[Secure-testing-commits] r14188 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Thu Mar 4 21:21:59 UTC 2010 

Author: jmm-guest
Date: 2010-03-04 21:21:58 +0000 (Thu, 04 Mar 2010)
New Revision: 14188

Modified:
   data/CVE/list
Log:
- bugnums
- bug for systemtap, doesn't affect Lenny


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-03-04 21:14:29 UTC (rev 14187)
+++ data/CVE/list	2010-03-04 21:21:58 UTC (rev 14188)
@@ -450,8 +450,7 @@
 	- squid3 <unfixed> (bug #572554)
 	[lenny] - squid3 <no-dsa> (Minor issue, only affects non-default setup)
 CVE-2010-0638 (Cross-site request forgery (CSRF) vulnerability in WebCalendar 1.2.0 ...)
-	- webcalendar <undetermined>
-	TODO: check
+	- webcalendar <undetermined> (bug #572557)
 CVE-2009-4643 (Stack-based buffer overflow in dsInstallerService.dll in the Juniper ...)
 	NOT-FOR-US: Juniper Installer Service
 CVE-2009-XXXX [ffmpeg vulnerabilities]
@@ -491,11 +490,9 @@
 	NOTE: http://mail-archives.apache.org/mod_mbox/couchdb-dev/201002.mbox/%3C87bpfz5t39.fsf@mid.deneb.enyo.de%3E
 	NOTE: http://www.openwall.com/lists/oss-security/2010/02/15/5
 CVE-2010-0637 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
-	- webcalendar <undetermined>
-	TODO: check, webcalendar is in the archive
+	- webcalendar <undetermined> (bug #572557)
 CVE-2010-0636 (Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar ...)
-	- webcalendar <undetermined>
-	TODO: check, webcalendar is in the archive
+	- webcalendar <undetermined> (bug #572557)
 CVE-2010-0635 (SQL injection vulnerability in the plgSearchEventsearch::onSearch ...)
 	NOT-FOR-US: JEvents Search plugin for Joomla!
 CVE-2010-0633 (Unspecified vulnerability in Citrix XenServer 5.0 Update 3 and ...)
@@ -1060,8 +1057,9 @@
 CVE-2010-0413
 	RESERVED
 CVE-2010-0412 (stap-server in SystemTap 1.1 does not properly restrict the value of ...)
-	- systemtap <undetermined>
-	TODO: check
+	- systemtap <unfixed> (bug filed)
+	[lenny] - systemtap <not-affected> (Server component not yet present)
+	[etch] - systemtap <not-affected> (Server component not yet present)
 CVE-2010-0411 (Multiple integer signedness errors in the (1) __get_argv and (2) ...)
 	- systemtap <unfixed> (low; bug #568809)
 	[lenny] - systemtap <not-affected> (Vulnerable code not present)
@@ -2703,8 +2701,8 @@
 	RESERVED
 CVE-2010-0055 [xar Signature verification bypass]
 	RESERVED
-	- xar <unfixed> (bug filed)
-	[lenny] - xar <no-dsa> (Minor issue)
+        - xar <unfixed> (bug #572556)
+        [lenny] - xar <no-dsa> (Minor issue)
 CVE-2010-0054
 	RESERVED
 CVE-2010-0053

More information about the Secure-testing-commits mailing list