[Secure-testing-commits] r16082 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Wed Feb 9 08:13:34 UTC 2011 

Author: jmm
Date: 2011-02-09 08:13:29 +0000 (Wed, 09 Feb 2011)
New Revision: 16082

Modified:
   data/CVE/list
Log:
- one kernel issue doesn't affect Lenny or Squeeze
- rewrite openssh entry not that openssh has been fixed in sid
- libuser fixed
- move java/fpu entry to php


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-02-09 04:52:12 UTC (rev 16081)
+++ data/CVE/list	2011-02-09 08:13:29 UTC (rev 16082)
@@ -1,9 +1,6 @@
 CVE-2011-XXXX [wordpress multiple issues]
 	- wordpress <unfixed>
 	NOTE: http://codex.wordpress.org/Version_3.0.5
-CVE-2011-XXXX [java x87 floating point bug]
-	- openjdk-6 <unfixed>
-	- sun-java6 <unfixed>
 CVE-2011-XXXX [phpmyadmin path disclosure PMASA-2011-1]
 	- phpmyadmin <unfixed> (unimportant)
 	NOTE: Path disclosure; paths in Debian are public info already
@@ -589,7 +586,9 @@
 	RESERVED
 CVE-2011-0539 [Legacy certificates stack disclosure]
 	RESERVED
-	- openssh <not-affected> (Only affects OpenSSH 5.6 and 5.7)
+	- openssh 1:5.8p1-2
+	[squeeze] - openssh <not-affected> (Only affects OpenSSH 5.6 and 5.7)
+	[lenny] - openssh <not-affected> (Only affects OpenSSH 5.6 and 5.7)
 CVE-2011-0538
 	RESERVED
 CVE-2011-0537 (Multiple directory traversal vulnerabilities in (1) ...)
@@ -1247,6 +1246,8 @@
 	NOTE: CVE ID requested
 CVE-2010-4645 (strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 ...)
 	- php5 5.3.3-7 (high)
+	- openjdk-6 <unfixed>
+	- sun-java6 <unfixed>
 	[lenny] - php5 <unfixed> (high)
 	NOTE: lenny9 doesn't appear to be affected, for a reason still unknown
 CVE-2011-XXXX [Crash with long HOME environment variable]
@@ -2331,7 +2332,7 @@
 	- mediawiki <unfixed>
 	[lenny] - mediawiki 1:1.12.0-2lenny7
 CVE-2011-0002 (libuser before 0.57 uses a cleartext password value of (1) !! or (2) x ...)
-	- libuser <unfixed> (bug #610034)
+	- libuser 1:0.56.9.dfsg.1-1.1 (bug #610034)
 CVE-2011-0001
 	RESERVED
 CVE-2010-4499 (Session fixation vulnerability in Collaborative Information Manager ...)
@@ -2978,6 +2979,8 @@
 CVE-2010-4250 [linux inotify memory leak]
 	RESERVED
 	- linux-2.6 <unfixed>
+	[squeeze] - linux-2.6 <not-affected> (Introduced after 2.6.32)
+	[lenny] - linux-2.6 <not-affected> (Introduced after 2.6.32)
 CVE-2010-4249 (The wait_for_unix_gc function in net/unix/garbage.c in the Linux ...)
 	{DSA-2153-1}
 	- linux-2.6 2.6.32-30

More information about the Secure-testing-commits mailing list