[Secure-testing-commits] r15404 - in data: . CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Thu Sep 30 21:02:03 UTC 2010 

Author: jmm-guest
Date: 2010-09-30 21:02:01 +0000 (Thu, 30 Sep 2010)
New Revision: 15404

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
- fix spu version number for libpoe-component-irc-perl
- record lenny kernel point update fixes
- mark several issues not affecting lenny kernel
- scilab and teamspeak are non-free and no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-09-30 18:43:21 UTC (rev 15403)
+++ data/CVE/list	2010-09-30 21:02:01 UTC (rev 15404)
@@ -602,7 +602,7 @@
 CVE-2010-3438 [Insufficient stripping of CR/LF allows arbitrary IRC command execution]
 	RESERVED
 	- libpoe-component-irc-perl 6.32+dfsg-1
-	[lenny] - libpoe-component-irc-perl 6.32+dfsg-1 (bug #581194)
+	[lenny] - libpoe-component-irc-perl 5.84+dfsg-1+lenny1 (bug #581194)
 CVE-2010-3437 [linux pktcdvd ioctl dev_minor missing range check]
 	RESERVED
 	- linux-2.6 <unfixed>
@@ -784,8 +784,10 @@
 	- torcs <unfixed> (bug #598306)
 CVE-2010-3383
 	RESERVED
-	- teamspeak-client <unfixed> (bug #598304)
-	- teamspeak-server <unfixed> (bug #598305)
+	- teamspeak-client <unfixed> (low; bug #598304)
+	[lenny] - teamspeak-client <no-dsa> (Non-free not supported)
+	- teamspeak-server <unfixed> (low; bug #598305)
+	[lenny] - teamspeak-server <no-dsa> (Non-free not supported)
 CVE-2010-3382
 	RESERVED
 	- tau <unfixed> (bug #598303)
@@ -802,6 +804,7 @@
 CVE-2010-3378
 	RESERVED
 	- scilab <unfixed> (bug #598423; bug #598422)
+	[lenny] - scilab <no-dsa> (Non-free not supported)
 CVE-2010-3377
 	RESERVED
 	- salome <unfixed> (bug #598421)
@@ -1012,6 +1015,7 @@
 CVE-2010-3298 [net/usb/hso.c: reading uninitialized memory]
 	RESERVED
 	- linux-2.6 2.6.32-24
+	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.27)
 CVE-2010-3297 [net/eql.c: reading uninitialized stack memory]
 	RESERVED
 	- linux-2.6 2.6.32-24
@@ -3222,6 +3226,7 @@
 CVE-2010-2478 [kernel buffer overflow in ETHTOOL_GRXCLSRLALL]
 	RESERVED
 	- linux-2.6 2.6.32-19
+	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.27)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=608950
 	NOTE: http://thread.gmane.org/gmane.linux.network/164869
 CVE-2010-2477 [XSS in paste.httpexceptions]
@@ -3823,6 +3828,7 @@
 CVE-2010-2243 [timekeeping oops]
 	RESERVED
 	- linux-2.6 2.6.32-11
+	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
 CVE-2010-2242 (Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with ...)
 	- libvirt 0.8.3-1 (low)
 	[lenny] - libvirt <no-dsa> (Minor issue)
@@ -4082,6 +4088,7 @@
 	- zonecheck 2.1.1-1 (bug #583290)
 CVE-2008-7256 (mm/shmem.c in the Linux kernel before 2.6.28-rc8, when strict ...)
 	- linux-2.6 2.6.28-1 (low)
+	[lenny] - linux-2.6 2.6.26-23
 CVE-2010-2129 (Directory traversal vulnerability in the JE Ajax Event Calendar ...)
 	NOT-FOR-US: JE Ajax Event Calenda
 CVE-2010-2128 (Directory traversal vulnerability in the JE Quotation Form ...)
@@ -5429,11 +5436,13 @@
 	- cacti 0.8.7g-1
 CVE-2010-1643 (mm/shmem.c in the Linux kernel before 2.6.28-rc3, when strict ...)
 	- linux-2.6 2.6.28-1
+	[lenny] - linux-2.6 2.6.26-23
 CVE-2010-1642 (The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in ...)
 	- samba <unfixed> (unimportant)
 	NOTE: Only crashes a single connection, not the entire smbd
 CVE-2010-1641 (The do_gfs2_set_flags function in fs/gfs2/file.c in the Linux kernel ...)
 	- linux-2.6 2.6.32-16
+	[lenny] - linux-2.6 2.6.26-23
 CVE-2010-1640 (Off-by-one error in the parseicon function in libclamav/pe_icons.c in ...)
 	- clamav 0.96.1+dfsg-1 (bug #584183)
 	[lenny] - clamav <end-of-life>

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2010-09-30 18:43:21 UTC (rev 15403)
+++ data/spu-candidates.txt	2010-09-30 21:02:01 UTC (rev 15404)
@@ -483,6 +483,11 @@
 
 --
 
+scilab (CVE-2010-3378)
+#598423; #598422
+
+--
+
 shibboleth-sp2: world-readable key (no CVE)
 #571631
 notified maintainer through bugreport
@@ -512,6 +517,16 @@
 
 --
 
+teamspeak-client
+#598304
+
+--
+
+teamspeak-server
+#598305
+
+--
+
 trac (CVE-2009-4405)
 notified maintainer

More information about the Secure-testing-commits mailing list