[Secure-testing-commits] r15251 - in data: . CVE DSA
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Wed Sep 1 16:54:04 UTC 2010
Author: jmm-guest
Date: 2010-09-01 16:54:03 +0000 (Wed, 01 Sep 2010)
New Revision: 15251
Modified:
data/CVE/list
data/DSA/list
data/next-point-update.txt
data/spu-candidates.txt
Log:
- remove rejected LXR issue, mark remaining ones no-dsa
- libgdiplus stable point update
- remove one phpbb3 dupe, two no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-09-01 10:04:21 UTC (rev 15250)
+++ data/CVE/list 2010-09-01 16:54:03 UTC (rev 15251)
@@ -3725,10 +3725,6 @@
NOT-FOR-US: com_newsfeeds component for joomla!
CVE-2010-1738
REJECTED
- {DSA-2092-1}
- - lxr <removed> (low; bug #585411)
- - lxr-cvs <removed> (low; bug #585412)
- NOTE: likely to be rejected as a dupe of CVE-2010-1448
CVE-2010-1737 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: Gallo
CVE-2010-1736 (KrM Haber 1.0 stores sensitive information under the web root with ...)
@@ -3999,7 +3995,8 @@
CVE-2010-1631
RESERVED
CVE-2010-1630 (Unspecified vulnerability in posting.php in phpBB before 3.0.5 has ...)
- - phpbb3 3.0.7-PL1-1
+ - phpbb3 3.0.7-PL1-1 (low)
+ [lenny] - phpbb3 <no-dsa> (Minor issue)
CVE-2010-1629 (Cross-site scripting (XSS) vulnerability in Phorum before 5.2.15 ...)
NOT-FOR-US: Phorum
CVE-2010-1628 (Ghostscript 8.64, 8.70, and possibly other versions allows ...)
@@ -4009,7 +4006,8 @@
NOTE: https://bugs.launchpad.net/ubuntu/+source/ghostscript/+bug/546009
NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=691295
CVE-2010-1627 (feed.php in phpBB 3.0.7 before 3.0.7-PL1 does not properly check ...)
- - phpbb3 3.0.7-PL1-1
+ - phpbb3 3.0.7-PL1-1 (low)
+ [lenny] - phpbb3 <no-dsa> (Minor issue)
CVE-2010-1626 (MySQL before 5.1.46 allows local users to delete the data and index ...)
{DSA-2057-1}
- mysql-5.1 5.1.46-1 (bug #582526)
@@ -4018,6 +4016,7 @@
CVE-2010-1625 (Cross-site scripting (XSS) vulnerability in LXR Cross Referencer ...)
{DSA-2092-1}
- lxr <removed> (low; bug #588138)
+ [lenny] - lxr <no-dsa> (Minor issue)
- lxr-cvs 0.9.5+cvs20071020-1.1 (low; bug #588137)
CVE-2010-1624 (The msn_emoticon_msg function in slp.c in the MSN protocol plugin in ...)
- pidgin 2.7.0-1 (low)
@@ -4308,7 +4307,8 @@
CVE-2010-1517 (The GIGABYTE Dldrv2 ActiveX control 1.4.206.11 allows remote attackers ...)
NOT-FOR-US: GIGABYTE Dldrv2 ActiveX control
CVE-2010-1516 (Multiple integer overflows in SWFTools 0.9.1 allow remote attackers to ...)
- TODO: check
+ - libglpng <unfixed> (low; bug filed)
+ [lenny] - libglpng <no-dsa> (Minor issue)
CVE-2010-1515 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
NOT-FOR-US: TomatoCMS
CVE-2010-1514 (Unrestricted file upload vulnerability in TomatoCMS 2.0.6 and earlier ...)
@@ -4590,6 +4590,7 @@
CVE-2010-1448 (Cross-site scripting (XSS) vulnerability in lib/LXR/Common.pm in LXR ...)
{DSA-2092-1}
- lxr <removed> (low; bug #585411)
+ [lenny] - lxr <no-dsa> (Minor issue)
- lxr-cvs 0.9.5+cvs20071020-1.1 (low; bug #588036)
NOTE: seems to be a dupe of CVE-2010-1738
CVE-2010-1447 (The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for ...)
@@ -7845,10 +7846,6 @@
NOTE: http://lists.debian.org/debian-release/2010/01/msg00181.html
CVE-2010-XXXX [sudosh3: many security weaknesses]
- sudosh3 <removed> (high; bug #566142)
-CVE-2010-XXXX [phpbb: many issues]
- - phpbb3 3.0.7-PL1-1
- - phpbb2 <removed>
- NOTE: http://www.openwall.com/lists/oss-security/2010/01/16/2
CVE-2010-0379 (Multiple unspecified vuilnerabilities in the Macromedia Flash ActiveX ...)
NOT-FOR-US: Macromedia Flash ActiveX
CVE-2010-0378 (Use-after-free vulnerability in Adobe Flash Player 6.0.79, as ...)
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2010-09-01 10:04:21 UTC (rev 15250)
+++ data/DSA/list 2010-09-01 16:54:03 UTC (rev 15251)
@@ -25,7 +25,7 @@
{CVE-2009-4897 CVE-2010-1628}
[lenny] - ghostscript 8.62.dfsg.1-3.2lenny5
[17 Aug 2010] DSA-2092-1 lxr-cvs - cross-site scripting
- {CVE-2009-4497 CVE-2010-1448 CVE-2010-1625 CVE-2010-1738}
+ {CVE-2009-4497 CVE-2010-1448 CVE-2010-1625}
[lenny] - lxr-cvs 0.9.5+cvs20071020-1+lenny1
[12 Aug 2010] DSA-2091-1 squirrelmail - cross-site request forgery
{CVE-2009-2964 CVE-2010-2813}
Modified: data/next-point-update.txt
===================================================================
--- data/next-point-update.txt 2010-09-01 10:04:21 UTC (rev 15250)
+++ data/next-point-update.txt 2010-09-01 16:54:03 UTC (rev 15251)
@@ -14,5 +14,7 @@
[lenny] - okular 0.7-2+lenny1
CVE-2010-2945
[lenny] - slim 1.3.0-1+lenny3
+CVE-2010-1526
+ [lenny] - libgdiplus 1.9-1+lenny1
CVE-2010-2253
- [lenny] - libwww-perl 5.813-1+lenny2
+ [lenny] - libwww-perl 5.813-1+lenny2
\ No newline at end of file
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2010-09-01 10:04:21 UTC (rev 15250)
+++ data/spu-candidates.txt 2010-09-01 16:54:03 UTC (rev 15251)
@@ -241,6 +241,10 @@
--
+libglpng (CVE-2010-1516)
+
+--
+
libpng (CVE-2009-2042)
#533676
notified maintainer
@@ -349,6 +353,10 @@
--
+phpbb3 (CVE-2010-1630, 1627)
+
+--
+
postfix (CVE-2009-2939)
notified maintainer
More information about the Secure-testing-commits
mailing list