[Secure-testing-commits] r14203 - data/CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Sun Mar 7 00:03:32 UTC 2010 

Author: gilbert-guest
Date: 2010-03-07 00:03:05 +0000 (Sun, 07 Mar 2010)
New Revision: 14203

Modified:
   data/CVE/list
Log:
more new issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-03-06 22:38:20 UTC (rev 14202)
+++ data/CVE/list	2010-03-07 00:03:05 UTC (rev 14203)
@@ -265,6 +265,31 @@
 	NOT-FOR-US: Xerver
 CVE-2009-4656 (Stack-based buffer overflow in E-Soft DJ Studio Pro 4.2 including ...)
 	NOT-FOR-US: E-Soft DJ Studio Pro
+CVE-2010-XXXX [sudo weakness]
+	- sudo <unfixed> (low; bug #567614)
+CVE-2010-XXXX [esmtp: world-readable config file]
+	- esmtp 1.2-3 (low; bug #568925)
+CVE-2010-XXXX [irssi emote leak]
+	- irssi-plugin-otr <unfixed> (unimportant; bug #569506)
+CVE-2010-XXXX [shibboleth-sp2: world-readable key]
+	- shibboleth-sp2 <unfixed> (low; bug #571631)
+CVE-2010-XXXX [libesmtp doesn't handle null bytes in commonname]
+	- libesmtp <unfixed>
+	NOTE: http://www.openwall.com/lists/oss-security/2010/03/03/6
+	TODO: check
+CVE-2010-XXXX [argyll unsafe udev rules]
+	- argyll <not-affected> (issue with redhat-specific changes to the package)
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=560050
+CVE-2010-XXXX [warzone2100 stack overflow]
+	- warzone2100 <undetermined> (low)
+	NOTE: https://bugs.launchpad.net/ubuntu/+source/warzone2100/+bug/520432
+	NOTE: supposedly fixed in version 2.3
+	TODO: check
+CVE-2010-XXXX [drupal sa-core-2010-001]
+	- drupal-6 <undetermined>
+	- drupal-5 <undetermined>
+	NOTE: http://drupal.org/node/731710
+	TODO: check
 CVE-2010-XXXX [linux-ftpd: null ptr dereference]
 	- linux-ftpd <unfixed>
 CVE-2010-XXXX [openssl power supply fluctuation fault-based key disclosure]
@@ -336,12 +361,21 @@
 	RESERVED
 CVE-2010-0793
 	RESERVED
-CVE-2010-0792
+CVE-2010-0792 [fcron info disclosure]
 	RESERVED
-CVE-2010-0791
+	- fcron <undetermined>
+	NOTE: http://seclists.org/fulldisclosure/2010/Mar/97
+	TODO: check
+CVE-2010-0791 [ncpfs denial-of-service]
 	RESERVED
-CVE-2010-0790
+	- ncpfs <undetermined>
+	NOTE: http://seclists.org/fulldisclosure/2010/Mar/122
+	TODO: check
+CVE-2010-0790 [ncpmount info disclosure]
 	RESERVED
+	- ncpfs <undetermined>
+	NOTE: http://seclists.org/fulldisclosure/2010/Mar/122
+	TODO: check
 CVE-2010-0789 (fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local ...)
 	{DSA-1989-1}
 	- fuse 2.8.1-1.2 (bug #567633)
@@ -1280,8 +1314,11 @@
 	RESERVED
 CVE-2010-0434
 	RESERVED
-CVE-2010-0433
+CVE-2010-0433 [openssl remote crash]
 	RESERVED
+	- openssl <undetermined>
+	NOTE: http://www.openwall.com/lists/oss-security/2010/03/03/5
+	TODO: check
 CVE-2010-0432
 	RESERVED
 CVE-2010-0431
@@ -1745,8 +1782,11 @@
 CVE-2010-0303 (mystring.c in hybserv in IRCD-Hybrid (aka Hybrid2 IRC Services) 1.9.2 ...)
 	{DSA-1982-1}
 	- hybserv 1.9.2-4.1 (low; bug #550389)
-CVE-2010-0302
+CVE-2010-0302 [cups denial-of-service]
 	RESERVED
+	- cups <undetermined>
+	NOTE: http://www.ubuntu.com/usn/USN-906-1
+	TODO: check
 CVE-2010-0301 (main.C in maildrop 2.3.0 and earlier, when run by root with the -d ...)
 	{DSA-1981-1}
 	- maildrop 2.2.0-3.1 (low; bug #564601)
@@ -1941,8 +1981,11 @@
 	NOT-FOR-US: Microsoft Windows Vista Gold
 CVE-2010-0239 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and ...)
 	NOT-FOR-US: Microsoft Windows Vista Gold
-CVE-2010-0238
+CVE-2010-0238 [krb5 denial-of-service]
 	RESERVED
+	- krb5 <undetermined> (low)
+	NOTE: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-001.txt
+	TODO: check
 CVE-2010-0237
 	RESERVED
 CVE-2010-0236
@@ -2148,6 +2191,7 @@
 	[etch] - xulrunner <end-of-life>
 	- iceape 2.0.3-1
 	[lenny] - iceape <not-affected> (Lenny package only provide xpcom stubs)
+	- icedove 3.0.2-1
 CVE-2010-0158 (** DISPUTED ** ...)
 	NOT-FOR-US: JoomlaBamboo (JB) Simpla Admin template
 CVE-2010-0157 (Directory traversal vulnerability in the Bible Study (com_biblestudy) ...)
@@ -3198,7 +3242,7 @@
 CVE-2009-4274 (Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm ...)
 	- netpbm-free <unfixed> (medium; bug #569060)
 CVE-2009-4273 (stap-server in SystemTap before 1.1 allows remote attackers to execute ...)
-	- systemtap 1.1-1
+	- systemtap 1.1-1 (bug #568865)
 	[lenny] - systemtap <not-affected> (Server component not yet present)
 	[etch] - systemtap <not-affected> (Server component not yet present)
 CVE-2009-4272 (A certain Red Hat patch for net/ipv4/route.c in the Linux kernel ...)
@@ -11601,6 +11645,7 @@
 	[etch] - xulrunner <end-of-life>
 	- iceape 2.0.3-1
 	[lenny] - iceape <not-affected> (Lenny package only provide xpcom stubs)
+	- icedove 3.0.2-1 
 CVE-2009-1570 (Integer overflow in the ReadImage function in ...)
 	- gimp 2.6.7-1.1 (medium; bug #555929)
 CVE-2009-1569 (Multiple stack-based buffer overflows in Novell iPrint Client 4.38, ...)
@@ -12479,6 +12524,7 @@
 CVE-2009-1297 (iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and ...)
 	- open-iscsi 2.0.871-1 (low; bug #547011)
 	[lenny] - open-iscsi <no-dsa> (Minor issue)
+	TODO: next lenny spu [- open-iscsi 2.0.870~rc3-0.4.1]
 	[etch] - open-iscsi <not-affected> (Vulnerable script not yet present)
 CVE-2009-1296 (The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on ...)
 	- ecryptfs-utils 75-2 (unimportant; bug #532372)

More information about the Secure-testing-commits mailing list