[Secure-testing-commits] r16592 - in data: . CVE

Sun Apr 24 20:31:29 UTC 2011

Author: jmm
Date: 2011-04-24 20:31:27 +0000 (Sun, 24 Apr 2011)
New Revision: 16592

Modified:
   data/CVE/list
   data/ospu-candidates.txt
   data/spu-candidates.txt
Log:
fixup old glibc entry
asterisk updates
new minor fail2ban issue (no-dsa)


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2011-04-24 20:27:36 UTC (rev 16591)
+++ data/CVE/list	2011-04-24 20:31:27 UTC (rev 16592)
@@ -1,5 +1,9 @@
 CVE-2011-1826
 	RESERVED
+CVE-2011-XXXX [fail2ban: Insecure creating/writing to tmpfile]
+	- fail2ban 0.8.4+svn20110323-1 (low; bug #544232)
+	[lenny] - fail2ban <no-dsa> (Minor issue)
+	[squeeze] - fail2ban <no-dsa> (Minor issue)
 CVE-2011-1825
 	RESERVED
 CVE-2011-1824
@@ -512,8 +516,9 @@
 	RESERVED
 CVE-2011-1600
 	RESERVED
-CVE-2011-1599
+CVE-2011-1599 [AST 2011-006]
 	RESERVED
+	- asterisk <unfixed>
 CVE-2011-1598
 	RESERVED
 CVE-2011-1597
@@ -1688,8 +1693,10 @@
 	[lenny] - apache2-mpm-itk <not-affected> (bug was introduced later, in 2.2.11-01)
 CVE-2011-1175 (tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before ...)
 	- asterisk <unfixed>
+	[lenny] - asterisk <not-affected> (Vulnerable code not present)
 CVE-2011-1174 (manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x ...)
 	- asterisk <unfixed>
+	[lenny] - asterisk <not-affected> (Vulnerable code not present)
 CVE-2011-1173
 	RESERVED
 	- linux-2.6 2.6.38-4 (low)
@@ -3552,7 +3559,7 @@
 	- mediawiki <not-affected> (Only affected when running on Windows or Novell Netware)
 CVE-2011-0536 (Multiple untrusted search path vulnerabilities in elf/dl-object.c in ...)
 	- eglibc 2.11.2-8 (bug #600667)
-	- glibc <removed>
+	- glibc <not-affected> (Lenny version not affected)
 CVE-2011-0535 (Cross-site request forgery (CSRF) vulnerability in the Users module in ...)
 	NOT-FOR-US: zikula
 CVE-2011-0534 (Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not ...)

Modified: data/ospu-candidates.txt
===================================================================
--- data/ospu-candidates.txt	2011-04-24 20:27:36 UTC (rev 16591)
+++ data/ospu-candidates.txt	2011-04-24 20:31:27 UTC (rev 16592)
@@ -153,6 +153,11 @@
 
 --
 
+fail2ban [fail2ban: Insecure creating/writing to tmpfile]
+#544232
+
+--
+
 fastjar (CVE-2010-0831, CVE-2010-2322)
 
 --

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2011-04-24 20:27:36 UTC (rev 16591)
+++ data/spu-candidates.txt	2011-04-24 20:31:27 UTC (rev 16592)
@@ -26,6 +26,11 @@
 
 --
 
+fail2ban [fail2ban: Insecure creating/writing to tmpfile]
+#544232
+
+--
+
 feedparser
 CVE-2011-1158 [sanitizer doesn't strip unsafe URI schemes]
 CVE-2011-1157 [sanitization can be bypassed by malformed XML comments]


