[Secure-testing-commits] r15849 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Fri Jan 14 18:06:24 UTC 2011 

Author: jmm
Date: 2011-01-14 18:06:13 +0000 (Fri, 14 Jan 2011)
New Revision: 15849

Modified:
   data/CVE/list
Log:
CVE assignments


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-01-14 17:08:45 UTC (rev 15848)
+++ data/CVE/list	2011-01-14 18:06:13 UTC (rev 15849)
@@ -12145,7 +12145,7 @@
 CVE-2005-4886 (The selinux_parse_skb_ipv6 function in security/selinux/hooks.c in the ...)
 	- linux-2.6 2.6.12-1
 	- linux-2.6.24 <not-affected> (fixed before 2.6.24)
-CVE-2010-XXXX [konversation DoS]
+CVE-2009-5050 [konversation DoS]
 	- konversation 1.2.3-1 (low)
 	[lenny] - konversation <not-affected> (Doesn't affect the combination of kdelibs/QT in Lenny)
 	NOTE: http://bugs.kde.org/show_bug.cgi?id=219985
@@ -15031,7 +15031,7 @@
 	{DSA-1986-1}
 	- moodle 1.8.2.dfsg-6 (bug #559531)
 	NOTE: MSA-09-0022
-CVE-2009-XXXX [docutils insecure usage of temporary files]
+CVE-2009-5042 [docutils insecure usage of temporary files]
 	- python-docutils 0.6-2 (low; bug #560755)
 	[etch] - python-docutils <not-affected> (vulnerable code introduced in 0.5)
 	[lenny] - python-docutils 0.5-2+lenny1
@@ -16316,10 +16316,26 @@
 	- ghostscript <unfixed> (unimportant)
 	- gs-gpl <removed> (unimportant)
 	- xpdf <unfixed> (unimportant)
-CVE-2009-XXXX [multiple vulnerabilities in jetty]
+CVE-2009-5045 [multiple vulnerabilities in jetty]
 	- jetty <unfixed> (unimportant; bug #553644)
 	NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
 	NOTE: The affected apps are not shipped in the package, see #553644
+CVE-2009-5046 [multiple vulnerabilities in jetty]
+	- jetty <unfixed> (unimportant; bug #553644)
+	NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
+	NOTE: The affected apps are not shipped in the package, see #553644
+CVE-2009-5047 [multiple vulnerabilities in jetty]
+	- jetty <unfixed> (unimportant; bug #553644)
+	NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
+	NOTE: The affected apps are not shipped in the package, see #553644
+CVE-2009-5048 [multiple vulnerabilities in jetty]
+	- jetty <unfixed> (unimportant; bug #553644)
+	NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
+	NOTE: The affected apps are not shipped in the package, see #553644
+CVE-2009-5049 [multiple vulnerabilities in jetty]
+	- jetty <unfixed> (unimportant; bug #553644)
+	NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
+	NOTE: The affected apps are not shipped in the package, see #553644
 CVE-2009-XXXX [cherokee 0.5.4 DoS]
 	- cherokee <not-affected> (not reproducible)
 	NOTE: <4089.110.37.64.157.1256562313.squirrel at mail.xc0re.net> in bugtraq
@@ -17245,7 +17261,7 @@
 	NOTE: This is an enhancement, not a security issue.
 	NOTE: A user must have access to a guest hard drive image in order to boot it,
 	NOTE:  so he can simply mount the drive and remove the password option.
-CVE-2009-XXXX [buffer overflow in overkill]
+CVE-2009-5041 [buffer overflow in overkill]
 	- overkill 0.16-14.1 (bug #549310; low)
 	[lenny] - overkill <no-dsa> (Minor issue)
 	[etch] - overkill <no-dsa> (Minor issue)
@@ -19446,7 +19462,7 @@
 	- backuppc 3.1.0-8 (low; bug #542218)
 	[etch] - backuppc <not-affected> (No configuration GUI)
 	[lenny] - backuppc 3.1.0-4lenny2
-CVE-2009-XXXX [burn: Insecure escaping of file names]
+CVE-2009-5043 [burn: Insecure escaping of file names]
 	- burn 0.4.5-1 (low; bug #542329)
 	[lenny] - burn 0.4.3-2.1+lenny1
 	[etch] - burn <no-dsa> (Minor issue)
@@ -20144,7 +20160,7 @@
 	[etch] - groff <not-affected> (pdfroff not yet present)
 	[lenny] - groff <not-affected> (pdfroff not yet present)
 	NOTE: requested CVE ids
-CVE-2009-XXXX [groff: uses insecure temp files]
+CVE-2009-5044 [groff: uses insecure temp files]
 	- groff 1.20.1-5 (low; bug #538330)
 	[etch] - groff <not-affected> (pdfroff not yet present)
 	[lenny] - groff <not-affected> (pdfroff not yet present)
@@ -28078,8 +28094,10 @@
 	NOT-FOR-US: GoAhead WebServer
 CVE-2002-2427 (The security handler in GoAhead WebServer before 2.1.1 allows remote ...)
 	NOT-FOR-US: GoAhead WebServer
-CVE-2008-XXXX [iceweasel-firegpg: Passphrase and Cleartext Recovery]
+CVE-2008-7272 [iceweasel-firegpg: Passphrase and Cleartext Recovery]
 	- iceweasel-firegpg <removed> (bug #514386)
+CVE-2008-7273 [iceweasel-firegpg: Passphrase and Cleartext Recovery]
+	- iceweasel-firegpg <removed> (bug #514386)
 CVE-2009-0431 (SQL injection vulnerability in Default.asp in LinksPro Standard ...)
 	NOT-FOR-US: LinksPro
 CVE-2009-0430 (Multiple cross-site scripting (XSS) vulnerabilities in Active Bids ...)

More information about the Secure-testing-commits mailing list