[Secure-testing-commits] r15623 - in data: . CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Sun Nov 28 18:28:26 UTC 2010
Author: jmm-guest
Date: 2010-11-28 18:28:24 +0000 (Sun, 28 Nov 2010)
New Revision: 15623
Modified:
data/CVE/list
data/next-point-update.txt
data/spu-candidates.txt
Log:
record latest point release
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-11-28 09:28:43 UTC (rev 15622)
+++ data/CVE/list 2010-11-28 18:28:24 UTC (rev 15623)
@@ -157,7 +157,7 @@
[lenny] - pootle <not-affected> (Minor issue)
CVE-2010-XXXX [imagemagick reads config files from cwd]
- imagemagick 8:6.6.0.4-3 (low; bug #601824)
- [lenny] - imagemagick <no-dsa> (Minor issue)
+ [lenny] - imagemagick 7:6.3.7.9.dfsg2-1~lenny4
CVE-2010-4220 (Cross-site scripting (XSS) vulnerability in the Integrated Solution ...)
NOT-FOR-US: IBM WebSphere
CVE-2010-4219 (Cross-site scripting (XSS) vulnerability in SemanticTagService.js in ...)
@@ -1079,7 +1079,7 @@
CVE-2010-3845
RESERVED
- libapache-authenhook-perl 2.00-04+pristine-2 (low; bug #599712)
- [lenny] - libapache-authenhook-perl <no-dsa> (Will be fixed in stable update)
+ [lenny] - libapache-authenhook-perl 2.00-04+pristine-1+lenny1
CVE-2010-4237
RESERVED
- mercurial 1.6.4-1 (low; bug #598841)
@@ -1268,7 +1268,7 @@
- bugzilla <unfixed> (bug #602420; low)
CVE-2010-3763 (Cross-site scripting (XSS) vulnerability in core/summary_api.php in ...)
- mantis 1.1.8+dfsg-9 (bug #601618)
- [lenny] - mantis <no-dsa> (Minor issue)
+ [lenny] - mantis 1.1.6+dfsg-2lenny4
CVE-2010-3762 (ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not ...)
- bind9 1:9.7.2.dfsg.P2-1 (bug #599515)
NOTE: http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html
@@ -1807,98 +1807,98 @@
CVE-2010-3574 (Unspecified vulnerability in the Networking component in Oracle Java ...)
- openjdk-6 6b18-1.8.2-1
- sun-java6 6.22-1
- [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java6 6-22-0lenny
CVE-2010-3573 (Unspecified vulnerability in the Networking component in Oracle Java ...)
- openjdk-6 6b18-1.8.2-1
- sun-java6 6.22-1
- [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java6 6-22-0lenny
CVE-2010-3572 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...)
- sun-java6 6.22-1
- [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java6 6-22-0lenny
CVE-2010-3571 (Unspecified vulnerability in the 2D component in Oracle Java SE and ...)
- sun-java6 6.22-1
- [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java6 6-22-0lenny
CVE-2010-3570 (Unspecified vulnerability in the Deployment Toolkit component in ...)
- sun-java6 6.22-1
- [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java6 6-22-0lenny
CVE-2010-3569 (Unspecified vulnerability in the Java Runtime Environment component in ...)
- openjdk-6 6b18-1.8.2-1
- sun-java6 6.22-1
- [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java6 6-22-0lenny
CVE-2010-3568 (Unspecified vulnerability in the Java Runtime Environment component in ...)
- openjdk-6 6b18-1.8.2-1
- sun-java6 6.22-1
- [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java6 6-22-0lenny
CVE-2010-3567 (Unspecified vulnerability in the 2D component in Oracle Java SE and ...)
- openjdk-6 6b18-1.8.2-1
- sun-java6 6.22-1
- [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java6 6-22-0lenny
CVE-2010-3566 (Unspecified vulnerability in the 2D component in Oracle Java SE and ...)
- openjdk-6 6b18-1.8.2-1
- sun-java6 6.22-1
- [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java6 6-22-0lenny
CVE-2010-3565 (Unspecified vulnerability in the 2D component in Oracle Java SE and ...)
