[Secure-testing-commits] r14212 - in data: . CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Sun Mar 7 20:19:00 UTC 2010
Author: jmm-guest
Date: 2010-03-07 20:19:00 +0000 (Sun, 07 Mar 2010)
New Revision: 14212
Modified:
data/CVE/list
data/spu-candidates.txt
Log:
shibboleth no-dsa
esmtp unimportant
sudo unimportant
add cups bugnum
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-03-07 20:01:52 UTC (rev 14211)
+++ data/CVE/list 2010-03-07 20:19:00 UTC (rev 14212)
@@ -266,14 +266,17 @@
CVE-2009-4656 (Stack-based buffer overflow in E-Soft DJ Studio Pro 4.2 including ...)
NOT-FOR-US: E-Soft DJ Studio Pro
CVE-2010-XXXX [sudo weakness]
- - sudo <unfixed> (low; bug #567614)
+ - sudo <unfixed> (unimportant; bug #567614)
+ NOTE: Hardening configuration option, not a vulnerability
CVE-2010-XXXX [esmtp: world-readable config file]
- - esmtp 1.2-3 (low; bug #568925)
+ - esmtp 1.2-3 (unimportant; bug #568925)
+ NOTE: Documentation advises against adding password data to the respective config file
CVE-2010-XXXX [irssi emote leak]
- irssi-plugin-otr <unfixed> (unimportant; bug #569506)
CVE-2010-XXXX [shibboleth-sp2: world-readable key]
- shibboleth-sp2 <unfixed> (low; bug #571631)
- - shibboleth-sp <removed> (low)
+ [lenny] - shibboleth-sp2 <no-dsa> (Minor issue)
+ - shibboleth-sp <not-affected> (Vulnerable code not present)
CVE-2010-XXXX [libesmtp doesn't handle null bytes in commonname]
- libesmtp <unfixed>
NOTE: http://www.openwall.com/lists/oss-security/2010/03/03/6
@@ -1799,7 +1802,7 @@
- hybserv 1.9.2-4.1 (low; bug #550389)
CVE-2010-0302 [cups denial-of-service]
RESERVED
- - cups <unfixed> (bug filed)
+ - cups <unfixed> (bug #572940)
[lenny] - cups <no-dsa> (Minor issue)
- cupsys <not-affected> (vulnerable code introduced in 1.3.x)
NOTE: This is for an incomplete fix for CVE-2009-3553
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2010-03-07 20:01:52 UTC (rev 14211)
+++ data/spu-candidates.txt 2010-03-07 20:19:00 UTC (rev 14212)
@@ -353,6 +353,12 @@
--
+shibboleth-sp2: world-readable key (no CVE)
+#571631
+notified maintainer through bugreport
+
+--
+
slim (CVE-2009-1756)
bug #529306
Maintainer notified through followup in #529306
More information about the Secure-testing-commits
mailing list