[Secure-testing-commits] r14210 - in data: . CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Sun Mar 7 18:59:14 UTC 2010 

Author: jmm-guest
Date: 2010-03-07 18:59:14 +0000 (Sun, 07 Mar 2010)
New Revision: 14210

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
filed bugs for cups and ncpfs issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-03-07 18:49:16 UTC (rev 14209)
+++ data/CVE/list	2010-03-07 18:59:14 UTC (rev 14210)
@@ -368,12 +368,12 @@
 	NOTE: http://seclists.org/fulldisclosure/2010/Mar/97
 CVE-2010-0791 [ncpfs denial-of-service]
 	RESERVED
-	- ncpfs <unfixed> (bug filed)
+	- ncpfs <unfixed> (bug #572937)
 	[lenny] - ncpfs <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/fulldisclosure/2010/Mar/122
 CVE-2010-0790 [ncpmount info disclosure]
 	RESERVED
-	- ncpfs <unfixed>
+	- ncpfs <unfixed> (bug #572937)
 	[lenny] - ncpfs <no-dsa> (Minor issue)
 	NOTE: http://seclists.org/fulldisclosure/2010/Mar/122
 CVE-2010-0789 (fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local ...)
@@ -381,7 +381,7 @@
 	- fuse 2.8.1-1.2 (bug #567633)
 	NOTE: Initial DSA released as CVE-2009-3297
 CVE-2010-0788 (ncpfs 2.2.6 allows local users to cause a denial of service, obtain ...)
-	- ncpfs <unfixed> (bug filed)
+	- ncpfs <unfixed> (bug #572937)
 	[lenny] - ncpfs <no-dsa> (Minor issue)
 CVE-2010-0787 (client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, ...)
 	{DSA-2004-1}
@@ -1786,9 +1786,10 @@
 	- hybserv 1.9.2-4.1 (low; bug #550389)
 CVE-2010-0302 [cups denial-of-service]
 	RESERVED
-	- cups <undetermined>
-	NOTE: http://www.ubuntu.com/usn/USN-906-1
-	TODO: check
+	- cups <unfixed> (bug filed)
+	[lenny] - cups <no-dsa> (Minor issue)
+	- cupsys <not-affected> (vulnerable code introduced in 1.3.x)
+	NOTE: This is for an incomplete fix for CVE-2009-3553
 CVE-2010-0301 (main.C in maildrop 2.3.0 and earlier, when run by root with the -d ...)
 	{DSA-1981-1}
 	- maildrop 2.2.0-3.1 (low; bug #564601)

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2010-03-07 18:49:16 UTC (rev 14209)
+++ data/spu-candidates.txt	2010-03-07 18:59:14 UTC (rev 14210)
@@ -64,7 +64,9 @@
 cups (CVE-2009-3553)
 #557740
 maintainer notified in initial bug report
+Initial patch was incomplete; CVE-2010-0302
 
+
 --
 
 devil (CVE-2009-3994)

More information about the Secure-testing-commits mailing list