- openjdk-6 6b18-1.8.2-1
- sun-java6 6.22-1
- [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java6 6-22-0lenny
CVE-2010-3564 (Unspecified vulnerability in the Oracle Communications Messaging ...)
- openjdk-6 6b18-1.8.2-1
CVE-2010-3563 (Unspecified vulnerability in the Deployment component in Oracle Java ...)
- sun-java6 6.22-1
- [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java6 6-22-0lenny
CVE-2010-3562 (Unspecified vulnerability in the 2D component in Oracle Java SE and ...)
- openjdk-6 6b18-1.8.2-1
- sun-java6 6.22-1
- [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java6 6-22-0lenny
CVE-2010-3561 (Unspecified vulnerability in the CORBA component in Oracle Java SE and ...)
- openjdk-6 6b18-1.8.2-1
- sun-java6 6.22-1
- [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java6 6-22-0lenny
CVE-2010-3560 (Unspecified vulnerability in the Networking component in Oracle Java ...)
- sun-java6 6.22-1
- [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java6 6-22-0lenny
CVE-2010-3559 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...)
- sun-java6 6.22-1
- [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java6 6-22-0lenny
CVE-2010-3558 (Unspecified vulnerability in the Java Web Start component in Oracle ...)
- sun-java6 6.22-1
- [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java6 6-22-0lenny
CVE-2010-3557 (Unspecified vulnerability in the Swing component in Oracle Java SE and ...)
- openjdk-6 6b18-1.8.2-1
- sun-java6 6.22-1
- [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java6 6-22-0lenny
CVE-2010-3556 (Unspecified vulnerability in the 2D component in Oracle Java SE and ...)
- sun-java6 6.22-1
- [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java6 6-22-0lenny
CVE-2010-3555 (Unspecified vulnerability in the Deployment component in Oracle Java ...)
- sun-java6 6.22-1
- [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java6 6-22-0lenny
CVE-2010-3554 (Unspecified vulnerability in the CORBA component in Oracle Java SE and ...)
- openjdk-6 6b18-1.8.2-1
- sun-java6 6.22-1
- [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java6 6-22-0lenny
CVE-2010-3553 (Unspecified vulnerability in the Swing component in Oracle Java SE and ...)
- openjdk-6 6b18-1.8.2-1
- sun-java6 6.22-1
- [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java6 6-22-0lenny
CVE-2010-3552 (Unspecified vulnerability in the New Java Plug-in component in Oracle ...)
- sun-java6 6.22-1
- [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java6 6-22-0lenny
CVE-2010-3551 (Unspecified vulnerability in the Networking component in Oracle Java ...)
- openjdk-6 6b18-1.8.2-1
- sun-java6 6.22-1
- [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java6 6-22-0lenny
CVE-2010-3550 (Unspecified vulnerability in the Java Web Start component in Oracle ...)
- sun-java6 6.22-1
- [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java6 6-22-0lenny
CVE-2010-3549 (Unspecified vulnerability in the Networking component in Oracle Java ...)
- openjdk-6 6b18-1.8.2-1
- sun-java6 6.22-1
- [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java6 6-22-0lenny
CVE-2010-3548 (Unspecified vulnerability in the Java Naming and Directory Interface ...)
- openjdk-6 6b18-1.8.2-1
- sun-java6 6.22-1
- [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java6 6-22-0lenny
CVE-2010-3547 (Unspecified vulnerability in the PeopleSoft FMS ESA - EX component in ...)
NOT-FOR-US: Oracle PeopleSoft
CVE-2010-3546 (Unspecified vulnerability in the Sun Java System Identity Manager ...)
@@ -1914,7 +1914,7 @@
CVE-2010-3541 (Unspecified vulnerability in the Networking component in Oracle Java ...)
- openjdk-6 6b18-1.8.2-1
- sun-java6 6.22-1
- [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java6 6-22-0lenny
CVE-2010-3540 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows ...)
