[Secure-testing-commits] r14241 - in data: . CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Wed Mar 10 20:26:48 UTC 2010
Author: jmm-guest
Date: 2010-03-10 20:26:46 +0000 (Wed, 10 Mar 2010)
New Revision: 14241
Modified:
data/CVE/list
data/embedded-code-copies
data/spu-candidates.txt
Log:
- libpurple/qutecom code copy fixed
- new minor mediawiki issues
- cpio/tar maintainers notified about no-dsa for minor rmt issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-03-10 20:23:36 UTC (rev 14240)
+++ data/CVE/list 2010-03-10 20:26:46 UTC (rev 14241)
@@ -1,5 +1,13 @@
CVE-2010-XXXX [spamass-milter report on full-disclosure]
- spamass-milter <unfixed> (bug #573228)
+CVE-2010-XXXX [mediawiki CSS validation]
+ - mediawiki <unfixed> (low)
+ TODO: File bug
+ NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html
+CVE-2010-XXXX [mediawiki data leak in thumb.php]
+ - mediawiki <unfixed> (low)
+ TODO: File bug
+ NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html
CVE-2010-0946 (SQL injection vulnerability in the Keep It Simple Stupid (KISS) ...)
TODO: check
CVE-2010-0945 (SQL injection vulnerability in the HotBrackets Tournament Brackets ...)
@@ -1392,7 +1400,7 @@
- pidgin 2.6.6-1 (low)
- gaim <removed> (low)
[lenny] - gaim <not-affected> (gaim is a transitional dummy package only)
- - qutecom <undetermined> (low; bug #572946)
+ - qutecom 2.2~rc3.hg396~dfsg1-6 (low; bug #572946)
CVE-2010-0422 (gnome-screensaver 2.28.x before 2.28.3 does not properly synchronize ...)
- gnome-screensaver 2.28.3-1
[lenny] - gnome-screensaver <not-affected> (Vulnerable code not present)
@@ -1402,7 +1410,7 @@
- pidgin 2.6.6-1 (low)
- gaim <removed> (low)
[lenny] - gaim <not-affected> (gaim is a transitional dummy package only)
- - qutecom <undetermined> (low; bug #572946)
+ - qutecom 2.2~rc3.hg396~dfsg1-6 (low; bug #572946)
CVE-2010-0419 (The x86 emulator in KVM 83, when a guest is configured for Symmetric ...)
TODO: check
CVE-2010-0418
@@ -1960,7 +1968,7 @@
- pidgin 2.6.6-1 (low; bug #566775)
- gaim <removed> (low)
[lenny] - gaim <not-affected> (gaim is a transitional dummy package only)
- - qutecom <undetermined> (low; bug #572946)
+ - qutecom 2.2~rc3.hg396~dfsg1-6 (low; bug #572946)
CVE-2010-0276 (IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for ...)
NOT-FOR-US: IBM Lotus iNotes
CVE-2010-0275 (Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) ...)
Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies 2010-03-10 20:23:36 UTC (rev 14240)
+++ data/embedded-code-copies 2010-03-10 20:26:46 UTC (rev 14241)
@@ -1064,9 +1064,9 @@
- pdkim <itp> (embed; bug #543150)
- xyssl <unfixed> (old-version)
-pidgin
+pidgin (libpurple)
- gaim <removed> (old-version)
- - qutecom <unfixed> (embed; bug #559785)
+ - qutecom 2.2~rc3.hg396~dfsg1-6 (embed; bug #559785)
icu
- webkit 1.0.1-1 (embed; bug #547214)
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2010-03-10 20:23:36 UTC (rev 14240)
+++ data/spu-candidates.txt 2010-03-10 20:26:46 UTC (rev 14241)
@@ -55,6 +55,11 @@
--
+cpio (CVE-2010-0624)
+notified maintainer
+
+--
+
cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked
#528434
notified maintainer
@@ -395,6 +400,11 @@
--
+tar (CVE-2010-0624)
+notified maintainer
+
+--
+
tau (CVE-2008-5157)
#506348
notified maintainer
More information about the Secure-testing-commits
mailing list