[Secure-testing-commits] r14249 - in data: . CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Thu Mar 11 19:44:36 UTC 2010


Author: jmm-guest
Date: 2010-03-11 19:44:35 +0000 (Thu, 11 Mar 2010)
New Revision: 14249

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
- mod-security fixed
- cpio fixed
- removed temp entries for moin issues already CVEfied


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-03-11 18:48:23 UTC (rev 14248)
+++ data/CVE/list	2010-03-11 19:44:35 UTC (rev 14249)
@@ -705,13 +705,16 @@
 CVE-2010-0670 (Unspecified vulnerability in the IP-Tech JQuarks (com_jquarks) ...)
 	NOT-FOR-US: IP-Tech JQuarks (com_jquarks) Component
 CVE-2010-0669 (MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly ...)
-	- moin 1.9.2-1
+	- moin 1.9.2-1 (bug #569975)
 CVE-2010-0668 (Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x ...)
-	- moin 1.9.2-1
+	- moin 1.9.2-1 (bug #569975)
 CVE-2010-0667 (MoinMoin 1.9 before 1.9.1 does not perform the expected clearing of ...)
 	- moin 1.9.1-1
 	[lenny] - moin <not-affected> (versions before 1.9 are not affected)
 	[etch] - moin <not-affected> (versions before 1.9 are not affected)
+	NOTE: http://hg.moinmo.in/moin/1.9/rev/9d8e7ce3c3a2
+	NOTE: http://hg.moinmo.in/moin/1.9/rev/04afdde50094
+	NOTE: http://moinmo.in/MoinMoinChat/Logs/moin-dev/2010-01-18
 CVE-2010-0666 (Unspecified vulnerability in eMBox in Novell eDirectory 8.8 SP5 Patch ...)
 	NOT-FOR-US: Novell eDirectory
 CVE-2010-0665 (JAG (Just Another Guestbook) 1.14 stores sensitive information under ...)
@@ -873,7 +876,7 @@
 	RESERVED
 CVE-2010-0624 [heap overflow in rmt implementation of tar/cpio]
 	RESERVED
-	- cpio <unfixed> (low)
+	- cpio 2.11-1 (low)
 	- tar 1.23-1 (low)
 	[lenny] - cpio <no-dsa> (Minor issue)
 	[lenny] - tar <no-dsa> (Minor issue)
@@ -1003,7 +1006,7 @@
 CVE-2001-1586 (Directory traversal vulnerability in SimpleServer:WWW 1.13 and earlier ...)
 	NOT-FOR-US: Data pre-dating the Security Tracker
 CVE-2010-XXXX [multiple mod_security issues]
-	- libapache-mod-security <unfixed> (bug #569658)
+	- libapache-mod-security 2.5.12-1 (bug #569658)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=563455
 	TODO: check
 CVE-2010-0623 (The futex_lock_pi function in kernel/futex.c in the Linux kernel ...)
@@ -1299,10 +1302,6 @@
 	- qt4-x11 <unfixed> (unimportant)
 	- kdelibs <unfixed> (unimportant)
 	- kde4libs <unfixed> (unimportant)
-CVE-2010-XXXX [moinmoin unspecified issue]
-	- moin <unfixed> (bug #569975)
-	NOTE: http://moinmo.in/SecurityFixes
-	NOTE: "you can avoid the issue by not having any user names in your superuser list"
 CVE-2010-0466
 	RESERVED
 CVE-2010-0465
@@ -1635,15 +1634,6 @@
 	NOT-FOR-US: IBM Lotus Domino
 CVE-2010-0357 (Cross-site scripting (XSS) vulnerability in the Login page in IBM ...)
 	NOT-FOR-US: IBM Lotus Web Content Management
-CVE-2010-XXXX [MoinMoin sys.argv information disclosure]
-	- moin <unfixed>
-	[etch] - moin <not-affected>
-	[lenny] - moin <not-affected>
-	NOTE: pre 1.9 are said not to be affected, marking them as such for now
-	NOTE: http://hg.moinmo.in/moin/1.9/rev/9d8e7ce3c3a2
-	NOTE: http://hg.moinmo.in/moin/1.9/rev/04afdde50094
-	NOTE: http://moinmo.in/MoinMoinChat/Logs/moin-dev/2010-01-18
-	TODO: check
 CVE-2010-0356 (Stack-based buffer overflow in the MOVIEPLAYER.MoviePlayerCtrl.1 ...)
 	NOT-FOR-US: ActiveX
 CVE-2010-0355

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2010-03-11 18:48:23 UTC (rev 14248)
+++ data/spu-candidates.txt	2010-03-11 19:44:35 UTC (rev 14249)
@@ -400,11 +400,6 @@
 
 --
 
-tar (CVE-2010-0624)
-notified maintainer
-
---
-
 tau (CVE-2008-5157)
 #506348
 notified maintainer




More information about the Secure-testing-commits mailing list