[Secure-testing-commits] r15417 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Mon Oct 4 17:16:16 UTC 2010 

Author: jmm-guest
Date: 2010-10-04 17:16:10 +0000 (Mon, 04 Oct 2010)
New Revision: 15417

Modified:
   data/CVE/list
Log:
- correct tiff version number
- new svn issue (already fixed)
- mistelix and scilab fixed
- fix entries for previous mysql issues
- remove interchange CVE dupe, further cleanup on CVE-less issues
- cleanups on older gnome-power-manager non-issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-10-04 10:02:06 UTC (rev 15416)
+++ data/CVE/list	2010-10-04 17:16:10 UTC (rev 15417)
@@ -81,9 +81,9 @@
 CVE-2010-3687 (Unspecified vulnerability in the powermail extension 1.5.3 and earlier ...)
 	NOT-FOR-US: powermail extension 1.5.3 for typo3
 CVE-2010-3686 (The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x ...)
-	TODO: check
+	TODO: check, apparently bogus dupes, contact MITRE for rejection 
 CVE-2010-3685 (The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x ...)
-	TODO: check
+	TODO: check, apparently bogus dupes, contact MITRE for rejection 
 CVE-2010-XXXX [bind9 two issues]
 	- bind9 <unfixed>
 	TODO: check
@@ -109,36 +109,36 @@
 	NOT-FOR-US: Synology Disk Station
 CVE-2010-3683
 	RESERVED
-	- mysql-5.1 <unfixed> (bug #598580)
-	- mysql-dfsg-5.0 <unfixed>
+	- mysql-5.1 5.1.49-1 (bug #598580)
+	- mysql-dfsg-5.0 <removed>
 CVE-2010-3682
 	RESERVED
-	- mysql-5.1 <unfixed> (bug #598580)
-	- mysql-dfsg-5.0 <unfixed>
+	- mysql-5.1 5.1.49-1 (bug #598580)
+	- mysql-dfsg-5.0 <removed>
 CVE-2010-3681
 	RESERVED
-	- mysql-5.1 <unfixed> (bug #598580)
-	- mysql-dfsg-5.0 <unfixed>
+	- mysql-5.1 5.1.49-1 (bug #598580)
+	- mysql-dfsg-5.0 <removed>
 CVE-2010-3680
 	RESERVED
-	- mysql-5.1 <unfixed> (bug #598580)
-	- mysql-dfsg-5.0 <unfixed>
+	- mysql-5.1 5.1.49-1 (bug #598580)
+	- mysql-dfsg-5.0 <removed>
 CVE-2010-3679
 	RESERVED
-	- mysql-5.1 <unfixed> (bug #598580)
-	- mysql-dfsg-5.0 <unfixed>
+	- mysql-5.1 5.1.49-1 (bug #598580)
+	- mysql-dfsg-5.0 <removed>
 CVE-2010-3678
 	RESERVED
-	- mysql-5.1 <unfixed> (bug #598580)
-	- mysql-dfsg-5.0 <unfixed>
+	- mysql-5.1 5.1.49-1 (bug #598580)
+	- mysql-dfsg-5.0 <removed>
 CVE-2010-3677
 	RESERVED
-	- mysql-5.1 <unfixed> (bug #598580)
-	- mysql-dfsg-5.0 <unfixed>
+	- mysql-5.1 5.1.49-1 (bug #598580)
+	- mysql-dfsg-5.0 <removed>
 CVE-2010-3676
 	RESERVED
-	- mysql-5.1 <unfixed> (bug #598580)
-	- mysql-dfsg-5.0 <unfixed>
+	- mysql-5.1 5.1.49-1 (bug #598580)
+	- mysql-dfsg-5.0 <removed>
 CVE-2010-3675
 	RESERVED
 CVE-2010-3658
@@ -673,7 +673,6 @@
 CVE-2010-3442 [heap corruption in snd_ctl_new]
 	RESERVED
 	- linux-2.6 <unfixed>
-	TODO: check
 	NOTE: http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git;a=commitdiff;h=5591bf07225523600450edd9e6ad258bb877b779
 CVE-2010-3441
 	RESERVED
@@ -889,7 +888,7 @@
 	RESERVED
 CVE-2010-3378
 	RESERVED
-	- scilab <unfixed> (bug #598423; bug #598422)
+	- scilab 5.2.2-8 (bug #598423; bug #598422)
 	[lenny] - scilab <no-dsa> (Non-free not supported)
 CVE-2010-3377
 	RESERVED
@@ -925,7 +924,7 @@
 	- mn-fit <unfixed> (bug #598298)
 CVE-2010-3365
 	RESERVED
-	- mistelix <unfixed> (bug #598297)
+	- mistelix 0.31-2 (low; bug #598297)
 CVE-2010-3364
 	RESERVED
 	- vips <unfixed> (bug #598296)
@@ -1049,6 +1048,7 @@
 	NOTE: see 20100927201729.GB4485 at openwall.com
 CVE-2010-3315
 	RESERVED
+	- subversion 1.6.12dfsg-2 (low)
 CVE-2010-3314 (Cross-site scripting (XSS) vulnerability in login.php in EGroupware ...)
 	{DSA-2013-1}
 	- egroupware <removed> (high; bug #573279)
@@ -1111,7 +1111,6 @@
 	RESERVED
