[Secure-testing-commits] r14347 - in data: . CVE

Giuseppe Iuculano derevko-guest at alioth.debian.org
Sun Mar 28 21:39:26 UTC 2010 

Author: derevko-guest
Date: 2010-03-28 21:39:25 +0000 (Sun, 28 Mar 2010)
New Revision: 14347

Modified:
   data/CVE/list
   data/problematic-packages
Log:
filed some bugs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-03-28 21:14:42 UTC (rev 14346)
+++ data/CVE/list	2010-03-28 21:39:25 UTC (rev 14347)
@@ -1395,7 +1395,7 @@
 CVE-2010-0629
 	RESERVED
 CVE-2010-0628 (The spnego_gss_accept_sec_context function in ...)
-	- krb5 <unfixed>
+	- krb5 <unfixed> (bug #575740)
 	[lenny] - krb5 <not-affected> (Only affects 1.7/1.8)
 CVE-2010-XXXX [CouchDB: browser interface has XSS, CSRF issues]
 	- couchdb <unfixed> (bug #570013)
@@ -2365,7 +2365,7 @@
 CVE-2010-0308 (lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through ...)
 	{DSA-1991-1}
 	- squid 2.7.STABLE8-1
-	- squid3 <unfixed>
+	- squid3 <unfixed> (bug #575747)
 CVE-2010-0307 (The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel ...)
 	{DSA-1996-1}
 	- linux-2.6 2.6.32-8
@@ -2467,7 +2467,7 @@
 CVE-2010-0281
 	RESERVED
 CVE-2010-0280 (Array index error in Jan Eric Kyprianidis lib3ds 1.x, as used in ...)
-	- lib3ds <unfixed> (low)
+	- lib3ds <unfixed> (low; bug #575741)
 	[lenny] - lib3ds <no-dsa> (Minor issue)
 	[etch] - lib3ds <no-dsa> (Minor issue)
 	NOTE: http://www.coresecurity.com/content/google-sketchup-vulnerability
@@ -3103,7 +3103,7 @@
 CVE-2009-4498 (The node_process_command function in Zabbix Server before 1.8 allows ...)
 	- zabbix 1:1.8-1 (bug #562613)
 CVE-2009-4497 (Cross-site scripting (XSS) vulnerability in LXR Cross Referencer 0.9.5 ...)
-	- lxr-cvs <unfixed>
+	- lxr-cvs <unfixed> (bug #575745)
 	NOTE: http://sourceforge.net/mailarchive/forum.php?thread_name=E1NS2s4-0001PE-F2@3bkjzd1.ch3.sourceforge.com&forum_name=lxr-developer
 CVE-2009-4496 (Boa 0.94.14rc21 writes data to a log file without sanitizing ...)
 	- boa <unfixed> (unimportant)
@@ -4676,10 +4676,10 @@
 CVE-2009-3997 (Integer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in ...)
 	NOT-FOR-US: winamp
 CVE-2009-3996 (Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder ...)
-	- libmikmod <unfixed>
+	- libmikmod <unfixed> (bug #575742)
 	NOTE: http://secunia.com/secunia_research/2009-55/
 CVE-2009-3995 (Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module ...)
-	- libmikmod <unfixed>
+	- libmikmod <unfixed> (bug #575742)
 	NOTE: http://secunia.com/secunia_research/2009-55/
 CVE-2009-3994 (Stack-based buffer overflow in the GetUID function in ...)
 	- devil 1.7.8-6 (low; bug #560080)
@@ -6475,7 +6475,7 @@
 	[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
 	[lenny] - xulrunner <not-affected> (Video playback capabilities were added in 3.5)
 CVE-2009-3388 (liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before ...)
-	- liboggplay <unfixed>
+	- liboggplay <unfixed> (bug #575743)
 	- xulrunner 1.9.1.6-1
 	[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
 	[lenny] - xulrunner <not-affected> (Video playback capabilities were added in 3.5)

Modified: data/problematic-packages
===================================================================
--- data/problematic-packages	2010-03-28 21:14:42 UTC (rev 14346)
+++ data/problematic-packages	2010-03-28 21:39:25 UTC (rev 14347)
@@ -46,3 +46,7 @@
 polipo (Dec 2009)
 maintainer seems inactive
 
+---
+
+libmikmod (Mar 2010)
+maintainer seems MIA, latest upload in 2004

More information about the Secure-testing-commits mailing list