NOT-FOR-US: Oracle Solaris
CVE-2010-3539 (Unspecified vulnerability in the PeopleSoft Enterprise FMS - GL ...)
@@ -2320,7 +2320,7 @@
[lenny] - roaraudio <no-dsa> (Minor issue)
CVE-2010-3362 (lastfm 1.5.4 places a zero-length directory name in the ...)
- lastfm 1:1.5.4.26862+dfsg-5 (low; bug #598294)
- [lenny] - lastfm <no-dsa> (Minor issue)
+ [lenny] - lastfm 1:1.5.1.31879.dfsg-1+lenny1
CVE-2010-3361 (The (1) iked, (2) ikea, and (3) ikec scripts in Shrew Soft IKE 2.1.5 ...)
- ike 2.1.5+dfsg-2 (low; bug #598292)
[lenny] - ike <no-dsa> (Minor issue)
@@ -2457,8 +2457,7 @@
[lenny] - dovecot <not-affected> (only affects 1.2.x)
CVE-2010-3303 (Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before ...)
- mantis 1.1.8+dfsg-8 (bug #599710)
- [lenny] - mantis <no-dsa> (Minor issue)
- NOTE: http://www.mantisbt.org/bugs/changelog_page.php?version_id=111
+ [lenny] - mantis 1.1.6+dfsg-2lenny3
CVE-2010-3302 (Buffer overflow in programs/pluto/xauth.c in the client in Openswan ...)
- openswan 1:2.6.28+dfsg-2
[lenny] - openswan <not-affected> (Introduced in version 2.6.25)
@@ -3847,7 +3846,7 @@
CVE-2010-2784 (The subpage MMIO initialization functionality in the subpage_register ...)
- qemu-kvm 0.12.5+dfsg-3 (bug #594478)
- kvm <removed>
- [lenny] - kvm <no-dsa> (Minor impact, will be fixed in a point release)
+ [lenny] - kvm 72+dfsg-5~lenny6
CVE-2010-2783
RESERVED
- openjdk-6 6b18-1.8.1-1
@@ -4369,7 +4368,7 @@
NOT-FOR-US: Cerberus FTP Server
CVE-2010-2494 (Multiple buffer underflows in the base64 decoder in base64.c in (1) ...)
- bogofilter 1.2.1-3 (low; bug #588090)
- [lenny] - bogofilter <no-dsa> (Minor issue)
+ [lenny] - bogofilter 1.1.7-1+lenny1
NOTE: this is "only" null write to an invalid pointer, no arbitrary location
CVE-2010-2495 (The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP ...)
- linux-2.6 2.6.32-16
@@ -4460,7 +4459,7 @@
NOTE: http://www.kde.org/info/security/advisory-20100825-1.txt
CVE-2010-2574 (Cross-site scripting (XSS) vulnerability in manage_proj_cat_add.php in ...)
- mantis 1.1.8+dfsg-6 (low; bug #595510)
- [lenny] - mantis <no-dsa> (Minor issue)
+ [lenny] - mantis 1.1.6+dfsg-2lenny2
CVE-2010-2598 (LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as ...)
- tiff <unfixed> (unimportant)
CVE-2010-2597 (The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 ...)
@@ -5310,7 +5309,7 @@
[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2010-2242 (Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with ...)
- libvirt 0.8.3-1 (low)
- [lenny] - libvirt <no-dsa> (Minor issue)
+ [lenny] - libvirt 0.4.6-10+lenny1
CVE-2010-2241 (The (1) setup-ds.pl and (2) setup-ds-admin.pl setup scripts for Red ...)
NOT-FOR-US: Red Hat Directory Server
CVE-2010-2240 (The do_anonymous_page function in mm/memory.c in the Linux kernel ...)
@@ -7257,7 +7256,7 @@
NOT-FOR-US: Novell iPrint Client
CVE-2010-1526 (Multiple integer overflows in libgdiplus 2.6.7, as used in Mono, allow ...)
- libgdiplus 2.6.7-2 (low; bug #594155)
- [lenny] - libgdiplus <no-dsa> (Minor issue)
+ [lenny] - libgdiplus 1.9-1+lenny1
CVE-2010-1525 (Integer underflow in the SpreadSheet Lotus 123 reader (wkssr.dll) in ...)
