextAds 2.08 ...)
NOT-FOR-US: IDevSpot TextAds
CVE-2010-2318 (Cross-site scripting (XSS) vulnerability in cms_data.php in ...)
@@ -429,14 +440,18 @@
RESERVED
CVE-2010-2232
RESERVED
-CVE-2010-2231
+CVE-2010-2231 [MSA-10-0013 Potential Cross Site Scripting vulnerability in Quiz reports]
RESERVED
-CVE-2010-2230
+ - moodle <unfixed> (bug #586280)
+CVE-2010-2230 [MSA-10-0012 KSES Security Filter Bypassing vulnerability]
RESERVED
-CVE-2010-2229
+ - moodle <unfixed> (bug #586280)
+CVE-2010-2229 [MSA-10-0011 Cross Site Scripting vulnerability in blog/index.php]
RESERVED
-CVE-2010-2228
+ - moodle <unfixed> (bug #586280)
+CVE-2010-2228 [MSA-10-0010 Persistent XSS vulnerability in the MNET access control interface]
RESERVED
+ - moodle <unfixed> (bug #586280)
CVE-2010-2227
RESERVED
CVE-2010-2226
@@ -509,8 +524,11 @@
- dpkg 1.10.19 (bug #225692)
CVE-2010-2196
RESERVED
-CVE-2010-2195
+CVE-2010-2195 [bozohttpd DoS through code miscompilation]
RESERVED
+ - bozohttpd <unfixed>
+ [lenny] - bozohttpd <not-affected> (Only affects 20090522 to 20100512)
+ TODO: File bug
CVE-2010-2194
RESERVED
CVE-2010-2193 (Multiple unspecified vulnerabilities in the CA (1) PSFormX and (2) ...)
@@ -806,15 +824,18 @@
TODO: File bug
CVE-2010-2073 (auth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames and ...)
- pyftpd 0.8.5 (low; bug #585776)
+ TODO: next point release: [lenny] - pyftpd 0.8.4.6+lenny1
[lenny] - pyftpd <no-dsa> (Minor issue)
CVE-2010-2072 (Pyftpd 0.8.4 creates log files with predictable names in a temporary ...)
- pyftpd 0.8.5 (low; bug #585773)
+ TODO: next point release: [lenny] - pyftpd 0.8.4.6+lenny1
[lenny] - pyftpd <no-dsa> (Minor issue)
CVE-2010-2071 (The btrfs_xattr_set_acl function in fs/btrfs/acl.c in btrfs in the ...)
- linux-2.6 <unfixed>
[lenny] - linux-2.6 <not-affected> (btrfs introduced in 2.6.29)
CVE-2010-2070 (arch/ia64/xen/faults.c in Xen 3.4 and 4.0 in Linux kernel 2.6.18, and ...)
- - linux-2.6 <not-affected> (redhat-specific issue)
+ - xen-3 3.2.1-2
+ NOTE: The respective patch is present in Lenny's version of xen-3, might be fixed even earlier
CVE-2010-2069
RESERVED
CVE-2010-2068 (mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 ...)
@@ -1086,7 +1107,7 @@
CVE-2010-1959 (Unspecified vulnerability in HP TestDirector for Quality Center 9.2 ...)
NOT-FOR-US: HP TestDirector for Quality Center
CVE-2010-1958 (Cross-site scripting (XSS) vulnerability in the FileField module 5.x ...)
- TODO: check
+ NOT-FOR-US: Drupal addon
CVE-2010-1957 (Directory traversal vulnerability in the Love Factory ...)
NOT-FOR-US: com_lovefactory component for joomla!
CVE-2010-1956 (Directory traversal vulnerability in the Gadget Factory ...)
@@ -1157,7 +1178,7 @@
CVE-2010-1933
RESERVED
CVE-2010-1932 (Heap-based buffer overflow in XnView 1.97.4 and possibly earlier ...)
- TODO: check
+ NOT-FOR-US: XnView
CVE-2010-1931 (SQL injection vulnerability in includes/content/cart.inc.php in ...)
