[Secure-testing-commits] r15448 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Sun Oct 10 11:29:36 UTC 2010 

Author: jmm-guest
Date: 2010-10-10 11:29:32 +0000 (Sun, 10 Oct 2010)
New Revision: 15448

Modified:
   data/CVE/list
Log:
bugs filed
record kernel fixes


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-10-10 11:06:14 UTC (rev 15447)
+++ data/CVE/list	2010-10-10 11:29:32 UTC (rev 15448)
@@ -597,6 +597,7 @@
 	RESERVED
 CVE-2010-3495
 	RESERVED
+	- zodb <unfixed> (bug #599711)
 CVE-2010-3494
 	RESERVED
 	- python-pyftpdlib 0.5.2-1 (low)
@@ -1343,8 +1344,7 @@
 	TODO: check whether this is true: [lenny] - dovecot <not-affected> (only affects 1.2.x)
 	NOTE: http://www.dovecot.org/list/dovecot-news/2010-July/000163.html
 CVE-2010-3303 (Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before ...)
-	- mantis <unfixed>
-	TODO: check
+	- mantis <unfixed> (bug #599710)
 	NOTE: http://www.mantisbt.org/bugs/changelog_page.php?version_id=111
 CVE-2010-3302 (Buffer overflow in programs/pluto/xauth.c in the client in Openswan ...)
 	- openswan 1:2.6.28+dfsg-2
@@ -1957,9 +1957,10 @@
 	- linux-2.6 2.6.32-23 (high)
 CVE-2010-3080 (Double free vulnerability in the snd_seq_oss_open function in ...)
 	{DSA-2110-1}
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.32-24
 CVE-2010-3079 (kernel/trace/ftrace.c in the Linux kernel before 2.6.35.5, when ...)
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.32-24
+	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.30)
 CVE-2010-3078 (The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the ...)
 	{DSA-2110-1}
 	- linux-2.6 2.6.32-24
@@ -2018,6 +2019,7 @@
 CVE-2010-3065 (The default session serializer in PHP 5.2 through 5.2.13 and 5.3 ...)
 	{DSA-2089-1}
 	- php5 <unfixed>
+	NOTE: Fixed in experimental: version 5.3.3-1
 CVE-2010-3057
 	RESERVED
 CVE-2010-3054 (Unspecified vulnerability in FreeType 2.3.9, and other versions before ...)
@@ -2257,7 +2259,7 @@
 	NOT-FOR-US: Apache Traffic Server
 CVE-2010-2951 [squid3 DoS via TCP DNS request]
 	RESERVED
-	- squid3 <unfixed>
+	- squid3 <unfixed> (bug #599709)
 	[lenny] - squid3 <not-affected> (vulnerable code introduced in 3.1.6)
 	NOTE: http://marc.info/?l=squid-users&m=128263555724981&w=2
 CVE-2010-2950 (Format string vulnerability in stream.c in the phar extension in PHP ...)
@@ -2298,7 +2300,7 @@
 	{DSA-2099-1}
 	- openoffice.org 1:3.2.1-6
 CVE-2010-2934 (Multiple unspecified vulnerabilities in ZNC 0.092 allow remote ...)
-	- znc <unfixed> (bug filed)
+	- znc <unfixed> (bug #599708)
 CVE-2010-2933 (SQL injection vulnerability in AV Scripts AV Arcade 3 allows remote ...)
 	NOT-FOR-US: AV Arcade
 CVE-2010-2932 (Buffer overflow in BarCodeWiz BarCode 3.29 ActiveX control ...)
@@ -2603,7 +2605,7 @@
 	- squirrelmail 2:1.4.21-1 (low)
 	[lenny] - squirrelmail <no-dsa> (low-risk issue)
 CVE-2010-2812 (Client.cpp in ZNC 0.092 allows remote attackers to cause a denial of ...)
-	- znc <unfixed> (bug filed)
+	- znc <unfixed> (bug #599708)
 CVE-2010-2811 (Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise ...)
 	NOT-FOR-US: Red Hat Virtual Desktop Server Manager
 CVE-2010-2810 (Heap-based buffer overflow in the convert_to_idna function in ...)

More information about the Secure-testing-commits mailing list