[Secure-testing-commits] r14212 - in data: . CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Sun Mar 7 20:19:00 UTC 2010 

Author: jmm-guest
Date: 2010-03-07 20:19:00 +0000 (Sun, 07 Mar 2010)
New Revision: 14212

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
shibboleth no-dsa
esmtp unimportant
sudo unimportant
add cups bugnum


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-03-07 20:01:52 UTC (rev 14211)
+++ data/CVE/list	2010-03-07 20:19:00 UTC (rev 14212)
@@ -266,14 +266,17 @@
 CVE-2009-4656 (Stack-based buffer overflow in E-Soft DJ Studio Pro 4.2 including ...)
 	NOT-FOR-US: E-Soft DJ Studio Pro
 CVE-2010-XXXX [sudo weakness]
-	- sudo <unfixed> (low; bug #567614)
+	- sudo <unfixed> (unimportant; bug #567614)
+	NOTE: Hardening configuration option, not a vulnerability
 CVE-2010-XXXX [esmtp: world-readable config file]
-	- esmtp 1.2-3 (low; bug #568925)
+	- esmtp 1.2-3 (unimportant; bug #568925)
+	NOTE: Documentation advises against adding password data to the respective config file
 CVE-2010-XXXX [irssi emote leak]
 	- irssi-plugin-otr <unfixed> (unimportant; bug #569506)
 CVE-2010-XXXX [shibboleth-sp2: world-readable key]
 	- shibboleth-sp2 <unfixed> (low; bug #571631)
-	- shibboleth-sp <removed> (low)
+	[lenny] - shibboleth-sp2 <no-dsa> (Minor issue)
+	- shibboleth-sp <not-affected> (Vulnerable code not present)
 CVE-2010-XXXX [libesmtp doesn't handle null bytes in commonname]
 	- libesmtp <unfixed>
 	NOTE: http://www.openwall.com/lists/oss-security/2010/03/03/6
@@ -1799,7 +1802,7 @@
 	- hybserv 1.9.2-4.1 (low; bug #550389)
 CVE-2010-0302 [cups denial-of-service]
 	RESERVED
-	- cups <unfixed> (bug filed)
+	- cups <unfixed> (bug #572940)
 	[lenny] - cups <no-dsa> (Minor issue)
 	- cupsys <not-affected> (vulnerable code introduced in 1.3.x)
 	NOTE: This is for an incomplete fix for CVE-2009-3553

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2010-03-07 20:01:52 UTC (rev 14211)
+++ data/spu-candidates.txt	2010-03-07 20:19:00 UTC (rev 14212)
@@ -353,6 +353,12 @@
 
 --
 
+shibboleth-sp2: world-readable key (no CVE)
+#571631
+notified maintainer through bugreport
+
+--
+
 slim (CVE-2009-1756)
 bug #529306
 Maintainer notified through followup in #529306

More information about the Secure-testing-commits mailing list