[Secure-testing-commits] r17858 - in data: . CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Fri Dec 23 12:38:25 UTC 2011 

Author: jmm
Date: 2011-12-23 12:38:25 +0000 (Fri, 23 Dec 2011)
New Revision: 17858

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
openswan not-affected
n-m no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-12-23 11:44:41 UTC (rev 17857)
+++ data/CVE/list	2011-12-23 12:38:25 UTC (rev 17858)
@@ -8029,9 +8029,11 @@
 CVE-2011-2177
 	RESERVED
 CVE-2011-2176 (GNOME NetworkManager before 0.8.6 does not properly enforce the ...)
-	- network-manager 0.9.0-1 (bug #631520)
-	TODO: check serverity
-	TODO: maintainer was consulted about the other affected versions.
+	- network-manager 0.9.0-1 (low; bug #631520)
+	[squeeze] - network-manager <no-dsa> (Minor issue)
+	NOTE: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=id=e7273c1609ac267e1d77ff03c97c8929f15e3737
+	NOTE: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=id=287fe10c40ae9b90ce703b79f3479b755f0956c0
+	NOTE: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=id=e5085f950730b1e2e68645231e2042127c29a82e
 CVE-2011-2167 (script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot ...)
 	- dovecot 1:2.0.13-1 (low)
 	[squeeze] - dovecot <not-affected> (Vulnerable script not present)
@@ -8252,7 +8254,7 @@
 CVE-2011-2148 (Admin/frmSite.aspx in the SmarterTools SmarterStats 6.0 web server ...)
 	NOT-FOR-US: SmarterStats
 CVE-2011-2147 (Openswan 2.2.x does not properly restrict permissions for (1) ...)
-	- openswan <unfixed>  (bug #628449)
+	- openswan <not-affected> (In Debian no starter.pid is ever written and the subsys entry gets created with -rw-r--r-- permissions, bug #628449)
 CVE-2011-2146 (mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware ...)
 	- open-vm-tools 2:8.4.2+2011.08.21-471295-1 (bug #631507)
 	[lenny] - open-vm-tools <no-dsa> (Contrib not supported)

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2011-12-23 11:44:41 UTC (rev 17857)
+++ data/spu-candidates.txt	2011-12-23 12:38:25 UTC (rev 17858)
@@ -113,7 +113,14 @@
 net (CVE-2011-4091, CVE-2011-4093)
 #647318, #647317
 
+--
 
+network-manager (CVE-2011-2176)
+#631520
+http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=id=e7273c1609ac267e1d77ff03c97c8929f15e3737
+http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=id=287fe10c40ae9b90ce703b79f3479b755f0956c0
+http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=id=e5085f950730b1e2e68645231e2042127c29a82e
+
 --
 
 nfs-utils (CVE-2011-1749)

More information about the Secure-testing-commits mailing list