NOT-FOR-US: CubeCart PHP Shopping Cart
CVE-2010-1930
@@ -1258,7 +1279,7 @@
CVE-2010-1916 (The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Beta 2 ...)
- serendipity 1.5.3-1
[lenny] - serendipity <not-affected> (Only affects >= 1.4)
- - horde3 <undetermined> (bug #585165)
+ - horde3 <not-affected> (Vulnerable code not included, see bug #585165)
- openacs <not-affected> (Doesn't use the PHP interface, see bug #585163)
- dotlrn <not-affected> (Doesn't use the PHP interface, see bug #585164)
CVE-2010-1915 (The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through ...)
@@ -1557,7 +1578,7 @@
NOTE: https://bugs.webkit.org/show_bug.cgi?id=38626
NOTE: http://trac.webkit.org/changeset/59795
CVE-2010-1769 (Unspecified vulnerability in WebKit in Apple iTunes before 9.2 on ...)
- TODO: check
+ - webkit <undetermined>
CVE-2010-1768
RESERVED
CVE-2010-1767
@@ -1881,6 +1902,7 @@
RESERVED
CVE-2010-1637
RESERVED
+ - squirrelmail <unfixed> (unimportant)
CVE-2010-1636 (The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the btrfs ...)
- linux-2.6 2.6.32-14
[lenny] - linux-2.6 <not-affected> (brtfs introduced in 2.6.32)
@@ -1976,26 +1998,22 @@
CVE-2009-4831 (Cerulean Studios Trillian 3.1 Basic does not check SSL certificates ...)
NOT-FOR-US: Cerulean Studios Trillian
CVE-2010-1619 (Cross-site scripting (XSS) vulnerability in the ...)
- - moodle <unfixed> (low; bug #585425)
+ - moodle 1.9.8-1 (low; bug #585425)
CVE-2010-1618 (Cross-site scripting (XSS) vulnerability in the phpCAS client library ...)
- - moodle <unfixed> (low; bug #574757)
+ - moodle 1.9.8-1 (low; bug #574757)
CVE-2010-1617 (user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 ...)
- - moodle <unfixed> (unimportant; bug #585427)
+ - moodle 1.9.8-1 (unimportant; bug #585427)
NOTE: i have a hard time seeing the security impact, moodle is a course management
NOTE: system and the real names of your colleagues are probably not a secret, since
NOTE: a patch exists I filed a bug anyway
CVE-2010-1616 (Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when ...)
- - moodle <undetermined>
- TODO: check
+ - moodle 1.9.8-1
CVE-2010-1615 (Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 ...)
- - moodle <undetermined>
- TODO: check
+ - moodle 1.9.8-1
CVE-2010-1614 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.8.x ...)
- - moodle <undetermined>
- TODO: check
+ - moodle 1.9.8-1
CVE-2010-1613 (Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate ...)
- - moodle <undetermined>
- TODO: check
+ - moodle 1.9.8-1
CVE-2010-1596 (Support Incident Tracker before 3.51, when using LDAP authentication ...)
NOT-FOR-US: Support Incident Tracker
CVE-2010-1595 (Multiple SQL injection vulnerabilities in ocsreports/index.php in OCS ...)
@@ -2441,7 +2459,8 @@
CVE-2010-1460 (The IBM BladeCenter with Advanced Management Module (AMM) firmware ...)
NOT-FOR-US: IBM BladeCenter Management Module
CVE-2010-1459 (The default configuration of ASP.NET in Mono before 2.6.4 has a value ...)
- - mono <unfixed> (bug #585440)
+ - mono 2.6.3-2 (bug #585440)
+ NOTE: Fix currently only in experimental, but will be uploaded to unstable later
CVE-2010-1458 (Stack-based buffer overflow in Create and Extract Zips TweakFS Zip ...)
NOT-FOR-US: TweakFS
CVE-2010-1167 (fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not ...)
