[Secure-testing-commits] r14228 - data/CVE

[Giuseppe Iuculano]

Author: derevko-guest
Date: 2010-03-08 23:35:36 +0000 (Mon, 08 Mar 2010)
New Revision: 14228

Modified:
   data/CVE/list
Log:
- bind in unstable fixed three issues
- CVE-2010-0295 fixed in lighttpd 1.4.26-1


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-03-08 23:16:57 UTC (rev 14227)
+++ data/CVE/list	2010-03-08 23:35:36 UTC (rev 14228)
@@ -1485,8 +1485,7 @@
 	TODO: check
 	NOTE: This doesn't seem a security issue, old clients won't accept two directory authorities anymore due to the renewed keys
 CVE-2010-0382 (ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before ...)
-	- bind9 <unfixed>
-	TODO: check
+	- bind9 1:9.7.0.dfsg-1
 CVE-2010-0381 (SQL injection vulnerability in modules/arcade/index.php in PHP MySpace ...)
 	NOT-FOR-US: PHP MySpace Gold Edition
 CVE-2010-0380 (install.php in JCE-Tech PHP Calendars, downloaded 20100121, allows ...)
@@ -1826,7 +1825,7 @@
 	NOTE: supposedly fixed upstream in 3.5.0
 CVE-2010-0295 (lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read ...)
 	{DSA-1987-1}
-	- lighttpd <unfixed> (medium)
+	- lighttpd 1.4.26-1 (medium)
 CVE-2010-0294 (chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a ...)
 	{DSA-1992-1}
 	- chrony 1.23-7 (low)
@@ -1840,7 +1839,7 @@
 	{DSA-2005-1 DSA-1996-1}
 	- linux-2.6 2.6.32-6
 CVE-2010-0290 (Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before ...)
-	- bind9 <unfixed>
+	- bind9 1:9.7.0.dfsg-1 (medium)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=554851#c7
 CVE-2010-0289 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ACL ...)
 	{DSA-1976-1}
@@ -2420,8 +2419,7 @@
 CVE-2010-0098
 	RESERVED
 CVE-2010-0097 (ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before ...)
-	- bind9 <unfixed>
-	TODO: check
+	- bind9 1:9.7.0.dfsg-1
 CVE-2010-0096
 	RESERVED
 CVE-2009-4538 (drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel ...)