[Secure-testing-commits] r15514 - data/CVE

Sun Oct 24 10:35:41 UTC 2010

Author: jmm-guest
Date: 2010-10-24 10:35:32 +0000 (Sun, 24 Oct 2010)
New Revision: 15514

Modified:
   data/CVE/list
Log:
- pidgin squeeze fix
- current vdr fix is not correct
- imp4, poppler NMUed
- two openjdk issues fixed
- slowloris irrelevant for toy httpd like dhttpd


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2010-10-24 06:18:22 UTC (rev 15513)
+++ data/CVE/list	2010-10-24 10:35:32 UTC (rev 15514)
@@ -462,12 +462,12 @@
 	RESERVED
 CVE-2010-3844
 	RESERVED
-	- ettercap <unfixed> (low; bug #600130)
-	[lenny] - ettercap <no-dsa> (Minor issue)
+        - ettercap <unfixed> (low; bug #600130)
+        [lenny] - ettercap <no-dsa> (Minor issue)
 CVE-2010-3843
 	RESERVED
-	- ettercap <unfixed> (low; bug #600130)
-	[lenny] - ettercap <no-dsa> (Minor issue)
+        - ettercap <unfixed> (low; bug #600130)
+        [lenny] - ettercap <no-dsa> (Minor issue)
 CVE-2010-3842
 	RESERVED
 	- curl <not-affected> (Doesn't affect POSIX systems)
@@ -787,6 +787,7 @@
 CVE-2010-3711
 	RESERVED
 	- pidgin 2.7.4-1
+	[squeeze] - pidgin 2.7.3-1+squeeze1
 CVE-2010-3710
 	RESERVED
 CVE-2010-3709
@@ -805,7 +806,7 @@
 	{DSA-2119-1}
 	- kdegraphics 4.0
 	- xpdf 3.02-9
-	- poppler <unfixed> (bug #599165)
+	- poppler 0.12.4-1.2 (bug #599165)
 	NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473
 CVE-2010-3703
 	RESERVED
@@ -813,7 +814,7 @@
 	[lenny] - kdegraphics <not-affected> (Vulnerable code not present)
 	- xpdf 3.02-9
 	[lenny] - xpdf <not-affected> (Vulnerable code not present)
-	- poppler <unfixed> (bug #599165)
+	- poppler 0.12.4-1.2 (bug #599165)
 	[lenny] - poppler <not-affected> (Vulnerable code not present)
 	NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=bf2055088a3a2d3bb3d3c37d464954ec1a25771f
 CVE-2010-3702
@@ -821,7 +822,7 @@
 	{DSA-2119-1}
 	- kdegraphics 4.0
 	- xpdf 3.02-9
-	- poppler <unfixed> (bug #599165)
+	- poppler 0.12.4-1.2 (bug #599165)
 	NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf
 CVE-2010-3701 (lib/MessageStoreImpl.cpp in Red Hat Enterprise MRG before 1.2.2 allows ...)
 	NOT-FOR-US: Red Hat Enterprise MRG
@@ -838,7 +839,7 @@
 	[lenny] - freeradius <not-affected> (Vulnerable code not present)
 CVE-2010-3695 [XSS vulnerability in the Fetchmail configuration]
 	RESERVED
-	- imp4 <unfixed> (bug #598584)
+	- imp4 4.3.7+debian0-2.1 (bug #598584)
 	NOTE: http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0379.html
 CVE-2010-3694 [Protected preference forms against CSRF attacks]
 	RESERVED
@@ -1661,7 +1662,7 @@
 CVE-2010-3388
 	RESERVED
 CVE-2010-3387 (** DISPUTED ** ...)
-	- vdr 1.6.0-18.1 (unimportant; bug #598308)
+	- vdr <unfixed> (unimportant; bug #598308)
 	NOTE: Only affects a debugging tool, see bug #598308
 CVE-2010-3386 (usttrace in LTTng Userspace Tracer (aka UST) 0.7 places a zero-length ...)
 	- ust 0.7-2.1 (bug #598309)
@@ -3912,8 +3913,7 @@
 	NOT-FOR-US: Microsoft
 CVE-2010-2548
 	RESERVED
-	- openjdk-6 <unfixed>
-	NOTE: Fixed in experimental
+	- openjdk-6 6b18-1.8.1-1
 CVE-2010-2547 (Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG ...)
 	{DSA-2076-1}
 	- gnupg2 2.0.14-2
@@ -13271,7 +13271,7 @@
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 6-20-0lenny1
 CVE-2009-3868 (Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before ...)
-	- openjdk-6 <unfixed> (medium; bug #560908)
+	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
 	- sun-java6 6-17-1
 	[lenny] - sun-java6 6-20-0lenny1
 CVE-2009-3867 (Stack-based buffer overflow in the HsbParser.getSoundBank function in ...)
@@ -17250,9 +17250,7 @@
 	[etch] - wordpress <not-affected> (Vulnerable code not present)
 	NOTE: not really a security issue in my opinion, just an annoying bug
 CVE-2009-XXXX [libxerces2-java: xml-based firewall bypass / port scanning]
-	- libxerces2-java <unfixed> (low; bug #540862)
-	[etch] - libxerces2-java <no-dsa> (minor issue)
-	[lenny] - libxerces2-java <no-dsa> (minor issue)
+	- libxerces2-java <unfixed> (unimportant; bug #540862)
 CVE-2009-XXXX [gri: insecure temp file generation]
 	- gri 2.12.18-1 (low)
 	[etch] - gri <no-dsa> (Minor issue)
@@ -19110,7 +19108,7 @@
 	- squid <not-affected>
 	- squid3 <not-affected>
 	NOTE: http://www.squid-cache.org/bugs/show_bug.cgi?id=2694
-	- dhttpd <unfixed> (low; bug #533665)
+	- dhttpd <unfixed> (unimportant; bug #533665)
 	[etch] - dhttpd <no-dsa> (Minor issue)
 	[lenny] - dhttpd <no-dsa> (Minor issue)
 	- lighttpd <not-affected>


