[Secure-testing-commits] r15298 - data/CVE
Thijs Kinkhorst
thijs at alioth.debian.org
Thu Sep 9 19:56:38 UTC 2010
Author: thijs
Date: 2010-09-09 19:56:37 +0000 (Thu, 09 Sep 2010)
New Revision: 15298
Modified:
data/CVE/list
Log:
fixes from stable point update 5.0.6
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-09-09 19:42:18 UTC (rev 15297)
+++ data/CVE/list 2010-09-09 19:56:37 UTC (rev 15298)
@@ -822,9 +822,10 @@
CVE-2010-2946 [jfs issue]
RESERVED
- linux-2.6 2.6.32-21
+ [lenny] - linux-2.6 2.6.26-25
CVE-2010-2945 (The default configuration of SLiM before 1.3.2 places ./ (dot slash) ...)
- slim 1.3.1-7 (low; bug #594414)
- [lenny] - slim <no-dsa> (Maintainer will fix through stable point update)
+ [lenny] - slim 1.3.0-1+lenny3
CVE-2010-2944 (The authenticate function in LDAPUserFolder/LDAPUserFolder.py in ...)
{DSA-2096-1}
- zope-ldapuserfolder <removed> (high; bug #593466)
@@ -834,6 +835,7 @@
CVE-2010-2942 [linux-2.6 net sched infoleak]
RESERVED
- linux-2.6 <unfixed>
+ [lenny] - linux-2.6 2.6.26-25
CVE-2010-2941
RESERVED
CVE-2010-2940 (The auth_send function in providers/ldap/ldap_auth.c in System ...)
@@ -873,7 +875,7 @@
- rekonq 0.5.0-1
CVE-2010-XXXX [Insufficient stripping of CR/LF allows arbitrary IRC command execution]
- libpoe-component-irc-perl 6.32+dfsg-1
- [lenny] - libpoe-component-irc-perl <no-dsa> (#581194)
+ [lenny] - libpoe-component-irc-perl 6.32+dfsg-1 (bug #581194)
CVE-2010-2926 (SQL injection vulnerability in index.php in sNews 1.7 allows remote ...)
NOT-FOR-US: sNews CMS
CVE-2010-2925 (SQL injection vulnerability in index.php in Freeway CMS 1.4.3.210 ...)
@@ -1847,7 +1849,7 @@
NOT-FOR-US: Opera
CVE-2010-2575 (Heap-based buffer overflow in the RLE decompression functionality in ...)
- okular <removed> (low)
- [lenny] - okular <no-dsa> (Will be fixed in a stable point update)
+ [lenny] - okular 0.7-2+lenny1
- kdegraphics 4:4.4.5-2
[lenny] - kdegraphics <not-affected> (Lenny's kdegraphics doesn't yet contain Okular)
NOTE: http://www.kde.org/info/security/advisory-20100825-1.txt
@@ -1930,7 +1932,7 @@
- cacti 0.8.7g-1
CVE-2010-2542 (Stack-based buffer overflow in the is_git_directory function in ...)
- git-core 1:1.7.1-1.1 (low; bug #590026)
- [lenny] - git-core <no-dsa> (Minor issue)
+ [lenny] - git-core 1:1.5.6.5-3+lenny3.1
CVE-2010-2541 (Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType ...)
{DSA-2105-1}
- freetype 2.4.2-1 (low)
@@ -1966,7 +1968,7 @@
RESERVED
CVE-2010-2529 (Unspecified vulnerability in ping.c in iputils 20020927, 20070202, ...)
- iputils 3:20100418-2
- [lenny] - iputils <no-dsa> (Minor issue)
+ [lenny] - iputils 3:20071127-1+lenny1
CVE-2010-2528 (The clientautoresp function in family_icbm.c in the oscar protocol ...)
- pidgin 2.7.2-1
CVE-2010-2527 (Multiple buffer overflows in demo programs in FreeType before 2.4.0 ...)
@@ -2119,7 +2121,7 @@
CVE-2010-2477 [XSS in paste.httpexceptions]
RESERVED
- paste 1.7.4-1 (low)
- [lenny] - paste <no-dsa> (Minor issue)
+ [lenny] - paste 1.7.1-1+lenny1
NOTE: http://bitbucket.org/ianb/paste/changeset/fcae59df8b56
CVE-2010-2475
RESERVED
@@ -2676,7 +2678,7 @@
NOT-FOR-US: joomla!
CVE-2010-2253 (lwp-download in libwww-perl before 5.835 does not reject downloads to ...)
- libwww-perl 5.835-1 (low)
- [lenny] - libwww-perl <no-dsa> (Minor issue)
+ [lenny] - libwww-perl 5.813-1+lenny2
CVE-2010-2252 (GNU Wget 1.12 and earlier uses a server-provided filename instead of ...)
{DSA-2088-1}
- wget 1.12-2.1 (low; bug #590296)
@@ -2696,7 +2698,7 @@
CVE-2010-2247 [makepasswd: insecure passwords generated with default settings]
RESERVED
- makepasswd 1.10-5 (low; bug #564559)
- [lenny] - makepasswd <no-dsa> (Minor issue)
+ [lenny] - makepasswd 1.10-3+lenny1
CVE-2010-2246 [feh --wget-timestamp issue]
RESERVED
- feh 1.8-1 (low; bug #587205)
@@ -3123,7 +3125,7 @@
- unrealircd <itp> (bug #515130)
CVE-2010-2074 (istream.c in w3m 0.5.2 and possibly other versions, when ...)
- w3m 0.5.2-5 (low; bug #587445)
- [lenny] - w3m <no-dsa> (Minor issue)
+ [lenny] - w3m 0.5.2-2+lenny1
CVE-2010-2073 (auth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames and ...)
- pyftpd 0.8.5 (low; bug #585776)
[lenny] - pyftpd 0.8.4.6+lenny1
@@ -7899,7 +7901,7 @@
- roundcube 0.3.1-3 (bug #569660)
CVE-2010-0463 (Horde IMP 4.3.6 and earlier does not request that the web browser ...)
- imp4 4.3.7+debian0-2 (low; bug #569661)
- [lenny] - imp4 <no-dsa> (Minor issue)
+ [lenny] - imp4 4.2-4lenny2
CVE-2010-0462 (Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, ...)
NOT-FOR-US: IBM DB2
CVE-2010-0461 (SQL injection vulnerability in the casino (com_casino) component 1.0 ...)
More information about the Secure-testing-commits
mailing list