[Secure-testing-commits] r14241 - in data: . CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Wed Mar 10 20:26:48 UTC 2010


Author: jmm-guest
Date: 2010-03-10 20:26:46 +0000 (Wed, 10 Mar 2010)
New Revision: 14241

Modified:
   data/CVE/list
   data/embedded-code-copies
   data/spu-candidates.txt
Log:
- libpurple/qutecom code copy fixed
- new minor mediawiki issues
- cpio/tar maintainers notified about no-dsa for minor rmt issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-03-10 20:23:36 UTC (rev 14240)
+++ data/CVE/list	2010-03-10 20:26:46 UTC (rev 14241)
@@ -1,5 +1,13 @@
 CVE-2010-XXXX [spamass-milter report on full-disclosure]
 	- spamass-milter <unfixed> (bug #573228)
+CVE-2010-XXXX [mediawiki CSS validation]
+	- mediawiki <unfixed> (low)
+	TODO: File bug
+	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html
+CVE-2010-XXXX [mediawiki data leak in thumb.php]
+	- mediawiki <unfixed> (low)
+	TODO: File bug
+	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html
 CVE-2010-0946 (SQL injection vulnerability in the Keep It Simple Stupid (KISS) ...)
 	TODO: check
 CVE-2010-0945 (SQL injection vulnerability in the HotBrackets Tournament Brackets ...)
@@ -1392,7 +1400,7 @@
 	- pidgin 2.6.6-1 (low)
 	- gaim <removed> (low)
 	[lenny] - gaim <not-affected> (gaim is a transitional dummy package only)
-	- qutecom <undetermined> (low; bug #572946)
+	- qutecom 2.2~rc3.hg396~dfsg1-6 (low; bug #572946)
 CVE-2010-0422 (gnome-screensaver 2.28.x before 2.28.3 does not properly synchronize ...)
 	- gnome-screensaver 2.28.3-1
 	[lenny] - gnome-screensaver <not-affected> (Vulnerable code not present)
@@ -1402,7 +1410,7 @@
 	- pidgin 2.6.6-1 (low)
 	- gaim <removed> (low)
 	[lenny] - gaim <not-affected> (gaim is a transitional dummy package only)
-	- qutecom <undetermined> (low; bug #572946)
+	- qutecom 2.2~rc3.hg396~dfsg1-6 (low; bug #572946)
 CVE-2010-0419 (The x86 emulator in KVM 83, when a guest is configured for Symmetric ...)
 	TODO: check
 CVE-2010-0418
@@ -1960,7 +1968,7 @@
 	- pidgin 2.6.6-1 (low; bug #566775)
 	- gaim <removed> (low)
 	[lenny] - gaim <not-affected> (gaim is a transitional dummy package only)
-	- qutecom <undetermined> (low; bug #572946)
+	- qutecom 2.2~rc3.hg396~dfsg1-6 (low; bug #572946)
 CVE-2010-0276 (IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for ...)
 	NOT-FOR-US: IBM Lotus iNotes
 CVE-2010-0275 (Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) ...)

Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies	2010-03-10 20:23:36 UTC (rev 14240)
+++ data/embedded-code-copies	2010-03-10 20:26:46 UTC (rev 14241)
@@ -1064,9 +1064,9 @@
 	- pdkim <itp> (embed; bug #543150)
 	- xyssl <unfixed> (old-version)
 
-pidgin
+pidgin (libpurple)
 	- gaim <removed> (old-version)
-	- qutecom <unfixed> (embed; bug #559785)
+	- qutecom 2.2~rc3.hg396~dfsg1-6 (embed; bug #559785)
 
 icu
 	- webkit 1.0.1-1 (embed; bug #547214)

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2010-03-10 20:23:36 UTC (rev 14240)
+++ data/spu-candidates.txt	2010-03-10 20:26:46 UTC (rev 14241)
@@ -55,6 +55,11 @@
 
 --
 
+cpio (CVE-2010-0624)
+notified maintainer
+
+--
+
 cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked
 #528434
 notified maintainer
@@ -395,6 +400,11 @@
 
 --
 
+tar (CVE-2010-0624)
+notified maintainer
+
+--
+
 tau (CVE-2008-5157)
 #506348
 notified maintainer




More information about the Secure-testing-commits mailing list