[Secure-testing-commits] r14940 - in data: CVE DSA

Raphael Geissert geissert at alioth.debian.org
Wed Jun 30 22:30:32 UTC 2010 

Author: geissert
Date: 2010-06-30 22:30:31 +0000 (Wed, 30 Jun 2010)
New Revision: 14940

Modified:
   data/CVE/list
   data/DSA/list
Log:
drupal6 issues CVEIfied
add missing package names to DSAs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-06-30 21:14:57 UTC (rev 14939)
+++ data/CVE/list	2010-06-30 22:30:31 UTC (rev 14940)
@@ -129,12 +129,6 @@
 	RESERVED
 CVE-2010-2474
 	RESERVED
-CVE-2010-2473
-	RESERVED
-CVE-2010-2472
-	RESERVED
-CVE-2010-2471
-	RESERVED
 CVE-2010-2470 (Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through ...)
 	- bugzilla <not-affected> (Only affects 3.5 to 3.7)
 CVE-2010-2476 [syscp open_basedir bypassing]
@@ -667,8 +661,6 @@
 	- lftp 4.0.6-1 (low)
 	[lenny] - lftp <no-dsa> (Minor issue)
 	NOTE: http://www.ocert.org/advisories/ocert-2010-001.html
-CVE-2010-2250
-	RESERVED
 CVE-2010-2249 [memory leak in libpng]
 	RESERVED
 	- libpng <unfixed> (low; bug #587670)
@@ -4785,10 +4777,18 @@
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/warzone2100/+bug/520432
 	NOTE: supposedly fixed in version 2.3
 	NOTE: Triggered through config files, not a security issue
-CVE-2010-XXXX [drupal sa-core-2010-001]
+CVE-2010-2473 [Blocked user session regeneration]
+	RESERVED
 	- drupal6 6.16-1 (bug #572439)
-	[lenny] - drupal6 6.6-3lenny5
-	NOTE: http://drupal.org/node/731710
+CVE-2010-2472 [Locale module cross site scripting]
+	RESERVED
+	- drupal6 6.16-1 (bug #572439)
+CVE-2010-2471 [Open redirection]
+	RESERVED
+	- drupal6 6.16-1 (bug #572439)
+CVE-2010-2250 [Installation cross site scripting]
+	RESERVED
+	- drupal6 6.16-1 (bug #572439)
 CVE-2010-XXXX [linux-ftpd: null ptr dereference]
 	- linux-ftpd <not-affected> (Performs proper length checks, see #572813)
 CVE-2010-0824 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2010-06-30 21:14:57 UTC (rev 14939)
+++ data/DSA/list	2010-06-30 22:30:31 UTC (rev 14940)
@@ -25,7 +25,7 @@
 [07 Jun 2010] DSA-2057-1 mysql-dfsg-5.0 - several
 	{CVE-2010-1626 CVE-2010-1848 CVE-2010-1849 CVE-2010-1850}
 	[lenny] - mysql-dfsg-5.0 5.0.51a-24+lenny4
-[06 Jun 2010] DSA-2056-1  - cross-site scripting
+[06 Jun 2010] DSA-2056-1 zonecheck  - cross-site scripting
 	{CVE-2009-4882 CVE-2010-2155}
 	[lenny] - zonecheck 2.0.4-13lenny1
 [05 Jun 2010] DSA-2055-1 openoffice.org - arbitrary code execution
@@ -46,7 +46,7 @@
 [24 May 2010] DSA-2050-1 kdegraphics - several vulnerabilities
 	{CVE-2009-1188 CVE-2009-3603 CVE-2009-3604 CVE-2009-3606 CVE-2009-3608 CVE-2009-3609}
 	[lenny] - kdegraphics 4:3.5.9-3+lenny3
-[22 May 2010] DSA-2048-1  - arbitrary code execution
+[22 May 2010] DSA-2048-1 dvipng - arbitrary code execution
 	{CVE-2010-0829}
 	[lenny] - dvipng 1.11-1+lenny1
 [23 May 2010] DSA-2049-1 barnowl - arbitrary code execution
@@ -58,7 +58,7 @@
 [13 May 2010] DSA-2046-1 phpgroupware - several vulnerabilities
 	{CVE-2010-0403 CVE-2010-0404}
 	[lenny] - phpgroupware 1:0.9.16.012+dfsg-8+lenny2
-[11 May 2010] DSA-2045-1  - arbitrary code execution
+[11 May 2010] DSA-2045-1 libtheora - arbitrary code execution
 	{CVE-2009-3389}
 	[lenny] - libtheora 1.0~beta3-1+lenny1
 [11 May 2010] DSA-2044-1 mplayer - arbitrary code execution

More information about the Secure-testing-commits mailing list