NOT-FOR-US: SpreadSheet Lotus 123 reader
CVE-2010-1524 (The SpreadSheet Lotus 123 reader (wkssr.dll) in Autonomy KeyView 10.4 ...)
@@ -7974,7 +7973,7 @@
- krb5 1.8.1+dfsg-3 (low; bug #582261)
- heimdal 1.4.0~git20100605.dfsg.1-1
- sun-java6 6.22-1
- [lenny] - sun-java6 <no-dsa> (Non-free not supported)
+ [lenny] - sun-java6 6-22-0lenny
CVE-2010-1320 (Double free vulnerability in do_tgs_req.c in the Key Distribution ...)
- krb5 1.8.1+dfsg-2 (bug #577490)
[lenny] - krb5 <not-affected> (Only affects 1.7/1.8)
@@ -11146,6 +11145,9 @@
- lib3ds 1.3.0-5 (low; bug #575741)
[lenny] - lib3ds <no-dsa> (Minor issue)
[etch] - lib3ds <no-dsa> (Minor issue)
+ - openscenegraph 2.8.0-1
+ [lenny] - openscenegraph 2.4.0-1.1+lenny1
+ NOTE: openscenegraph embeds acopy of lib3ds
NOTE: http://www.coresecurity.com/content/google-sketchup-vulnerability
NOTE: issue was published saying it affects google sketchup,
NOTE: but the vulnerable code is in lib3ds
@@ -12736,7 +12738,7 @@
[lenny] - xfs 1:1.0.8-2.2+lenny1
CVE-2009-XXXX [xserver-xorg: inherits user's mask]
- xorg-server 2:1.7.2-1 (low; bug #555308)
- [lenny] - xorg-server <no-dsa> (Minor issue)
+ [lenny] - xorg-server 2:1.4.2-10.lenny3
CVE-2009-4296 (SQL injection vulnerability in the Taxonomy Timer module 5.x-1.8 and ...)
NOT-FOR-US: Taxonomy Timer module for Drupal
CVE-2009-4295 (Sun Ray Server Software 4.0 and 4.1 does not generate a unique DSA ...)
@@ -14894,6 +14896,7 @@
- nss 3.12.6-1
- sun-java5 <removed>
- sun-java6 6.19-1
+ [lenny] - sun-java6 6-22-0lenny
NOTE: Update 22 for Sun Java implemented the new RFC extension
- openjdk-6 6b18-1.8.2-1
- nginx 0.7.64-1
@@ -15188,7 +15191,7 @@
NOT-FOR-US: RADactive I-Load
CVE-2009-XXXX [xen-tools: world readable disk image files]
- xen-tools 4.2~beta1-1 (low; bug #548909)
- [lenny] - xen-tools <no-dsa> (Minor issue)
+ [lenny] - xen-tools 3.9-4+lenny1
CVE-2009-3446 (SQL injection vulnerability in the MyRemote Video Gallery (com_mytube) ...)
NOT-FOR-US: com_mytube component for Joomla!
CVE-2009-3445 (Unspecified vulnerability in Code-Crafters Ability Mail Server before ...)
