[Secure-testing-commits] r14621 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Fri May 7 17:40:58 UTC 2010 

Author: jmm-guest
Date: 2010-05-07 17:40:57 +0000 (Fri, 07 May 2010)
New Revision: 14621

Modified:
   data/CVE/list
Log:
- jboss in the archive, needs to be checked
- new texlive issues
- new dvipng issue
- yui unimportant
- new unimportant wireshark issue 
- gdomap CVEfied


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-05-07 17:40:07 UTC (rev 14620)
+++ data/CVE/list	2010-05-07 17:40:57 UTC (rev 14621)
@@ -1,7 +1,3 @@
-CVE-2010-XXXX [gdomap file disclosure]
-	- gnustep-base-runtime <unfixed>
-	[lenny] - gnustep-base-runtime <not-affected> (Not installed setuid root)
-	NOTE: http://thread.gmane.org/gmane.comp.lib.gnustep.bugs/12336
 CVE-2010-1723 (Directory traversal vulnerability in the iNetLanka Contact Us Draw ...)
 	TODO: check
 CVE-2010-1722 (Directory traversal vulnerability in the Online Market (com_market) ...)
@@ -243,7 +239,7 @@
 CVE-2010-1597 (Stack-based buffer overflow in zgtips.dll in ZipGenius 6.3.1.2552 ...)
 	NOT-FOR-US: ZipGenius
 CVE-2009-4834 (lib.php in Zeroboard 4.1 pl7 allows remote attackers to execute ...)
-	TODO: check
+	NOT-FOR-US: Zeroboard
 CVE-2009-4833 (MySQL Connector/NET before 6.0.4, when using encryption, does not ...)
 	NOT-FOR-US: MySQL Connector/NET
 CVE-2009-4832 (The dlpcrypt.sys kernel driver 0.1.1.27 in DESlock+ 4.0.2 allows local ...)
@@ -715,12 +711,17 @@
 	[lenny] - fetchmail <no-dsa> (only vulnerable when run under debug verbosity level)
 	NOTE: http://www.fetchmail.info/fetchmail-SA-2010-02.txt
 	NOTE: http://gitorious.org/fetchmail/fetchmail/commit/ec06293
-CVE-2010-1457
+CVE-2010-1457 [gdomap file disclosure]
 	RESERVED
+	- gnustep-base-runtime <unfixed>
+	[lenny] - gnustep-base-runtime <not-affected> (Not installed setuid root)
+	NOTE: http://thread.gmane.org/gmane.comp.lib.gnustep.bugs/12336
 CVE-2010-1456
 	RESERVED
-CVE-2010-1455
+CVE-2010-1455 [DOCSIS wireshark]
 	RESERVED
+	- wireshark <unfixed> (unimportant)
+	NOTE: Not triggerable remotely
 CVE-2010-1454
 	RESERVED
 CVE-2010-1453
@@ -766,6 +767,7 @@
 	NOTE: http://www.videolan.org/security/sa1003.html
 CVE-2010-1440
 	RESERVED
+	- texlive-bin <unfixed> (low)
 CVE-2010-1439
 	RESERVED
 CVE-2010-1438
@@ -1101,6 +1103,7 @@
 	RESERVED
 CVE-2010-1284
 	RESERVED
+	- texlive-bin <unfixed> (low)
 CVE-2010-1283
 	RESERVED
 CVE-2010-1282
@@ -2441,8 +2444,9 @@
 	RESERVED
 CVE-2010-0830
 	RESERVED
-CVE-2010-0829
+CVE-2010-0829 
 	RESERVED
+	- dvipng <unfixed> (low; bug filed)
 CVE-2010-0828 (Cross-site scripting (XSS) vulnerability in action/Despam.py in the ...)
 	{DSA-2024-1}
 	- moin 1.9.2-3 (low; bug #575995)
@@ -2724,7 +2728,7 @@
 	- texlive-bin <unfixed> (low)
 	[lenny] - texlive-bin <no-dsa> (minor issue)
 CVE-2010-0738 (The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise ...)
-	NOT-FOR-US: Red Hat JBoss Enterprise Application Platform
+	- jbossas4 <undetermined>
 CVE-2010-0737
 	RESERVED
 CVE-2010-0736 (Cross-site scripting (XSS) vulnerability in the view_queryform ...)
@@ -3899,7 +3903,7 @@
 CVE-2010-XXXX [makepasswd: insecure passwords generated with default settings]
 	- makepasswd 1.10-5 (low; bug #564559)
 	[lenny] - makepasswd <no-dsa> (Minor issue)
-CVE-2010-XXXX [mydms multiple issues]
+CVE-2010-XXXX [mydm multiple issues]
 	- mydms <unfixed> (low)
 	TODO: write bug report
 	NOTE: http://seclists.org/fulldisclosure/2010/Jan/267
@@ -8822,7 +8826,8 @@
 	[etch] - libaws <no-dsa> (minor issue)
 	[lenny] - libaws <no-dsa> (minor issue)
 	- libjson-ruby 1.1.4-1 (low; bug #555223)
-	[lenny] - libjson-ruby 1.1.2-1+lenny1
+	[lenny] - libjson-ruby <no-dsa> (Minor issue)
+	TODO: next point update [lenny] - libjson-ruby 1.1.2-1+lenny1
 	- lucene2 2.9.1+ds1-2 (unimportant; bug #555225)
 	[etch] - lucene2 <not-affected> (prototype.js not present)
 	NOTE: prototype.js copy unused per #555225
@@ -45910,7 +45915,7 @@
 CVE-2007-2386 (Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 ...)
 	NOT-FOR-US: Apple mDNSResponder
 CVE-2007-2385 (The Yahoo! UI framework exchanges data using JavaScript Object ...)
-	- yui <unfixed> (low; bug #557745)
+	- yui <unfixed> (unimportant; bug #557745)
 	- bcfg2 <not-affected> (present in source but not included in any binary files)
 	- serendipity <unfixed> (low; bug #557746)
 	- moodle <not-affected> (uses system libjs-yui)

More information about the Secure-testing-commits mailing list