[Secure-testing-commits] r15613 - in data: . CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Wed Nov 24 21:16:45 UTC 2010 

Author: jmm-guest
Date: 2010-11-24 21:16:37 +0000 (Wed, 24 Nov 2010)
New Revision: 15613

Modified:
   data/CVE/list
   data/next-point-update.txt
Log:
- two minor new mysql GUI info leaks
- imagemagick fixed
- pam info leak no-dsa
- old gif2png issue was CVEfied




Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-11-24 09:16:28 UTC (rev 15612)
+++ data/CVE/list	2010-11-24 21:16:37 UTC (rev 15613)
@@ -153,7 +153,7 @@
 	- proftpd-dfsg 1.3.3a-5 (bug #603511; bug #602279)
 	[lenny] - proftpd-dfsg <not-affected> (Introduced in 1.3.2rc3)
 CVE-2010-XXXX [imagemagick reads config files from cwd]
-	- imagemagick <unfixed> (low; bug #601824)
+	- imagemagick 8:6.6.0.4-3 (low; bug #601824)
 	[lenny] - imagemagick <no-dsa> (Minor issue)
 CVE-2010-4220 (Cross-site scripting (XSS) vulnerability in the Integrated Solution ...)
 	NOT-FOR-US: IBM WebSphere
@@ -239,8 +239,10 @@
 	RESERVED
 CVE-2010-4178
 	RESERVED
+	- mysql-gui-tools <unfixed> (low)
 CVE-2010-4177
 	RESERVED
+	- mysql-gui-tools <unfixed> (low)
 CVE-2010-4176
 	RESERVED
 CVE-2010-4175
@@ -2081,7 +2083,9 @@
 	NOTE: http://svn.php.net/viewvc?view=revision&revision=303824
 CVE-2010-3435
 	RESERVED
-	- pam <unfixed> (bug #599832)
+	- pam <unfixed> (low; bug #599832)
+	[squeeze] - pam <no-dsa> (Minor issue)
+	[lenny] - pam <no-dsa> (Minor issue)
 CVE-2010-3434 (Buffer overflow in the find_stream_bounds function in pdf.c in ...)
 	- clamav 0.96.3+dfsg-1
 	[lenny] - clamav <end-of-life>
@@ -12671,7 +12675,7 @@
 	[lenny] - gnome-screensaver <not-affected> (vulnerable code introduced in 2.28)
 	NOTE: the code in etch's version is more different but it seems to be affected
 	NOTE: http://git.gnome.org/browse/gnome-screensaver/commit/?id=284c9924969a49dbf2d5fae1d680d3310c4df4a3
-CVE-2009-XXXX [gif2png multiple buffer overflows parsing CLI arguments]
+CVE-2009-5018 [gif2png multiple buffer overflows parsing CLI arguments]
 	- gif2png 2.5.2-1 (low; bug #550978)
 	[etch] - gif2png <no-dsa> (minor issue)
 	[lenny] - gif2png <no-dsa> (minor issue)

Modified: data/next-point-update.txt
===================================================================
--- data/next-point-update.txt	2010-11-24 09:16:28 UTC (rev 15612)
+++ data/next-point-update.txt	2010-11-24 21:16:37 UTC (rev 15613)
@@ -76,5 +76,11 @@
         [lenny] - lastfm 1:1.5.1.31879.dfsg-1+lenny1
 CVE-2010-XXXX [imagemagick reads config files from cwd]
 	[lenny] - imagemagick 7:6.3.7.9.dfsg2-1~lenny4
+CVE-2009-XXXX [xen-tools: world readable disk image files]
+	[lenny] - xen-tools 3.9-4+lenny1
+CVE-2010-3763
+	[lenny] - mantis 1.1.6+dfsg-2lenny4
 
 
+
+

More information about the Secure-testing-commits mailing list