[Secure-testing-commits] r14766 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Fri May 28 21:52:28 UTC 2010 

Author: jmm-guest
Date: 2010-05-28 21:52:27 +0000 (Fri, 28 May 2010)
New Revision: 14766

Modified:
   data/CVE/list
Log:
record final etch point release


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-05-28 21:44:15 UTC (rev 14765)
+++ data/CVE/list	2010-05-28 21:52:27 UTC (rev 14766)
@@ -8490,8 +8490,7 @@
 	- wordpress 2.8.5-1
 	[lenny] - wordpress <no-dsa> (Minor issue)
 	TODO: next point update: [lenny] - wordpress 2.5.1-11+lenny3
-	[etch] - wordpress <no-dsa> (Minor issue)
-	TODO: next point update: [etch] - wordpress 2.0.10-1etch6
+	[etch] - wordpress 2.0.10-1etch6
 	NOTE: http://seclists.org/fulldisclosure/2009/Oct/263
 CVE-2009-3621 (net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows ...)
 	{DSA-1929-1 DSA-1928-1 DSA-1927-1}
@@ -9777,8 +9776,7 @@
 	[etch] - knowledgeroot <no-dsa> (minor issue)
 	[lenny] - knowledgeroot <no-dsa> (minor issue)
 	- mt-daapd 0.9~r1696.dfsg-6 (low; bug #555231)
-	[etch] - mt-daapd <no-dsa> (minor issue)
-	TODO:	[etch] - mt-daapd 0.2.4+r1376-1.1+etch3
+	[etch] - mt-daapd 0.2.4+r1376-1.1+etch3
 	- mediatomb 0.12.0~svn2018-5 (low; bug #555232)
 	[lenny] - mediatomb <no-dsa> (minor issue)
 	- op-panel 0.30~dfsg-1 (low; bug #555234)
@@ -10542,8 +10540,7 @@
 CVE-2009-XXXX [serveez: buffer overflow in header parser]
 	- serveez <removed> (low)
 	[lenny] - serveez 0.1.5-2.1+lenny1
-	[etch] - serveez <no-dsa> (Fringe package, mostly unused)
-	TODO: next point release [etch] - serveez 0.1.5-2+etch1
+	[etch] - serveez 0.1.5-2+etch1
 CVE-2009-2998 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...)
 	NOT-FOR-US: Adobe
 CVE-2009-2997 (Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before ...)
@@ -12717,6 +12714,7 @@
 	{DSA-1935-1 DSA-1888-1 DSA-1874-1}
 	- nss 3.12.3-1 (low; bug #539895)
 	- openssl 0.9.8k-4 (low; bug #539899)
+	[etch] - openssl 0.9.8c-4etch8
 	- gnutls26 2.4.2-5 (low; bug #539901)
 	- openjdk-6 6b17~pre3-1 (low)
 	- gnutls13 <removed>
@@ -13381,8 +13379,7 @@
 	NOT-FOR-US: fuzzylime
 CVE-2009-2175 (Stack-based buffer overflow in the flattenIncrementally function in ...)
 	- xcftools 1.0.7-1 (low; bug #533361)
-	[etch] - xcftools <no-dsa> (Minor issue)
-	TODO: next point update: [etch] - xcftools 1.0.4-1+etch1
+	[etch] - xcftools 1.0.4-1+etch1
 	[lenny] - xcftools 1.0.4-1+lenny1
 CVE-2009-2174 (GUPnP 0.12.7 allows remote attackers to cause a denial of service ...)
 	- gupnp 0.12.6-3.1 (low; bug #534594)
@@ -13908,7 +13905,7 @@
 CVE-2009-1959 (Off-by-one error in the event_wallops function in ...)
 	- irssi 0.8.13-2 (low; bug #532607; bug #531357)
 	[lenny] - irssi 0.8.12-7
-	TODO: add after r9 [etch] - irssi 0.8.10-3
+	[etch] - irssi 0.8.10-3
 	NOTE: exploitability limited, DoS rather obscure attack scenario
 CVE-2009-1956 (Off-by-one error in the apr_brigade_vprintf function in Apache ...)
 	- apr-util 1.3.7+dfsg-1 (low)
@@ -16293,6 +16290,7 @@
 CVE-2009-1250 (The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 ...)
 	{DSA-1768-1}
 	- openafs 1.4.10+dfsg1-1
+	[etch] - openafs 1.4.2-6etch3
 CVE-2009-1249 (Cross-site scripting (XSS) vulnerability in Feed element mapper 5.x ...)
 	NOT-FOR-US: Feed element mapper for Drupal
 CVE-2009-1248 (Multiple PHP remote file inclusion vulnerabilities in Acute Control ...)
@@ -29072,6 +29070,7 @@
 	- clamav 0.93.1.dfsg-1.1 (low; bug #490925)
 CVE-2008-2711 (fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, ...)
 	- fetchmail 6.3.9~rc2-1 (unimportant)
+	[etch] - fetchmail 6.3.6-1etch3
 	NOTE: http://www.openwall.com/lists/oss-security/2008/06/13/1
 	NOTE: -vv is only used for debugging purposes so this does not
 	NOTE: prevent a victim from getting mails. -vv is not used in non-interactive
@@ -30994,8 +30993,7 @@
 	NOT-FOR-US: SAP
 CVE-2008-1845 (The Korn shell (aka mksh) before R33d on MirOS (aka MirBSD) does not ...)
 	- mksh 33.4-1 (low)
-	[etch] - mksh <no-dsa> (Minor issue)
-	TODO: next point update: [etch] - mksh 28.0-3
+	[etch] - mksh 28.0-3
 CVE-2008-1844 (SQL injection vulnerability in cat.php in W2B phpHotResources allows ...)
 	NOT-FOR-US: W2B phpHotResources
 CVE-2008-1843 (SQL injection vulnerability in browse.php in W2B DatingClub (aka ...)
@@ -45973,8 +45971,7 @@
 CVE-2007-2766 (lib/backup-methods.sh in Backup Manager before 0.7.6 provides the ...)
 	- backup-manager 0.7.6-1 (low)
 	[sarge] - backup-manager <no-dsa> (Minor issue)
-	[etch] - backup-manager <no-dsa> (Minor issue)
-	TODO: next point update [etch] - backup-manager 0.7.5-5
+	[etch] - backup-manager 0.7.5-5
 CVE-2007-2765 (blockhosts.py in BlockHosts before 2.0.3 does not properly parse ...)
 	NOT-FOR-US: BlockHosts
 CVE-2007-2764 (The embedded Linux kernel in certain Sun-Brocade SilkWorm switches ...)
@@ -48900,6 +48897,7 @@
 	- icedove 2.0.0.4-1
 	- iceape 1.1.2-1
 	- fetchmail 6.3.8-1 (unimportant)
+	[etch] - fetchmail 6.3.6-1etch3
 	- mailfilter 0.8.2-1 (unimportant)
 	- mutt 1.5.18-6 (unimportant)
 	NOTE: i couldn't pinpoint exact mutt fixed version, but lenny's version has the

More information about the Secure-testing-commits mailing list