[Secure-testing-commits] r15439 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Thu Oct 7 20:43:21 UTC 2010 

Author: jmm-guest
Date: 2010-10-07 20:43:15 +0000 (Thu, 07 Oct 2010)
New Revision: 15439

Modified:
   data/CVE/list
Log:
- new chrome issues
- hipo removed
- cleanup older non issues and mark several older issues as fixed
- mark vdr as unimportant, debug only
- numpy fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-10-07 18:36:27 UTC (rev 15438)
+++ data/CVE/list	2010-10-07 20:43:15 UTC (rev 15439)
@@ -97,9 +97,11 @@
 CVE-2010-3731 (Buffer overflow in the Administration Server component in IBM DB2 UDB ...)
 	NOT-FOR-US: IBM DB2 UDB 9.5
 CVE-2010-3730 (Google Chrome before 6.0.472.62 does not properly use information ...)
-	TODO: check
+	- webkit <undetermined>
+	- chromium-browser <undetermined>
 CVE-2010-3729 (The SPDY protocol implementation in Google Chrome before 6.0.472.62 ...)
-	TODO: check
+	- webkit <undetermined>
+	- chromium-browser <undetermined>
 CVE-2010-3728
 	RESERVED
 CVE-2010-XXXX [amanda code injection]
@@ -848,7 +850,7 @@
 CVE-2008-XXXX [greylistd bypass]
 	- greylistd 0.8.7+nmu2 (low; bug #464084)
 CVE-2010-XXXX [numpy memory corruption]
-	- python-numpy <unfixed> (medium; bug #581058)
+	- python-numpy 1:1.4.1-5 (bug #581058)
 	NOTE: http://projects.scipy.org/numpy/changeset/8364
 CVE-2010-XXXX [glob processing issue]
 	- sudo 1.7.0-1 (low; bug #565223; bug #580342)
@@ -973,7 +975,8 @@
 	RESERVED
 CVE-2010-3387
 	RESERVED
-	- vdr <unfixed> (bug #598308)
+	- vdr <unfixed> (unimportant; bug #598308)
+	NOTE: Only affects a debugging tool, see bug #598308
 CVE-2010-3386
 	RESERVED
 	- ust <unfixed> (bug #598309)
@@ -1056,7 +1059,8 @@
 	[lenny] - ike <no-dsa> (Minor issue)
 CVE-2010-3360
 	RESERVED
-	- hipo <unfixed> (bug #598291)
+	- hipo <removed> (bug #598291)
+	[lenny] - hipo <no-dsa> (Minor issue)
 CVE-2010-3359 [gargoyle: insecure library loading]
 	RESERVED
 	- gargoyle-free 2009-08-25-2
@@ -8766,9 +8770,6 @@
 	- dillo <removed>
 	NOTE: http://hg.dillo.org/dillo/file/tip/ChangeLog
 	NOTE: it is not clear whether the issue affects pre-2.x versions
-CVE-2010-XXXX [pidgin remote dos]
-	- pidgin <unfixed> (low; bug #562720)
-	[lenny] - pidgin <no-dsa> (Minor issue)
 CVE-2010-XXXX [phpbb3 weak captcha]
 	- phpbb3 3.0.7-PL1-1 (unimportant; bug #570011)
 CVE-2010-0634 (Unspecified vulnerability in Fast Lexical Analyzer Generator (flex) ...)
@@ -12725,7 +12726,7 @@
 CVE-2009-3801 (SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows ...)
 	NOT-FOR-US: OpenDocMan
 CVE-2009-XXXX [multiple missing input sanity checks in KDE]
-	- kdelibs <unfixed> (low)
+	- kdelibs 4:3.5.10.dfsg.1-3 (low)
 	- kde4libs 4:4.3.4-1 (low)
 	[lenny] - kde4libs <no-dsa> (Minor issue)
 	[lenny] - kdelibs <no-dsa> (minor and unlikely to be exploited)
@@ -13087,9 +13088,7 @@
 	- vxl 1.13.0-2 (low; bug #560945)
 	- xulrunner <unfixed> (unimportant; bug #560946)
 	- texlive-bin <not-affected> (Files are not compiled in, see #560948)
-	- vnc4 <unfixed> (low; bug #560949)
-	[etch] - vnc4 <no-dsa> (minor issue)
-	[lenny] - vnc4 <no-dsa> (minor issue)
+	- vnc4 <not-affected> (Not affected, see bug #560949)
 	- xotcl 1.6.5-1.2 (low; bug #560950)
 	[lenny] - xotcl <no-dsa> (minor issue)
 CVE-2009-3719 (Cross-site scripting (XSS) vulnerability in comment.asp in Battle Blog ...)
@@ -18754,6 +18753,7 @@
 	- webkit <unfixed> (low; bug #532514)
 	[lenny] - webkit <no-dsa> (Minor issue)
 	- kdebase <unfixed> (low; bug #532519)
+	[squeeze] - kdebase <no-dsa> (Minor issue)
 	[lenny] - kdebase <no-dsa> (Minor issue)
 	[etch] - kdebase <no-dsa> (Minor issue)
 	- w3m <unfixed> (unimportant; bug #532521)
@@ -19642,7 +19642,6 @@
 CVE-2009-1685 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
 	- webkit 1.0.1-4 (bug #535793)
 	- kdelibs <not-affected>
-	- kde4libs <unfixed>
 	- qt4-x11 4:4.6.2-4 (low)
 	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
 	NOTE: http://trac.webkit.org/changeset/34574
@@ -22844,12 +22843,8 @@
 CVE-2009-0802 (Qbik WinGate, when transparent interception mode is enabled, uses the ...)
 	NOT-FOR-US: Qbik WinGate
 CVE-2009-0801 (Squid, when transparent interception mode is enabled, uses the HTTP ...)
-	- squid <unfixed> (low; bug #521053)
-	[etch] - squid <no-dsa> (Minor issue)
-	[lenny] - squid <no-dsa> (Minor issue)
-	- squid3 <unfixed> (low; bug #521052)
-	[etch] - squid3 <no-dsa> (Minor issue)
-	[lenny] - squid3 <no-dsa> (Minor issue)
+	- squid <unfixed> (unimportant; bug #521053)
+	- squid3 <unfixed> (unimportant; bug #521052)
 	NOTE: This only affects HTTP connections and only in transparent mode
 	NOTE: Also, same origin validations in the browsers still apply and keep this mostly harmless
 	NOTE: http://marc.info/?l=squid-dev&m=123542836103750&w=4
@@ -33525,10 +33520,8 @@
 	- gaim <removed>
 	[lenny] - gaim <not-affected> (gaim is now a transitional package depending on pidgin with its own source package)
 CVE-2008-2956 (Memory leak in Pidgin 2.0.0, and possibly other versions, allows ...)
-	- pidgin <unfixed> (low; bug #488632)
-	[lenny] - pidgin <no-dsa> (Minor issue)
-	- gaim <removed>
-	[lenny] - gaim <not-affected> (gaim is now a transitional package depending on pidgin with its own source package)
+	- pidgin <unfixed> (unimportant; bug #488632)
+	NOTE: Non-issue per analysis of Pidgin upstream developers, should be rejected
 CVE-2008-2957 (The UPnP functionality in Pidgin 2.0.0, and possibly other versions, ...)
 	- pidgin 2.4.3-4 (low; bug #488632)
 	- gaim <removed>

More information about the Secure-testing-commits mailing list