[Secure-testing-commits] r17147 - in data: . CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Wed Aug 31 17:30:56 UTC 2011 

Author: jmm
Date: 2011-08-31 17:30:56 +0000 (Wed, 31 Aug 2011)
New Revision: 17147

Modified:
   data/CVE/list
   data/ospu-candidates.txt
   data/spu-candidates.txt
Log:
- new zabbix issues (FD, please create ticket)
- new unimportant wireshark issue
- hammmerhead no-dsa
- new kernel issue doesn't affect Debian


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-08-31 17:03:54 UTC (rev 17146)
+++ data/CVE/list	2011-08-31 17:30:56 UTC (rev 17147)
@@ -1,6 +1,3 @@
-CVE-2011-XXXX [squid3: Buffer overflow in Gopher reply parser]
-    - squid3 <unfixed> (low; bug #639755)
-    NOTE: http://www.squid-cache.org/Advisories/SQUID-2011_3.txt
 CVE-2011-3339
 	RESERVED
 CVE-2011-3338
@@ -148,7 +145,8 @@
 CVE-2011-3267 (PHP before 5.3.7 does not properly implement the error_log function, ...)
 	- php5 <undetermined>
 CVE-2011-3266 (The proto_tree_add_item function in Wireshark 1.6.1, when the IKEv1 ...)
-	TODO: check
+	- wireshark 1.6.1-1 (unimportant)
+	NOTE: no code injection, not treated as a security issue, see README.Debian.security
 CVE-2010-4830 (SQL injection vulnerability in Resumes/TD_RESUME_Indlist.asp in Techno ...)
 	NOT-FOR-US: Techno Dreams (T-Dreams) Job Career Package
 CVE-2010-4829 (SQL injection vulnerability in processview.asp in Techno Dreams ...)
@@ -160,15 +158,16 @@
 CVE-2010-4826 (SQL injection vulnerability in members.asp in Snitz Forums 2000 3.4.07 ...)
 	NOT-FOR-US: Snitz Forums
 CVE-2010-4825 (Cross-site scripting (XSS) vulnerability in magpie_debug.php in the ...)
-	TODO: check
+	NOT-FOR-US: Wordpress plugin
 CVE-2011-XXXX [lightdm privilege escalation]
 	- lightdm <unfixed> (bug #639151)
 CVE-2011-3265 (popup.php in Zabbix before 1.8.7 allows remote attackers to read the ...)
-	TODO: check
+	- zabbix <unfixed>
 CVE-2011-3264 (Zabbix before 1.8.6 allows remote attackers to obtain sensitive ...)
-	TODO: check
+	- zabbix 1:1.8.6-1 (unimportant)
+	NOTE: Installation path is known anyway for the Debian package
 CVE-2011-3263 (zabbix_agentd in Zabbix before 1.8.6 and 1.9.x before 1.9.4 allows ...)
-	TODO: check
+	- zabbix 1:1.8.6-1
 CVE-2011-3262 (tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 ...)
 	TODO: check
 CVE-2011-3261
@@ -283,11 +282,16 @@
 	RESERVED
 CVE-2011-3206
 	RESERVED
-CVE-2011-3205
+CVE-2011-3205 [squid3: Buffer overflow in Gopher reply parser]
 	RESERVED
+    - squid3 <unfixed> (low; bug #639755)
+    - squid <not-affected> (Only a buffer overflow in Squid 3, see https://bugzilla.redhat.com/show_bug.cgi?id=734583#c4)
+    NOTE: http://www.squid-cache.org/Advisories/SQUID-2011_3.txt
 CVE-2011-3204 [hammerhead: insecure temporary file use]
 	RESERVED
 	- hammerhead <unfixed> (bug #639890)
+	[lenny] - hammerhead <no-dsa> (Minor issue)
+	[squeeze] - hammerhead <no-dsa> (Minor issue)
 	NOTE: https://launchpad.net/bugs/826679
 CVE-2011-3203 [Jcow CMS 4.x:4.2 <= , 5.x:5.2 <= | Arbitrary Code Execution]
 	RESERVED
@@ -1052,7 +1056,7 @@
 	- linux-2.6 3.0.0-2
 	[lenny] - linux-2.6 <not-affected> (perf not yet present)
 CVE-2011-2904 (Cross-site scripting (XSS) vulnerability in acknow.php in Zabbix ...)
-	TODO: check
+	- zabbix 1:1.8.6-1
 CVE-2011-2903
 	RESERVED
 	- tcptrack 1.4.2-1 (unimportant; bug #551092)
@@ -2170,6 +2174,7 @@
 	NOTE: http://openwall.com/lists/oss-security/2011/06/20/2
 CVE-2011-2482
 	RESERVED
+	- linux-2.6 <not-affected> (RHEL-specific regression)
 CVE-2011-2481 (Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace ...)
 	- tomcat7 7.0.19-1
 CVE-2011-2480 [kfreebsd info disclosure]

Modified: data/ospu-candidates.txt
===================================================================
--- data/ospu-candidates.txt	2011-08-31 17:03:54 UTC (rev 17146)
+++ data/ospu-candidates.txt	2011-08-31 17:30:56 UTC (rev 17147)
@@ -266,6 +266,10 @@
 
 --
 
+hammerhead (CVE-2011-3204)
+
+--
+
 htmldoc (CVE-2009-3050)
 #537637
 notified maintainer through initial bugreport

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2011-08-31 17:03:54 UTC (rev 17146)
+++ data/spu-candidates.txt	2011-08-31 17:30:56 UTC (rev 17147)
@@ -42,6 +42,11 @@
 
 --
 
+hammerhead (CVE-2011-3204)
+
+
+--
+
 open-vm-tools (CVE-2011-1681)
 #623968
 waiting stable

More information about the Secure-testing-commits mailing list