[Secure-testing-commits] r14214 - in data: . CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Sun Mar 7 21:03:18 UTC 2010 

Author: jmm-guest
Date: 2010-03-07 21:03:17 +0000 (Sun, 07 Mar 2010)
New Revision: 14214

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
puppet no-dsa
bugnums for linux-ftpd and libesmtp
samba/dir trav no-dsa
fix bugnum for kfreebsd


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-03-07 20:29:21 UTC (rev 14213)
+++ data/CVE/list	2010-03-07 21:03:17 UTC (rev 14214)
@@ -278,7 +278,7 @@
 	[lenny] - shibboleth-sp2 <no-dsa> (Minor issue)
 	- shibboleth-sp <not-affected> (Vulnerable code not present)
 CVE-2010-XXXX [libesmtp doesn't handle null bytes in commonname]
-	- libesmtp <unfixed> (bug filed)
+	- libesmtp <unfixed> (bug #572960)
 	NOTE: http://www.openwall.com/lists/oss-security/2010/03/03/6
 CVE-2010-XXXX [argyll unsafe udev rules]
 	- argyll <not-affected> (issue with redhat-specific changes to the package)
@@ -292,7 +292,7 @@
 	- drupal6 <unfixed> (bug #572439)
 	NOTE: http://drupal.org/node/731710
 CVE-2010-XXXX [linux-ftpd: null ptr dereference]
-	- linux-ftpd <unfixed>
+	- linux-ftpd <unfixed> (low; bug #572813)
 CVE-2010-XXXX [openssl power supply fluctuation fault-based key disclosure]
 	- openssl <unfixed> (low)
 	NOTE: http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf
@@ -1828,6 +1828,7 @@
 CVE-2010-0296 [samba directory traversal]
 	RESERVED
 	- samba <unfixed> (low; bug #568493; bug #572953)
+	[lenny] - samba <no-dsa> (Minor issue, patch breaks existing behaviour, can be fixed through configuration modifications)
 	NOTE: supposedly fixed upstream in 3.5.0
 CVE-2010-0295 (lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read ...)
 	{DSA-1987-1}
@@ -2214,6 +2215,7 @@
 	NOT-FOR-US: component for Joomla!
 CVE-2010-0156 (Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local ...)
 	- puppet 0.25.4-2
+	[lenny] - puppet <no-dsa> (Minor issue)
 CVE-2010-0155
 	RESERVED
 CVE-2010-0154
@@ -8690,9 +8692,9 @@
 CVE-2009-2650 (Heap-based buffer overflow in Sorcerer Software MultiMedia Jukebox 4.0 ...)
 	NOT-FOR-US: Sorcerer Software MultiMedia Jukebox
 CVE-2009-2649 (The IATA (ata) driver in FreeBSD 6.0 and 8.0, when read access to /dev ...)
-	- kfreebsd-8 <undetermined> (bug #527811)
-	- kfreebsd-7 <undetermined> (bug #527811)
-	- kfreebsd-6 <removed> (bug #527811)
+	- kfreebsd-8 <undetermined> (bug #572811)
+	- kfreebsd-7 <undetermined> (bug #572811)
+	- kfreebsd-6 <removed> (bug #572811)
 CVE-2009-2648 (FlashDen Guestbook allows remote attackers to obtain configuration ...)
 	NOT-FOR-US: FlashDen Guestbook
 CVE-2009-2647 (Unspecified vulnerability in Kaspersky Anti-Virus 2010 and Kaspersky ...)

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2010-03-07 20:29:21 UTC (rev 14213)
+++ data/spu-candidates.txt	2010-03-07 21:03:17 UTC (rev 14214)
@@ -339,6 +339,9 @@
 #551073
 notified maintainer in initial bug report
 
+CVE-2010-0156
+#https://bugzilla.redhat.com/show_bug.cgi?id=502881
+
 --
 
 python-4suite (CVE-2009-3560, CVE-2009-3720)

More information about the Secure-testing-commits mailing list