Modified: data/next-point-update.txt
===================================================================
--- data/next-point-update.txt 2010-11-28 09:28:43 UTC (rev 15622)
+++ data/next-point-update.txt 2010-11-28 18:28:24 UTC (rev 15623)
@@ -1,83 +1,3 @@
-CVE-2010-2242
- [lenny] - libvirt 0.4.6-10+lenny1
-CVE-2010-1526
- [lenny] - libgdiplus 1.9-1+lenny1
-CVE-2010-2574
- [lenny] - mantis 1.1.6+dfsg-2lenny2
-CVE-2009-XXXX [xserver-xorg: inherits user's mask]
- [lenny] - xorg-server 2:1.4.2-10.lenny3
-CVE-2010-2784
- [lenny] - kvm 72+dfsg-5~lenny6
-CVE-2010-2494
- [lenny] - bogofilter 1.1.7-1+lenny1
-CVE-2010-3845
- [lenny] - libapache-authenhook-perl 2.00-04+pristine-1+lenny1
-CVE-2010-3303
- [lenny] - mantis 1.1.6+dfsg-2lenny3
-CVE-2010-3562
- [lenny] - sun-java6 6-22-0lenny
-CVE-2010-3556
- [lenny] - sun-java6 6-22-0lenny
-CVE-2010-3565
- [lenny] - sun-java6 6-22-0lenny
-CVE-2010-3566
-5A [lenny] - sun-java6 6-22-0lenny
-CVE-2010-3567
- [lenny] - sun-java6 6-22-0lenny
-CVE-2010-3571
- [lenny] - sun-java6 6-22-0lenny
-CVE-2010-3554
- [lenny] - sun-java6 6-22-0lenny
-CVE-2010-3563
- [lenny] - sun-java6 6-22-0lenny
-CVE-2010-3568
- [lenny] - sun-java6 6-22-0lenny
-CVE-2010-3569
- [lenny] - sun-java6 6-22-0lenny
-CVE-2010-3558
- [lenny] - sun-java6 6-22-0lenny
-CVE-2010-3552
- [lenny] - sun-java6 6-22-0lenny
-CVE-2010-3559
- [lenny] - sun-java6 6-22-0lenny
-CVE-2010-3572
- [lenny] - sun-java6 6-22-0lenny
-CVE-2010-3553
- [lenny] - sun-java6 6-22-0lenny
-CVE-2010-3555
- [lenny] - sun-java6 6-22-0lenny
-CVE-2010-3550
- [lenny] - sun-java6 6-22-0lenny
-CVE-2010-3570
- [lenny] - sun-java6 6-22-0lenny
-CVE-2009-3555
- [lenny] - sun-java6 6-22-0lenny
-CVE-2010-3561
- [lenny] - sun-java6 6-22-0lenny
-CVE-2009-3549
- [lenny] - sun-java6 6-22-0lenny
-CVE-2010-3557
- [lenny] - sun-java6 6-22-0lenny
-CVE-2010-3541
- [lenny] - sun-java6 6-22-0lenny
-CVE-2010-3573
- [lenny] - sun-java6 6-22-0lenny
-CVE-2010-3574
- [lenny] - sun-java6 6-22-0lenny
-CVE-2010-3548
- [lenny] - sun-java6 6-22-0lenny
-CVE-2010-3551
- [lenny] - sun-java6 6-22-0lenny
-CVE-2010-3560
- [lenny] - sun-java6 6-22-0lenny
-CVE-2010-1321
- [lenny] - sun-java6 6-22-0lenny
-CVE-2010-3362
- [lenny] - lastfm 1:1.5.1.31879.dfsg-1+lenny1
-CVE-2010-XXXX [imagemagick reads config files from cwd]
- [lenny] - imagemagick 7:6.3.7.9.dfsg2-1~lenny4
-CVE-2009-XXXX [xen-tools: world readable disk image files]
- [lenny] - xen-tools 3.9-4+lenny1
CVE-2010-3763
[lenny] - mantis 1.1.6+dfsg-2lenny4
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2010-11-28 09:28:43 UTC (rev 15622)
+++ data/spu-candidates.txt 2010-11-28 18:28:24 UTC (rev 15623)
@@ -270,12 +270,6 @@
--
-libpng (CVE-2009-2042)
-#533676
-notified maintainer
-
---
-
libpoe-component-irc-perl
#581194
maintainer contacted us
@@ -460,7 +454,7 @@
--
-pidgin (CVE-2009-1889, CVE-2009-3083, CVE-2009-3084, CVE-2009-3085)
+pidgin (CVE-2009-1889, CVE-2009-3085)
#535790
http://developer.pidgin.im/ticket/9483
http://developer.pidgin.im/viewmtn/revision/info/9bac0a540156fb1848eedd61c8630737dee752c7
More information about the Secure-testing-commits
mailing list