[Secure-testing-commits] r14348 - data/CVE

Giuseppe Iuculano derevko-guest at alioth.debian.org
Mon Mar 29 09:48:13 UTC 2010 

Author: derevko-guest
Date: 2010-03-29 09:48:13 +0000 (Mon, 29 Mar 2010)
New Revision: 14348

Modified:
   data/CVE/list
Log:
- NFU
- filed some bugs
- CVE-2010-1100: Integer overflow in Arora
- CVE-2009-4612 and CVE-2009-4611 are fixed in jetty 6.1.22-1
- CVE-2009-2902, CVE-2009-2693 and CVE-2009-2901 are fixed in tomcat6 6.0.24-1
- gnome-vfs2 was removed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-03-28 21:39:25 UTC (rev 14347)
+++ data/CVE/list	2010-03-29 09:48:13 UTC (rev 14348)
@@ -43,13 +43,13 @@
 CVE-2010-1104 (Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, ...)
 	TODO: check
 CVE-2010-1103 (Integer overflow in Stainless allows remote attackers to bypass ...)
-	TODO: check
+	NOT-FOR-US: Stainless
 CVE-2010-1102 (Integer overflow in OmniWeb allows remote attackers to bypass intended ...)
 	NOT-FOR-US: OmniWeb
 CVE-2010-1101 (Integer overflow in Alexander Clauss iCab allows remote attackers to ...)
 	NOT-FOR-US: Alexander Clauss iCab
 CVE-2010-1100 (Integer overflow in Arora allows remote attackers to bypass intended ...)
-	TODO: check
+	- arora <unfixed> (bug #575785)
 CVE-2010-1099 (Integer overflow in Apple Safari allows remote attackers to bypass ...)
 	TODO: check
 CVE-2010-1098 (The ANI parser in Microsoft Windows before 7 on the x86 platform, as ...)
@@ -1076,7 +1076,7 @@
 CVE-2010-0737
 	RESERVED
 CVE-2010-0736 (Cross-site scripting (XSS) vulnerability in the view_queryform ...)
-	TODO: check
+	- viewvc <unfixed> (bug #575787)
 CVE-2010-0735
 	REJECTED
 CVE-2010-0734 (content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is ...)
@@ -2344,17 +2344,13 @@
 	- zendframework 1.9.7-1
 	NOTE: http://framework.zend.com/security/advisory/ZF2010-01 - ZF2010-06
 CVE-2009-4612 (Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP ...)
-	- jetty <undetermined>
-	TODO: check
+	- jetty 6.1.22-1 (bug #575789)
 CVE-2009-4611 (Mort Bay Jetty 6.x and 7.0.0 writes backtrace data without sanitizing ...)
-	- jetty <undetermined>
-	TODO: check
+	- jetty 6.1.22-1
 CVE-2009-4610 (Multiple cross-site scripting (XSS) vulnerabilities in Mort Bay Jetty ...)
-	- jetty <undetermined>
-	TODO: check
+	- jetty <unfixed> (low; bug #575790)
 CVE-2009-4609 (The Dump Servlet in Mort Bay Jetty 6.x and 7.0.0 allows remote ...)
-	- jetty <undetermined>
-	TODO: check
+	- jetty <unfixed> (low; bug #575791)
 CVE-2010-0309 (The pit_ioport_read function in the Programmable Interval Timer (PIT) ...)
 	{DSA-2010-1 DSA-1996-1}
 	- linux-2.6 2.6.32-8 
@@ -3783,11 +3779,9 @@
 	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
 	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.28)
 CVE-2010-0005 (query.py in the query interface in ViewVC before 1.1.3 does not reject ...)
-	- viewvc <unfixed>
-	TODO: check
+	- viewvc <unfixed> (bug #575777)
 CVE-2010-0004 (ViewVC before 1.1.3 composes the root listing view without using the ...)
-	- viewvc <unfixed>
-	TODO: check
+	- viewvc <unfixed> (bug #575777)
 CVE-2010-0003 (The print_fatal_signal function in kernel/signal.c in the Linux kernel ...)
 	{DSA-2005-1 DSA-1996-1}
 	- linux-2.6 2.6.32-6
@@ -8282,12 +8276,11 @@
 	- linux-2.6 2.6.31-1 (low)
 	- linux-2.6.24 <removed> (low)
 CVE-2009-2902 (Directory traversal vulnerability in Apache Tomcat 5.5.0 through ...)
-	- tomcat6 <unfixed>
+	- tomcat6 6.0.24-1 (low)
 	- tomcat5 <removed>
-	TODO: check
 	NOTE: tomcat 5.0 (in etch) is unsupported by upstream and may also be affected
 CVE-2009-2901 (The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and ...)
-	- tomcat6 <unfixed>
+	- tomcat6 6.0.24-1 (low)
 	- tomcat5 <removed>
 	TODO: check
 	NOTE: tomcat 5.0 (in etch) is unsupported by upstream and may also be affected
@@ -9105,7 +9098,7 @@
 	[lenny] - gaim <not-affected> (Only a transitional package)
 	- gaim <removed>
 CVE-2009-2693 (Directory traversal vulnerability in Apache Tomcat 5.5.0 through ...)
-	- tomcat6 <unfixed>
+	- tomcat6 6.0.24-1 (low)
 	- tomcat5 <removed>
 	TODO: check
 	NOTE: tomcat 5.0 (in etch) is unsupported by upstream and may also be affected
@@ -9757,7 +9750,7 @@
 	[lenny] - neon26 <no-dsa> (Minor issue)
 	- neon <removed> (low; bug #542926)
 	[etch] - neon <no-dsa> (Minor issue)
-	- gnome-vfs2 <unfixed>
+	- gnome-vfs2 <removed>
 	NOTE: affected neon code copy present in gnome-vfs2 [./imported/*]
 	- litmus <removed>
 	NOTE: affected neon code copy present in litmus [./libneon/*]
@@ -11317,7 +11310,7 @@
 CVE-2009-1904 (The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 ...)
 	{DSA-1860-1}
 	- ruby1.8 1.8.7.173-1 (low; bug #532689)
-	- ruby1.9 <unfixed>
+	- ruby1.9 <unfixed> (bug #575778)
 	NOTE: http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/
 CVE-2009-1903 (The PDF XSS protection feature in ModSecurity before 2.5.8 allows ...)
 	- libapache-mod-security 2.5.9-1 
@@ -13778,7 +13771,7 @@
 CVE-2009-1188 (Integer overflow in the JBIG2 decoding feature in the ...)
 	- poppler 0.10.6-1 (medium; bug #524806)
 	[etch] - poppler <not-affected> (SplashBitmap code not present)
-	- xpdf <unfixed>
+	- xpdf <unfixed> (bug #575779)
 	- kdegraphics 4:4.0
 	- swftools <removed>
 CVE-2009-1187 (Integer overflow in the JBIG2 decoding feature in Poppler before ...)
@@ -17406,7 +17399,7 @@
 	- dia 0.96.1-7.1 (low; bug #504251)
 	[etch] - dia <no-dsa> (Minor issue, only vulnerable when called from certain dir)
 CVE-2008-5983 (Untrusted search path vulnerability in the PySys_SetArgv API function ...)
-	- python3.1 <unfixed> (low)
+	- python3.1 <unfixed> (low; bug #575780)
 	- python2.6 <unfixed> (low; bug #572010)
 	- python2.5 <unfixed> (low)
 	[etch] - python2.5 <no-dsa> (Minor issue)

More information about the Secure-testing-commits mailing list