[Secure-testing-commits] r14347 - in data: . CVE
Giuseppe Iuculano
derevko-guest at alioth.debian.org
Sun Mar 28 21:39:26 UTC 2010
Author: derevko-guest
Date: 2010-03-28 21:39:25 +0000 (Sun, 28 Mar 2010)
New Revision: 14347
Modified:
data/CVE/list
data/problematic-packages
Log:
filed some bugs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-03-28 21:14:42 UTC (rev 14346)
+++ data/CVE/list 2010-03-28 21:39:25 UTC (rev 14347)
@@ -1395,7 +1395,7 @@
CVE-2010-0629
RESERVED
CVE-2010-0628 (The spnego_gss_accept_sec_context function in ...)
- - krb5 <unfixed>
+ - krb5 <unfixed> (bug #575740)
[lenny] - krb5 <not-affected> (Only affects 1.7/1.8)
CVE-2010-XXXX [CouchDB: browser interface has XSS, CSRF issues]
- couchdb <unfixed> (bug #570013)
@@ -2365,7 +2365,7 @@
CVE-2010-0308 (lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through ...)
{DSA-1991-1}
- squid 2.7.STABLE8-1
- - squid3 <unfixed>
+ - squid3 <unfixed> (bug #575747)
CVE-2010-0307 (The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel ...)
{DSA-1996-1}
- linux-2.6 2.6.32-8
@@ -2467,7 +2467,7 @@
CVE-2010-0281
RESERVED
CVE-2010-0280 (Array index error in Jan Eric Kyprianidis lib3ds 1.x, as used in ...)
- - lib3ds <unfixed> (low)
+ - lib3ds <unfixed> (low; bug #575741)
[lenny] - lib3ds <no-dsa> (Minor issue)
[etch] - lib3ds <no-dsa> (Minor issue)
NOTE: http://www.coresecurity.com/content/google-sketchup-vulnerability
@@ -3103,7 +3103,7 @@
CVE-2009-4498 (The node_process_command function in Zabbix Server before 1.8 allows ...)
- zabbix 1:1.8-1 (bug #562613)
CVE-2009-4497 (Cross-site scripting (XSS) vulnerability in LXR Cross Referencer 0.9.5 ...)
- - lxr-cvs <unfixed>
+ - lxr-cvs <unfixed> (bug #575745)
NOTE: http://sourceforge.net/mailarchive/forum.php?thread_name=E1NS2s4-0001PE-F2@3bkjzd1.ch3.sourceforge.com&forum_name=lxr-developer
CVE-2009-4496 (Boa 0.94.14rc21 writes data to a log file without sanitizing ...)
- boa <unfixed> (unimportant)
@@ -4676,10 +4676,10 @@
CVE-2009-3997 (Integer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in ...)
NOT-FOR-US: winamp
CVE-2009-3996 (Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder ...)
- - libmikmod <unfixed>
+ - libmikmod <unfixed> (bug #575742)
NOTE: http://secunia.com/secunia_research/2009-55/
CVE-2009-3995 (Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module ...)
- - libmikmod <unfixed>
+ - libmikmod <unfixed> (bug #575742)
NOTE: http://secunia.com/secunia_research/2009-55/
CVE-2009-3994 (Stack-based buffer overflow in the GetUID function in ...)
- devil 1.7.8-6 (low; bug #560080)
@@ -6475,7 +6475,7 @@
[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
[lenny] - xulrunner <not-affected> (Video playback capabilities were added in 3.5)
CVE-2009-3388 (liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before ...)
- - liboggplay <unfixed>
+ - liboggplay <unfixed> (bug #575743)
- xulrunner 1.9.1.6-1
[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
[lenny] - xulrunner <not-affected> (Video playback capabilities were added in 3.5)
Modified: data/problematic-packages
===================================================================
--- data/problematic-packages 2010-03-28 21:14:42 UTC (rev 14346)
+++ data/problematic-packages 2010-03-28 21:39:25 UTC (rev 14347)
@@ -46,3 +46,7 @@
polipo (Dec 2009)
maintainer seems inactive
+---
+
+libmikmod (Mar 2010)
+maintainer seems MIA, latest upload in 2004
More information about the Secure-testing-commits
mailing list