[Secure-testing-commits] r15377 - in data: . CVE DSA

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Mon Sep 27 16:32:47 UTC 2010 

Author: jmm-guest
Date: 2010-09-27 16:32:43 +0000 (Mon, 27 Sep 2010)
New Revision: 15377

Modified:
   data/CVE/list
   data/DSA/list
   data/next-point-update.txt
Log:
- add git-core DSA
- kvm fixed in next point update
- add missing epochs
- several CVE IDs are being requested, cleanup a few
  entries:
  remove vlc dupe, already tracked CVE-2010-2062
  remove phpldapadmin entry, not a direct vulnerability, just a
     violation of our PHP security policies
  remove webkit/dns lookup bug, not a security issue
  remove sudo config issue, not a security issue, just a wish for
     different default configuration
  remove greylistd issue, not a security issue
  remove network-manager issue, a lack of a security feature, not
     a vulnerability
  remove kupfer issue, not a vulnerability


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-09-27 09:47:24 UTC (rev 15376)
+++ data/CVE/list	2010-09-27 16:32:43 UTC (rev 15377)
@@ -341,18 +341,10 @@
 	- mingetty 1.07-2 (medium; bug #597382)
 CVE-2010-XXXX [config file world readable]
 	- sabnzbdplus 0.5.4-1 (low; bug #593829)
-CVE-2010-XXXX [pin shown locally in cleartext]
-	- network-manager <unfixed> (low; bug #592364)
 CVE-2010-XXXX [signature verification issue]
 	- dpkg 1.15.1 (unimportant; bug #592115)
-CVE-2010-XXXX [recipient domain checks in exim acl]
-	- greylistd 0.8.7+nmu2 (low; bug #591678)
 CVE-2008-XXXX [greylistd bypass]
 	- greylistd 0.8.7+nmu2 (low; bug #464084)
-CVE-2010-XXXX [stores passwords in cleartext converted to base64]
-	- kupfer 0+v201-2 (medium; bug #598288)
-CVE-2010-XXXX [register_globals needs to be turned off]
-	- phpldapadmin 1.2.0.5-1.1 (low; bug #587536)
 CVE-2010-XXXX [numpy memory corruption]
 	- python-numpy <unfixed> (medium; bug #581058)
 	NOTE: http://projects.scipy.org/numpy/changeset/8364
@@ -2707,7 +2699,6 @@
 	- cacti 0.8.7g-1
 CVE-2010-2542 (Stack-based buffer overflow in the is_git_directory function in ...)
 	- git-core 1:1.7.1-1.1 (low; bug #590026)
-	[lenny] - git-core 1:1.5.6.5-3+lenny3.1
 CVE-2010-2541 (Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType ...)
 	{DSA-2105-1}
 	- freetype 2.4.2-1 (low)
@@ -6023,10 +6014,6 @@
 CVE-2010-2449 [gource: predictable log file located in /tmp]
 	RESERVED
 	- gource 0.26-2 (low; bug #577958)
-CVE-2010-XXXX [webkit: lots of dns lookups]
-	- webkit <unfixed> (unimportant; bug #578019)
-	NOTE: i find it questionable whether this is really a security issue...
-	NOTE: iceweasel behaves the same way...it's probably the page caching feature
 CVE-2010-1564
 	REJECTED
 CVE-2010-1372 (SQL injection vulnerability in the HD FLV Player (com_hdflvplayer) ...)
@@ -7671,9 +7658,6 @@
 	NOT-FOR-US: Xerver
 CVE-2009-4656 (Stack-based buffer overflow in E-Soft DJ Studio Pro 4.2 including ...)
 	NOT-FOR-US: E-Soft DJ Studio Pro
-CVE-2010-XXXX [sudo weakness]
-	- sudo <unfixed> (unimportant; bug #567614)
-	NOTE: Hardening configuration option, not a vulnerability
 CVE-2010-XXXX [esmtp: world-readable config file]
