[Secure-testing-commits] r14754 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Tue May 25 21:46:44 UTC 2010 

Author: jmm-guest
Date: 2010-05-25 21:46:43 +0000 (Tue, 25 May 2010)
New Revision: 14754

Modified:
   data/CVE/list
Log:
- systemtap fixed
- wicd not in Lenny
- older php issues also only exploitable through malicious script
- gnustep-base no-dsa
- orca issue not in Lenny
- transmission issue doesn't affect Lenny
- xulrunner no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-05-25 21:42:06 UTC (rev 14753)
+++ data/CVE/list	2010-05-25 21:46:43 UTC (rev 14754)
@@ -381,6 +381,7 @@
 	NOT-FOR-US: Pay Per Watch & Bid Auktions System
 CVE-2010-1853 (Multiple stack-based buffer overflows in the tr_magnetParse function ...)
 	- transmission 1.92-1
+	[lenny] - transmission <not-affected> (Support for Magnet links not yet available)
 CVE-2010-1852 (Microsoft Internet Explorer, when the Invisible Hand extension is ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2010-1851 (Google Chrome, when the Invisible Hand extension is enabled, uses ...)
@@ -455,7 +456,6 @@
 	[lenny] - serendipity <not-affected> (Only affects >= 1.4)
 CVE-2010-XXXX [wicd changes permissions of resolv.conf]
 	- wicd 1.7.0+ds1-3 (low; bug #582798)
-	TODO: check lenny
 CVE-2010-1849
 	RESERVED
 CVE-2010-1848
@@ -951,6 +951,8 @@
 	TODO: check
 CVE-2010-1620 (Integer overflow in the load_iface function in Tools/gdomap.c in ...)
 	- gnustep-base <unfixed>
+	[lenny] - gnustep-base <no-dsa> (Minor issue)
+	TODO: File bug
 CVE-2010-1612 (The IBM WebSphere DataPower XML Accelerator XA35, Low Latency ...)
 	NOT-FOR-US: IBM WebSphere DataPower XML Accelerator
 CVE-2010-1611 (Cross-site request forgery (CSRF) vulnerability in AlegroCart 1.1 ...)
@@ -1372,6 +1374,7 @@
 	- prosody <unfixed> (low; bug #579087)
 CVE-2010-XXXX [gnome-orca: shell access without logon]
 	- gnome-orca 2.30.0-2 (bug #578928)
+	 [lenny] - gnome-orca <not-affected> (Doesn't affect Lenny's version)
 CVE-2010-1431 (SQL injection vulnerability in templates_export.php in Cacti 0.8.7e ...)
 	{DSA-2039-1}
 	- cacti 0.8.7e-3 (bug #578909)
@@ -4406,11 +4409,11 @@
 CVE-2010-0413
 	RESERVED
 CVE-2010-0412 (stap-server in SystemTap 1.1 does not properly restrict the value of ...)
-	- systemtap <unfixed> (bug #572560)
+	- systemtap 1.2-1 (bug #572560)
 	[lenny] - systemtap <not-affected> (Server component not yet present)
 	[etch] - systemtap <not-affected> (Server component not yet present)
 CVE-2010-0411 (Multiple integer signedness errors in the (1) __get_argv and (2) ...)
-	- systemtap <unfixed> (low; bug #568809)
+	- systemtap 1.2-1 (low; bug #568809)
 	[lenny] - systemtap <not-affected> (Vulnerable code not present)
 	[etch] - systemtap <no-dsa> (Minor issue)
 	NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=11234 and RH
@@ -6097,19 +6100,19 @@
 CVE-2009-XXXX [roundup: unspecified issue]
 	- roundup 1.4.11-1
 CVE-2009-XXXX [php5 uksort() interruption memory corruption]
-	- php5 <unfixed> (low)
+	- php5 <unfixed> (unimportant)
 	NOTE: CVE requested
 CVE-2009-XXXX [php5 usort interruption memory corruption]
-	- php5 5.2.11.dfsg.1-1 (low)
+	- php5 5.2.11.dfsg.1-1 (unimportant)
 	TODO: protection was weak in .11, re-check .12 changes
 	NOTE: CVE requested
 	NOTE: from "Shocking News in PHP Exploitation" by Stefan Esser
 CVE-2009-XXXX [php5 explode() information leak]
-	- php5 5.2.11.dfsg.1-1 (low)
+	- php5 5.2.11.dfsg.1-1 (unimportant)
 	NOTE: CVE requested
 	NOTE: from "Shocking News in PHP Exploitation" by Stefan Esser
 CVE-2009-XXXX [php5 serialize() information leak]
-	- php5 5.2.11.dfsg.1-1 (low)
+	- php5 5.2.11.dfsg.1-1 (unimportant)
 	NOTE: CVE requested
 	NOTE: from "Shocking News in PHP Exploitation" by Stefan Esser
 CVE-2010-0065 (Disk Images in Apple Mac OS X before 10.6.3 allows user-assisted ...)
@@ -20495,7 +20498,8 @@
 CVE-2008-5914 (An unspecified function in the JavaScript implementation in Apple ...)
 	NOT-FOR-US: Apple
 CVE-2008-5913 (An unspecified function in the JavaScript implementation in Mozilla ...)
-	- xulrunner <unfixed> (bug #559792)
+	- xulrunner <unfixed> (low; bug #559792)
+	[lenny] - xulrunner <no-dsa> (Minor issue)
 	- iceape <unfixed>
 	[lenny] - iceape <not-affected> (Just a stub package)
 	NOTE: fixed upstream https://bugzilla.mozilla.org/show_bug.cgi?id=cve-2008-5913

More information about the Secure-testing-commits mailing list