[Secure-testing-commits] r15447 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Sun Oct 10 11:06:16 UTC 2010 

Author: jmm-guest
Date: 2010-10-10 11:06:14 +0000 (Sun, 10 Oct 2010)
New Revision: 15447

Modified:
   data/CVE/list
Log:
- bind CVEfied
- python asyncore related issues CVEfied
- update freetype status in sid


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-10-10 10:54:10 UTC (rev 15446)
+++ data/CVE/list	2010-10-10 11:06:14 UTC (rev 15447)
@@ -155,7 +155,14 @@
 CVE-2010-3763 (Cross-site scripting (XSS) vulnerability in core/summary_api.php in ...)
 	TODO: check
 CVE-2010-3762 (ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not ...)
-	TODO: check
+	- bind9 <unfixed> (bug #599515)
+        NOTE: http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html
+        NOTE: ACL bypass claimed to only affect >=9.7.2: https://lists.isc.org/pipermail/bind-announce/2010-September/000655.html
+        NOTE: The crash with multiple trust anchors affects 9.6 and is fixed in 9.6-ESV-R2.
+CVE-2010-XXXX [bind acl bypass]
+	- bind9 <not-affected> (Only affects 9.7.2, which is not yet in the archive)
+        NOTE: http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html
+        NOTE: ACL bypass claimed to only affect >=9.7.2: https://lists.isc.org/pipermail/bind-announce/2010-September/000655.html
 CVE-2010-3761 (Unspecified vulnerability in IBM Tivoli Storage Manager (TSM) FastBack ...)
 	NOT-FOR-US: IBM Tivoli Storage Manager
 CVE-2010-3760 (FastBackMount.exe in the Mount service in IBM Tivoli Storage Manager ...)
@@ -592,10 +599,17 @@
 	RESERVED
 CVE-2010-3494
 	RESERVED
+	- python-pyftpdlib 0.5.2-1 (low)
+        NOTE: http://code.google.com/p/pyftpdlib/issues/detail?id=104
 CVE-2010-3493
 	RESERVED
 CVE-2010-3492
 	RESERVED
+        - python2.7 <unfixed> (unimportant)
+        - python3.1 <unfixed> (unimportant)
+        - python3.2 <unfixed> (unimportant)
+        NOTE: Unfixable design limitation, which needs to be coped with in applications
+        NOTE: This CVE is about proper documentation
 CVE-2010-3491
 	RESERVED
 CVE-2010-3490 (Directory traversal vulnerability in page.recordings.php in the System ...)
@@ -1070,12 +1084,6 @@
 	NOT-FOR-US: UltraEdit
 CVE-2010-3401
 	RESERVED
-CVE-2010-XXXX [python accept() implementation in async core is broken]
-	- python2.7 <unfixed>
-	- python3.1 <unfixed>
-	- python3.2 <unfixed>
-	TODO: check (I guess all python versions are affected)
-	NOTE: see 4C88DB97.1060602 at redhat.com for details
 CVE-2010-3400 (The js_InitRandom function in the JavaScript implementation in Mozilla ...)
 	TODO: check
 	NOTE: These will likely be rejected, Mozilla people will clarify with MITRE
@@ -1316,8 +1324,8 @@
 CVE-2010-3311 [freetype heap-based buffer overflow]
 	RESERVED
 	{DSA-2116-1}
-	- freetype <unfixed>
-	TODO: report
+	- freetype 2.4.0-1
+        NOTE: Only the 2.3.x series is affected
 CVE-2010-3310 (Multiple integer signedness errors in net/rose/af_rose.c in the Linux ...)
 	- linux-2.6 <unfixed>
 CVE-2010-3309

More information about the Secure-testing-commits mailing list