[Secure-testing-commits] r15251 - in data: . CVE DSA

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Wed Sep 1 16:54:04 UTC 2010 

Author: jmm-guest
Date: 2010-09-01 16:54:03 +0000 (Wed, 01 Sep 2010)
New Revision: 15251

Modified:
   data/CVE/list
   data/DSA/list
   data/next-point-update.txt
   data/spu-candidates.txt
Log:
- remove rejected LXR issue, mark remaining ones no-dsa
- libgdiplus stable point update
- remove one phpbb3 dupe, two no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-09-01 10:04:21 UTC (rev 15250)
+++ data/CVE/list	2010-09-01 16:54:03 UTC (rev 15251)
@@ -3725,10 +3725,6 @@
 	NOT-FOR-US: com_newsfeeds component for joomla!
 CVE-2010-1738
 	REJECTED
-	{DSA-2092-1}
-	- lxr <removed> (low; bug #585411)
-	- lxr-cvs <removed> (low; bug #585412)
-	NOTE: likely to be rejected as a dupe of CVE-2010-1448
 CVE-2010-1737 (PHP remote file inclusion vulnerability in ...)
 	NOT-FOR-US: Gallo
 CVE-2010-1736 (KrM Haber 1.0 stores sensitive information under the web root with ...)
@@ -3999,7 +3995,8 @@
 CVE-2010-1631
 	RESERVED
 CVE-2010-1630 (Unspecified vulnerability in posting.php in phpBB before 3.0.5 has ...)
-	- phpbb3 3.0.7-PL1-1
+	- phpbb3 3.0.7-PL1-1 (low)
+	[lenny] - phpbb3 <no-dsa> (Minor issue)
 CVE-2010-1629 (Cross-site scripting (XSS) vulnerability in Phorum before 5.2.15 ...)
 	NOT-FOR-US: Phorum
 CVE-2010-1628 (Ghostscript 8.64, 8.70, and possibly other versions allows ...)
@@ -4009,7 +4006,8 @@
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/ghostscript/+bug/546009
 	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=691295
 CVE-2010-1627 (feed.php in phpBB 3.0.7 before 3.0.7-PL1 does not properly check ...)
-	- phpbb3 3.0.7-PL1-1
+	- phpbb3 3.0.7-PL1-1 (low)
+	[lenny] - phpbb3 <no-dsa> (Minor issue)
 CVE-2010-1626 (MySQL before 5.1.46 allows local users to delete the data and index ...)
 	{DSA-2057-1}
 	- mysql-5.1 5.1.46-1 (bug #582526)
@@ -4018,6 +4016,7 @@
 CVE-2010-1625 (Cross-site scripting (XSS) vulnerability in LXR Cross Referencer ...)
 	{DSA-2092-1}
 	- lxr <removed> (low; bug #588138)
+	[lenny] - lxr <no-dsa> (Minor issue)
 	- lxr-cvs 0.9.5+cvs20071020-1.1 (low; bug #588137)
 CVE-2010-1624 (The msn_emoticon_msg function in slp.c in the MSN protocol plugin in ...)
 	- pidgin 2.7.0-1 (low)
@@ -4308,7 +4307,8 @@
 CVE-2010-1517 (The GIGABYTE Dldrv2 ActiveX control 1.4.206.11 allows remote attackers ...)
 	NOT-FOR-US: GIGABYTE Dldrv2 ActiveX control
 CVE-2010-1516 (Multiple integer overflows in SWFTools 0.9.1 allow remote attackers to ...)
-	TODO: check
+	- libglpng <unfixed> (low; bug filed)
+	[lenny] - libglpng <no-dsa> (Minor issue)
 CVE-2010-1515 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
 	NOT-FOR-US: TomatoCMS
 CVE-2010-1514 (Unrestricted file upload vulnerability in TomatoCMS 2.0.6 and earlier ...)
@@ -4590,6 +4590,7 @@
 CVE-2010-1448 (Cross-site scripting (XSS) vulnerability in lib/LXR/Common.pm in LXR ...)
 	{DSA-2092-1}
 	- lxr <removed> (low; bug #585411)
+	[lenny] - lxr <no-dsa> (Minor issue)
 	- lxr-cvs 0.9.5+cvs20071020-1.1 (low; bug #588036)
 	NOTE: seems to be a dupe of CVE-2010-1738
 CVE-2010-1447 (The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for ...)
@@ -7845,10 +7846,6 @@
 	NOTE: http://lists.debian.org/debian-release/2010/01/msg00181.html
 CVE-2010-XXXX [sudosh3: many security weaknesses]
 	- sudosh3 <removed> (high; bug #566142)
-CVE-2010-XXXX [phpbb: many issues]
-	- phpbb3 3.0.7-PL1-1
-	- phpbb2 <removed>
-	NOTE: http://www.openwall.com/lists/oss-security/2010/01/16/2
 CVE-2010-0379 (Multiple unspecified vuilnerabilities in the Macromedia Flash ActiveX ...)
 	NOT-FOR-US: Macromedia Flash ActiveX
 CVE-2010-0378 (Use-after-free vulnerability in Adobe Flash Player 6.0.79, as ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2010-09-01 10:04:21 UTC (rev 15250)
+++ data/DSA/list	2010-09-01 16:54:03 UTC (rev 15251)
@@ -25,7 +25,7 @@
 	{CVE-2009-4897 CVE-2010-1628}
 	[lenny] - ghostscript 8.62.dfsg.1-3.2lenny5
 [17 Aug 2010] DSA-2092-1  lxr-cvs - cross-site scripting
-	{CVE-2009-4497 CVE-2010-1448 CVE-2010-1625 CVE-2010-1738}
+	{CVE-2009-4497 CVE-2010-1448 CVE-2010-1625}
 	[lenny] - lxr-cvs 0.9.5+cvs20071020-1+lenny1
 [12 Aug 2010] DSA-2091-1 squirrelmail - cross-site request forgery
 	{CVE-2009-2964 CVE-2010-2813}

Modified: data/next-point-update.txt
===================================================================
--- data/next-point-update.txt	2010-09-01 10:04:21 UTC (rev 15250)
+++ data/next-point-update.txt	2010-09-01 16:54:03 UTC (rev 15251)
@@ -14,5 +14,7 @@
 	[lenny] - okular 0.7-2+lenny1
 CVE-2010-2945
 	[lenny] - slim 1.3.0-1+lenny3
+CVE-2010-1526
+	[lenny] - libgdiplus 1.9-1+lenny1
 CVE-2010-2253
-	[lenny] - libwww-perl 5.813-1+lenny2
+	[lenny] - libwww-perl 5.813-1+lenny2
\ No newline at end of file

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2010-09-01 10:04:21 UTC (rev 15250)
+++ data/spu-candidates.txt	2010-09-01 16:54:03 UTC (rev 15251)
@@ -241,6 +241,10 @@
 
 --
 
+libglpng (CVE-2010-1516)
+
+--
+
 libpng (CVE-2009-2042)
 #533676
 notified maintainer
@@ -349,6 +353,10 @@
 
 --
 
+phpbb3 (CVE-2010-1630, 1627)
+
+--
+
 postfix (CVE-2009-2939)
 notified maintainer

More information about the Secure-testing-commits mailing list