 	- esmtp 1.2-3 (unimportant; bug #568925)
 	NOTE: Documentation advises against adding password data to the respective config file
@@ -8237,7 +8221,7 @@
 CVE-2009-4643 (Stack-based buffer overflow in dsInstallerService.dll in the Juniper ...)
 	NOT-FOR-US: Juniper Installer Service
 CVE-2009-XXXX [ffmpeg vulnerabilities]
-	- ffmpeg 0.5.1-1 (medium; bug #570713; bug #550442)
+	- ffmpeg 4:0.5.1-1 (medium; bug #570713; bug #550442)
 	- ffmpeg-debian <removed> (medium)
 CVE-2010-XXXX [dillo improper restriction of path in cookies]
 	- dillo <removed>
@@ -16304,15 +16288,6 @@
 	NOT-FOR-US: MDaemon WorldClient
 CVE-2008-6892 (SQL injection vulnerability in lire/index.php in Peel 3.1 allows ...)
 	NOT-FOR-US: Peel
-CVE-2009-XXXX [VLC: integer underflow in Real RTSP]
-	- vlc 1.0.1-1
-	[lenny] - vlc 0.8.6.h-4+lenny2.3 
-	- mplayer 2:1.0~rc3+svn20100502-3 (medium; bug #581245)
-	[lenny] - mplayer 1.0~rc2-17+lenny3.2
-	- xine-lib <not-affected> (immune due to additional check in xio_rw_abbort())
-	NOTE: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=dc74600c97eb834c08674676e209afa842053aca
-	NOTE: http://dzcore.wordpress.com/2009/07/27/dzc-2009-001-the-movie-player-and-vlc-media-player-real-data-transport-parsing-integer-underflow/
-	NOTE: DSA-2043 and DSA-2044
 CVE-2009-2655 (mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2009-2654 (Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote ...)
@@ -20190,7 +20165,7 @@
 CVE-2008-6727 (Cross-site scripting (XSS) vulnerability in Ultimate PHP Board (UPB) ...)
 	NOT-FOR-US: Ultimate PHP Board
 CVE-2009-XXXX [git-core in Debian has non-root-owned files under /usr]
-	- git-core 1.6.2.1-1 (bug #516669)
+	- git-core 1:1.6.2.1-1 (bug #516669)
 CVE-2009-1341 (Memory leak in the dequote_bytea function in quote.c in the DBD::Pg ...)
 	{DSA-1780-1}
 	- libdbd-pg-perl 2.1.3-1
@@ -73706,7 +73681,7 @@
 	- linux-2.6 2.6.15-1
 	- kernel-source-2.4.27 <not-affected> (2.4's proc_file_lseek contains a sanity check)
 CVE-2005-XXXX [xshisen follows symlinks for shared gid games files]
-	- xshisen 1.51-1-1.2 (bug #291613)
+	- xshisen 1:1.51-1-1.2 (bug #291613)
 CVE-2006-0062 [Potential xlockmore bypass]
 	RESERVED
 	- xlockmore 1:5.13-2.1 (bug #309760)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2010-09-27 09:47:24 UTC (rev 15376)
+++ data/DSA/list	2010-09-27 16:32:43 UTC (rev 15377)
@@ -1,3 +1,6 @@
+[26 Sep 2010] DSA-2114-1 git-core
+	{CVE-2010-2542}
+	[lenny] - git-core 1:1.5.6.5-3+lenny4
 [20 Sep 2010] DSA-2113-1 drupal6 - several vulnerabilities
 	{CVE-2010-3091 CVE-2010-3092 CVE-2010-3093 CVE-2010-3094}
 	[lenny] - drupal6 6.6-3lenny6

Modified: data/next-point-update.txt
===================================================================
--- data/next-point-update.txt	2010-09-27 09:47:24 UTC (rev 15376)
+++ data/next-point-update.txt	2010-09-27 16:32:43 UTC (rev 15377)
@@ -6,4 +6,7 @@
 	[lenny] - xen-tools 3.9-4+lenny1
 CVE-2010-2574
 	[lenny] - mantis 1.1.6+dfsg-2lenny2
+CVE-2010-2784
+	[lenny] - kvm 72+dfsg-5~lenny6
 
+

More information about the Secure-testing-commits mailing list