@@ -3194,22 +3213,46 @@
RESERVED
CVE-2010-1204
RESERVED
-CVE-2010-1203
+CVE-2010-1203 [browser crashes with evidence of memory corruption]
RESERVED
-CVE-2010-1202
+ - xulrunner <not-affected> (Only affects Firefox 3.6, i.e xulrunner 1.9.2)
+CVE-2010-1202 [browser crashes with evidence of memory corruption]
RESERVED
-CVE-2010-1201
+ - xulrunner 1.9.1.10-1
+ - iceape 2.0.5-1
+ [lenny] - iceape <not-affected> (Only a stub package)
+CVE-2010-1201 [browser crashes with evidence of memory corruption]
RESERVED
-CVE-2010-1200
+ - xulrunner 1.9.1.10-1
+ - iceape 2.0.5-1
+ [lenny] - iceape <not-affected> (Only a stub package)
+CVE-2010-1200 [browser crashes with evidence of memory corruption]
RESERVED
+ - xulrunner 1.9.1.10-1
+ - iceape 2.0.5-1
+ [lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-1199
RESERVED
-CVE-2010-1198
+ - xulrunner 1.9.1.10-1
+ - iceape 2.0.5-1
+ - icedove <unfixed>
+ [lenny] - iceape <not-affected> (Only a stub package)
+CVE-2010-1198 [Freed object reuse across plugin instances]
RESERVED
+ - xulrunner 1.9.1.10-1
+ - iceape 2.0.5-1
+ [lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-1197
RESERVED
-CVE-2010-1196
+ - xulrunner 1.9.1.10-1
+ - iceape 2.0.5-1
+ [lenny] - iceape <not-affected> (Only a stub package)
+CVE-2010-1196 [Heap buffer overflow in nsGenericDOMDataNode::SetTextInternal]
RESERVED
+ - xulrunner 1.9.1.10-1
+ - iceape 2.0.5-1
+ - icedove <unfixed>
+ [lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-1194 (The match_component function in smtp-tls.c in libESMTP 1.0.3.r1, and ...)
- libesmtp 1.0.4-2 (bug #311191)
CVE-2010-1191 (Sahana disaster management system 0.6.2.2, and possibly other ...)
@@ -3403,8 +3446,9 @@
CVE-2010-1126 (The JavaScript implementation in WebKit allows remote attackers to ...)
- webkit <not-affected> (proof-of-concept not effective; windows-only?)
CVE-2010-1125 (The JavaScript implementation in Mozilla Firefox 3.x allows remote ...)
- - xulrunner <undetermined>
- TODO: check
+ - xulrunner 1.9.1.10-1
+ - iceape 2.0.5-1
+ [lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-1124 (bos.rte.libc 5.3.9.4 on IBM AIX 5.3 does not properly support reading ...)
NOT-FOR-US: IBM AIX
CVE-2010-1123 (Chip Salzenberg Deliver does not properly associate a lockfile with ...)
@@ -3705,14 +3749,13 @@
CVE-2010-XXXX [alien-arena: server dos]
- alien-arena 7.33-5 (low; bug #575621)
[lenny] - alien-arena <no-dsa> (Contrib not supported)
+ TODO: next point release [lenny] - alien-arena 7.0-1+lenny2
CVE-2010-XXXX [phpCAS XSS in final_uri; PHPCAS-52]
- glpi 0.72.4-2 (bug #574760)
NOTE: http://www.ja-sig.org/issues/browse/PHPCAS-52
CVE-2010-1028 (Integer overflow in the decompression functionality in the Web Open ...)
- xulrunner <not-affected> (vulnerability introduced in firefox 3.6)
- iceape <not-affected> (Vulnerable code not present)
- NOTE: http://www.mozilla.org/security/announce/2010/mfsa2010-08.html
- TODO: fix tracker once iceweasel/xulrunner >= 3.6 uploaded
CVE-2010-XXXX [Escape href attribute in auto links]
- redmine 0.9.3-3
TODO: Check severity, Lenny status
@@ -4297,7 +4340,9 @@
CVE-2010-0832
RESERVED
CVE-2010-0831 (Directory traversal vulnerability in the extract_jar function in ...)
- TODO: check
+ - fastjar <unfixed> (low)
+ [lenny] - fastjar <no-dsa> (Minor issue)
+ TODO: File bug
CVE-2010-0830 (Integer signedness error in the elf_get_dynamic_info function in ...)
