[Secure-testing-commits] r15383 - in data: . CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Tue Sep 28 15:10:07 UTC 2010 

Author: jmm-guest
Date: 2010-09-28 15:10:01 +0000 (Tue, 28 Sep 2010)
New Revision: 15383

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
- new clamav issue (already fixed in sid)
- qtparted and dropbox: fixed and no-dsa
- add srcpkg names for new poppler issues
- mydms has been removed
- new wireshark issue no-dsa, only code injection bugs are treated as DSA-worthy issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-09-28 06:41:20 UTC (rev 15382)
+++ data/CVE/list	2010-09-28 15:10:01 UTC (rev 15383)
@@ -1,10 +1,11 @@
 CVE-2010-XXXX [wireshark: BER dissector]
-	- wireshark <unfixed>
-	TODO: check
+	- wireshark <unfixed> (low)
+	[lenny] - wireshark <no-dsa> (Only leads to a crash)
 	NOTE: http://archives.neohapsis.com/archives/bugtraq/2010-09/0088.html
 CVE-2010-XXXX [poppler multiple issues]
+	- kdegraphics 4.0
+	- xpdf <unfixed>
 	- poppler <unfixed>
-	TODO: check poppler and embedders
 	NOTE: http://secunia.com/advisories/41596/
 CVE-2010-XXXX [quassel CTCP DoS]
 	- quassel 0.7.1-1 (bug #597853)
@@ -371,8 +372,11 @@
 	RESERVED
 CVE-2010-3435
 	RESERVED
-CVE-2010-3434
+CVE-2010-3434 [clamav pdf]
 	RESERVED
+	- clamav 0.96.3+dfsg-1
+	[lenny] - clamav <end-of-life>
+	NOTE: libclamav/pdf.c: Add missing boundscheck to pdf code (bb #2226) 
 CVE-2010-3433
 	RESERVED
 CVE-2010-3432 [sctp: Do not reset the packet during sctp_packet_config()]
@@ -548,7 +552,8 @@
 	RESERVED
 CVE-2010-3375
 	RESERVED
-	- qtparted <unfixed> (bug #598301)
+	- qtparted 0.4.5-8 (low; bug #598301)
+	[lenny] - qtparted <no-dsa> (Minor issue)
 CVE-2010-3374
 	RESERVED
 	- qtcreator <unfixed> (bug #598300)
@@ -605,8 +610,8 @@
 	- ember <unfixed> (bug #598288)
 CVE-2010-3354
 	RESERVED
-	- dropbox <unfixed> (bug #598287; unimportant)
-	NOTE: non-free
+	- dropbox 0.8.107-1 (low; bug #598287)
+	[lenny] - dropbox <no-dsa> (Non-free not supported)
 CVE-2010-3353
 	RESERVED
 	- cowbell <unfixed> (bug #598286)
@@ -4154,7 +4159,7 @@
 	- mysql-5.1 5.1.48-1
 	- mysql-dfsg-5.0 <not-affected> (Only affects MySQL 5.1 onwards)
 CVE-2010-2007 (Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS ...)
-	- mydms <unfixed> (bug #590904; low)
+	- mydms <removed> (bug #590904; low)
 	[lenny] - mydms <no-dsa> (Minor issue)
 	NOTE: seems to have changed name to letoDMS
 CVE-2010-2006 (Directory traversal vulnerability in op/op.Login.php in LetoDMS ...)

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2010-09-28 06:41:20 UTC (rev 15382)
+++ data/spu-candidates.txt	2010-09-28 15:10:01 UTC (rev 15383)
@@ -102,6 +102,11 @@
 
 --
 
+dropbox (CVE-2010-3354)
+bug #598287
+
+--
+
 dstat (CVE-2009-3894)
 http://svn.rpmforge.net/svn/trunk/tools/dstat/ChangeLog
 notified maintainer
@@ -467,6 +472,11 @@
 
 --
 
+qtparted (CVE-2010-3375)
+#598301
+
+--
+
 rails (CVE-2009-3086)
 bug #545063
 notified maintainer

More information about the Secure-testing-commits mailing list