 	NOTE: assigned to linux-2.6, but claimed not a problem: http://www.openwall.com/lists/oss-security/2010/09/15/2
 	NOTE: will probably get rejected
-	TODO: check
 CVE-2010-3291
 	RESERVED
 CVE-2010-3290
@@ -1251,13 +1250,11 @@
 CVE-2010-3244 (BbtsConnection_Edit.exe in Blackboard Transact Suite (formerly ...)
 	NOT-FOR-US: Blackboard Transact Suite
 CVE-2009-4997 (gnome-power-manager 2.27.92 does not properly implement the ...)
-	- gnome-power-manager <unfixed>
-	TODO: check
+	- gnome-power-manager 2.28.0-1 (unimportant)
 CVE-2009-4996 (** DISPUTED ** ...)
-	TODO: check
+	NOTE: Disputed non-issue
 CVE-2006-7240 (gnome-power-manager 2.14.0 does not properly implement the ...)
-	- gnome-power-manager <unfixed>
-	TODO: check
+	- gnome-power-manager 2.28.0-1 (unimportant)
 CVE-2010-3306 (Directory traversal vulnerability in the modURL function in instance.c ...)
 	- weborf 0.12.3-1 (bug #596112)
 CVE-2010-3243
@@ -3294,7 +3291,7 @@
 CVE-2010-2484 (The strrchr function in PHP 5.2 before 5.2.14 allows context-dependent ...)
 	- php5 5.3.3-1 (unimportant)
 CVE-2010-2483 (The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers ...)
-	- tiff 3.9.4-1 (unimportant)
+	- tiff 3.9.4-4 (unimportant)
 CVE-2010-2482 (LibTIFF 3.9.4 and earlier does not properly handle an invalid ...)
 	- tiff 3.9.4-1 (unimportant)
 CVE-2010-2481 (The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly ...)
@@ -16298,7 +16295,7 @@
 CVE-2008-6946 (Cross-site scripting (XSS) vulnerability in manageproject.php in ...)
 	NOT-FOR-US: Collabtive
 CVE-2008-6945 (Multiple cross-site scripting (XSS) vulnerabilities in Interchange 5.7 ...)
-	- interchange 5.6.1-1 (low)
+	- interchange 5.6.1-1 (low; bug #505732)
 CVE-2008-6944 (Unrestricted file upload vulnerability in ScriptsFeed Auto Classifieds ...)
 	NOT-FOR-US: ScriptsFeed Auto Classifieds
 CVE-2008-6943 (Unrestricted file upload vulnerability in ScriptsFeed Recipes Listing ...)
@@ -16494,9 +16491,6 @@
 	[etch] - groff <not-affected> (pdfroff not yet present)
 	[lenny] - groff <not-affected> (pdfroff not yet present)
 	NOTE: requested CVE ids
-CVE-2009-XXXX [apache2: only first 8 characters used to validate password]
-	- apache2 <unfixed> (unimportant; bug #539246)
-	NOTE: Standard behaviour of crypt, enhancement bug for stronger method
 CVE-2009-XXXX [xscreensaver: local screen lock bypassable via low resolution video devices]
 	- xscreensaver 5.05-3+nmu1 (low; bug #539699)
 	[etch] - xscreensaver <not-affected> (vulnerable code not present)
@@ -18496,10 +18490,6 @@
 	NOT-FOR-US: Sun Solaris
 CVE-2009-2028 (Multiple unspecified vulnerabilities in Adobe Reader 7 and Acrobat 7 ...)
 	NOT-FOR-US: Adobe
-CVE-2009-XXXX [adtool leaks password in environment]
-	- adtool 1.3.2-1 (unimportant)
-	NOTE: adtool has safe means to specify the password, so this boils
-	NOTE: down to potential insecure usage
 CVE-2009-2027 (The Installer in Apple Safari before 4.0 on Windows allows local users ...)
 	NOT-FOR-US: Apple Safari
 CVE-2009-2026 (Stack-based buffer overflow in a token searching function in the ...)
@@ -28061,9 +28051,6 @@
 	NOT-FOR-US:  Novell eDirectory
 CVE-2008-5037 (SQL injection vulnerability in view.php in ElkaGroup Image Gallery 1.0 ...)
 	NOT-FOR-US: ElkaGroup Image Gallery
-CVE-2008-XXXX [interchange Cross-Site Scripting Vulnerabilities]
-	- interchange 5.6.1-1 (bug #505732)
-	NOTE: this is SA32658
 CVE-2008-XXXX [typo3: passwords are not changeable bug in the backend]
 	- typo3-src 4.2.3-1 (bug #505326)
 	[etch] - typo3-src <not-affected> (Typo3 versions below 4.2.x are not affected)

More information about the Secure-testing-commits mailing list