{DSA-2058-1}
- glibc <removed>
@@ -6256,6 +6301,9 @@
NOT-FOR-US: TIBCO Domain Utility in TIBCO Runtime Agent
CVE-2010-0183
RESERVED
+ - xulrunner 1.9.1.10-1
+ - iceape 2.0.5-1
+ [lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-0182 (The XMLDocument::load function in Mozilla Firefox before 3.5.9 and ...)
- xulrunner 1.9.1.9-1 (low)
[lenny] - xulrunner <no-dsa> (Minor issue, no upstream fix for 3.0 series)
@@ -7577,7 +7625,7 @@
- moodle 1.8.2.dfsg-6 (medium; bug #559531)
NOTE: MSA-09-0031
CVE-2009-4304 (Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not use a random ...)
- - moodle <unfixed> (bug #559531)
+ - moodle 1.9.8-1 (bug #559531)
[lenny] - moodle <no-dsa> (Minor issue)
[etch] - moodle <no-dsa> (Minor issue)
NOTE: MSA-09-0029
@@ -7594,7 +7642,7 @@
- moodle 1.8.2.dfsg-6 (bug #559531)
NOTE: MSA-09-0026
CVE-2009-4300 (Multiple unspecified authentication plugins in Moodle 1.8 before ...)
- - moodle <unfixed> (bug #559531)
+ - moodle 1.9.8-1 (bug #559531)
[lenny] - moodle <no-dsa> (Minor issue)
[etch] - moodle <no-dsa> (Minor issue)
NOTE: MSA-09-0025
@@ -21598,11 +21646,9 @@
CVE-2008-5914 (An unspecified function in the JavaScript implementation in Apple ...)
NOT-FOR-US: Apple
CVE-2008-5913 (An unspecified function in the JavaScript implementation in Mozilla ...)
- - xulrunner <unfixed> (unimportant; bug #559792)
- - iceape <unfixed> (unimportant)
+ - xulrunner 1.9.1.10-1 (unimportant; bug #559792)
+ - iceape 2.0.5-1 (unimportant)
[lenny] - iceape <not-affected> (Just a stub package)
- NOTE: fixed upstream https://bugzilla.mozilla.org/show_bug.cgi?id=cve-2008-5913
- TODO: check next set of MFSA's
CVE-2008-5912 (An unspecified function in the JavaScript implementation in Microsoft ...)
NOT-FOR-US: Microsoft
CVE-2008-5911 (Multiple buffer overflows in RealNetworks Helix Server and Helix ...)
Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies 2010-06-23 00:08:44 UTC (rev 14896)
+++ data/embedded-code-copies 2010-06-23 20:29:12 UTC (rev 14897)
@@ -782,7 +782,7 @@
- scriptaculous <not-affected> (uses system prototype.js since initial upload; bug #555260)
- ingo1 1.2.3+debian0-1 (embed; bug #555261)
- kronolith2 2.3.3+debian0-1 (embed; bug #555262)
- - activeldap <unfixed> (embed)
+ - activeldap 1.2.1-1 (embed)
- libv8 <not-affected> (contains a google-specific implementation of prototype.js)
- mantis 1.1.2+dfsg-1 (embed; bug #555265)
- otrs2 2.3.4-6 (embed; bug #555267)
@@ -1620,7 +1620,7 @@
- graphviz 2.8-3 (embed)
NOTE: The etch version of graphviz was the earliest version checked, might be fixed earlier
- guile-1.6 1.6.8-7 (embed)
- - hamlib <unfixed> (embed)
+ - hamlib 1.2.11-1 (embed)
- hercules 3.06-1.2 (embed)
- jags 1.0.4-3 (embed; bug #560864)
- kdelibs <unfixed> (embed)
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2010-06-23 00:08:44 UTC (rev 14896)
+++ data/spu-candidates.txt 2010-06-23 20:29:12 UTC (rev 14897)
@@ -117,6 +117,10 @@
--
+fastjar (CVE-2010-0831, CVE-2010-2322)
+
+--
+
fcron (CVE-2010-0791)
#572587
notified maintainer through initial bugreport
More information about the Secure-testing-commits
mailing list