[Secure-testing-commits] r15413 - in data: . CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Sun Oct 3 20:43:54 UTC 2010 

Author: jmm-guest
Date: 2010-10-03 20:43:54 +0000 (Sun, 03 Oct 2010)
New Revision: 15413

Modified:
   data/CVE/list
   data/embedded-code-copies
   data/spu-candidates.txt
Log:
- lastfm, roaraudio, ike no-dsa
- mahara/tinymce code copy fixed
- otrs fixed
- cleanup older issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-10-03 19:35:25 UTC (rev 15412)
+++ data/CVE/list	2010-10-03 20:43:54 UTC (rev 15413)
@@ -931,13 +931,16 @@
 	- vips <unfixed> (bug #598296)
 CVE-2010-3363
 	RESERVED
-	- roaraudio 0.3-2 (bug #598295)
+	- roaraudio 0.3-2 (low; bug #598295)
+	[lenny] - roaraudio <no-dsa> (Minor issue)
 CVE-2010-3362
 	RESERVED
-	- lastfm 1:1.5.4.26862+dfsg-5 (bug #598294)
+	- lastfm 1:1.5.4.26862+dfsg-5 (low; bug #598294)
+	[lenny] - lastfm <no-dsa> (Minor issue)
 CVE-2010-3361
 	RESERVED
-	- ike <unfixed> (bug #598292)
+	- ike <unfixed> (low; bug #598292)
+	[lenny] - ike <no-dsa> (Minor issue)
 CVE-2010-3360
 	RESERVED
 	- hipo <unfixed> (bug #598291)
@@ -4294,9 +4297,7 @@
 CVE-2010-2081
 	RESERVED
 CVE-2010-2080 (Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket ...)
-	- otrs2 <unfixed>
-	TODO: check lenny
-	NOTE: http://otrs.org/advisory/OSA-2010-02-en/
+	- otrs2 2.4.8+dfsg1-1
 CVE-2009-4879 (The Identity Server in Novell Access Manager before 3.1 SP1 allows ...)
 	NOT-FOR-US: Novell Access Manager
 CVE-2009-4878 (Unspecified vulnerability in the Administration Console in Novell ...)
@@ -17416,10 +17417,6 @@
 	NOT-FOR-US: Apple Safari
 CVE-2009-2419 (Use-after-free vulnerability in the servePendingRequests function in ...)
 	- webkit 1.1.10-1
-	- kdelibs <unfixed> (low)
-	[lenny] - kdelibs <no-dsa> (Minor issue)
-	- kde4libs <unfixed> (low)
-	- qt4-x11 <undetermined>
 CVE-2009-2418
 	RESERVED
 CVE-2009-2417 (lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is ...)
@@ -31814,8 +31811,9 @@
 	NOTE: file is opened with O_EXCL even if tmpnam is used in this case
 CVE-2008-3520 (Multiple integer overflows in JasPer 1.900.1 might allow ...)
 	- jasper 1.900.1-5.1 (medium; bug #501021)
-	- ghostscript 8.64~dfsg-2 (medium; bug #559778)
-	- gs-gpl <removed> (medium; bug #561717)
+	- ghostscript 8.64~dfsg-2 (low; bug #559778)
+	[lenny] - ghostscript <not-affected> (Too intrusive to backport)
+	- gs-gpl <removed> (low; bug #561717)
 	- netpbm-free <not-affected> (dynamically links to ghostscript if available)
 CVE-2008-3519 (The default configuration of the JBossAs component in Red Hat JBoss ...)
 	- jbossas4 <not-affected> (configuration not yet included in Debian package)
@@ -52614,7 +52612,7 @@
 CVE-2007-1971 (SQL injection vulnerability in fotokategori.asp in Gazi Okul Sitesi ...)
 	NOT-FOR-US: fotokategori.asp
 CVE-2007-1970 (Mozilla Firefox does not warn the user about HTTP elements on an HTTPS ...)
-	- iceweasel <unfixed> (low; bug #556267)
+	- iceweasel <unfixed> (unimportant; bug #556267)
 	[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
 	[lenny] - iceweasel <no-dsa> (Minor issue)
 CVE-2007-1969 (Cross-site scripting (XSS) vulnerability in admin/modify.php in Sam ...)
@@ -85247,8 +85245,6 @@
 	NOT-FOR-US: Apple
 CVE-2005-1471 (Heap-based buffer overflow in RSA SecurID Web Agent 5, 5.2, and 5.3 ...)
 	NOT-FOR-US: RSA SecurID Web Agent
-CVE-2005-XXXX [race condition with a buffered temp file]
-	- pysvn 1.1.2-3
 CVE-2005-XXXX [mailutils: sql injection vulnerability in sql authentication module]
 	- mailutils 1:0.6.1-2
 CVE-2005-XXXX [maradns: More frequent rekeying to mitigate possible AES attacks]

Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies	2010-10-03 19:35:25 UTC (rev 15412)
+++ data/embedded-code-copies	2010-10-03 20:43:54 UTC (rev 15413)
@@ -449,7 +449,7 @@
 	- moodle <unfixed> (embed; bug #507185)
 	- knowledgeroot <unfixed> (embed)
 	- joomla <itp> (bug #326398)
-	- mahara <unfixed> (embed; #597752)
+	- mahara 1.2.6-1 (embed; #597752)
 
 scintilla (upstream provides static lib, rejected shared lib http://sf.net/support/tracker.php?aid=2488121)
 	- scite <unfixed> (embed)

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2010-10-03 19:35:25 UTC (rev 15412)
+++ data/spu-candidates.txt	2010-10-03 20:43:54 UTC (rev 15413)
@@ -138,6 +138,12 @@
 
 --
 
+ika (CVE-2010-3361)
+#5982925B
+notified maintainer
+
+--
+
 imp4 (CVE-2010-0463)
 #569661
 notified maintainer
@@ -367,6 +373,11 @@
 
 --
 
+roaraudio (CVE-2010-3362)
+#598295
+
+--
+
 ruby1.8 (CVE-2010-0541)
 
 --

More information about the Secure-testing-commits mailing list