[Secure-testing-commits] r15455 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Mon Oct 11 17:32:52 UTC 2010 

Author: jmm-guest
Date: 2010-10-11 17:32:51 +0000 (Mon, 11 Oct 2010)
New Revision: 15455

Modified:
   data/CVE/list
Log:
- ike fixed
- new typo3 issues (also fixed)
- remove old bind temp entry
- vnc4 not affected by expat issues
- python loadpath/py2.5 no-dsa
- update padding oracle attack in rails issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-10-10 21:14:47 UTC (rev 15454)
+++ data/CVE/list	2010-10-11 17:32:51 UTC (rev 15455)
@@ -1,5 +1,7 @@
 CVE-2010-3840
 	RESERVED
+CVE-2010-XXXX [typo3-src TYPO3-SA-2010-020]
+	- typo3-src 4.3.7-1
 CVE-2010-3839
 	RESERVED
 CVE-2010-3838
@@ -356,12 +358,6 @@
 	TODO: check, apparently bogus dupes, contact MITRE for rejection 
 CVE-2010-3685 (The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x ...)
 	TODO: check, apparently bogus dupes, contact MITRE for rejection 
-CVE-2010-XXXX [bind9 two issues]
-	- bind9 <unfixed>
-	TODO: check
-	NOTE: http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html
-	NOTE: ACL bypass claimed to only affect >=9.7.2: https://lists.isc.org/pipermail/bind-announce/2010-September/000655.html
-	NOTE: The crash with multiple trust anchors affects 9.6 and is fixed in 9.6-ESV-R2.
 CVE-2010-XXXX [libcloud doesn't verify SSL certificate]
 	- libcloud <unfixed> (bug #598463)
 	TODO: check
@@ -1200,7 +1196,7 @@
 	[lenny] - lastfm <no-dsa> (Minor issue)
 CVE-2010-3361
 	RESERVED
-	- ike <unfixed> (low; bug #598292)
+	- ike 2.1.5+dfsg-2 (low; bug #598292; bug #598292)
 	[lenny] - ike <no-dsa> (Minor issue)
 CVE-2010-3360
 	RESERVED
@@ -1358,8 +1354,9 @@
 	RESERVED
 CVE-2010-3299 [ruby on rails: padding oracle attack]
 	RESERVED
-	- rails <unfixed>
-	TODO: check
+	- rails <unfixed> (unimportant)
+	NOTE: http://seclists.org/oss-sec/2010/q3/415
+	NOTE: http://seclists.org/oss-sec/2010/q3/413
 	NOTE: http://usenix.org/events/woot10/tech/full_papers/Rizzo.pdf
 CVE-2010-3298 (The hso_get_count function in drivers/net/usb/hso.c in the Linux ...)
 	- linux-2.6 2.6.32-24
@@ -13717,9 +13714,7 @@
 	- vxl 1.13.0-2 (low; bug #560945)
 	- xulrunner <unfixed> (unimportant; bug #560946)
 	- texlive-bin <not-affected> (Files are not compiled in, see #560948)
-	- vnc4 <unfixed> (low; bug #560949)
-	[etch] - vnc4 <no-dsa> (minor issue)
-	[lenny] - vnc4 <no-dsa> (minor issue)
+	- vnc4 <not-affected> (Not affected, see bug #560949)
 	- xotcl <not-affected> (Vulnerable code not present in embedded Expat copy)
 CVE-2009-3559 (** DISPUTED ** ...)
 	- php5 <unfixed> (unimportant)
@@ -25273,6 +25268,7 @@
 	- python2.5 <unfixed> (low)
 	[etch] - python2.5 <no-dsa> (Minor issue)
 	[lenny] - python2.5 <no-dsa> (Minor issue)
+	[squeeze] - python2.5 <no-dsa> (Minor issue)
 	- python2.4 <unfixed> (low)
 	[etch] - python2.4 <no-dsa> (Minor issue)
 	[lenny] - python2.4 <no-dsa> (Minor issue)

More information about the Secure-testing-commits mailing list