[Secure-testing-commits] r15966 - in data: . CVE

[Moritz Muehlenhoff]

Author: jmm
Date: 2011-01-25 21:35:04 +0000 (Tue, 25 Jan 2011)
New Revision: 15966

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
sssd NMUed
offlineimap no-dsa
filed bugs for qemu and mojarra


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-01-25 21:17:21 UTC (rev 15965)
+++ data/CVE/list	2011-01-25 21:35:04 UTC (rev 15966)
@@ -1017,13 +1017,13 @@
 CVE-2010-4620
 	RESERVED
 CVE-2010-4543 (Heap-based buffer overflow in the read_channel_data function in ...)
-	- gimp <unfixed> (bug #608497)
+	- gimp <unfixed> (low; bug #608497)
 CVE-2010-4542 (Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb ...)
-	- gimp <unfixed> (bug #608497)
+	- gimp <unfixed> (low; bug #608497)
 CVE-2010-4541 (Stack-based buffer overflow in the loadit function in ...)
-	- gimp <unfixed> (bug #608497)
+	- gimp <unfixed> (low; bug #608497)
 CVE-2010-4540 (Stack-based buffer overflow in the load_preset_response function in ...)
-	- gimp <unfixed> (bug #608497)
+	- gimp <unfixed> (low; bug #608497)
 CVE-2010-4619 (SQL injection vulnerability in profil.php in Mafya Oyun Scrpti (aka ...)
 	NOT-FOR-US: Mafya Oyun Scrpti
 CVE-2010-4618 (Cross-site scripting (XSS) vulnerability in the Algis Info ...)
@@ -1758,10 +1758,14 @@
 	NOTE: http://www.djangoproject.com/weblog/2010/dec/22/security/
 CVE-2010-4533 [offlineimap uses SSLv2]
 	RESERVED
-	- offlineimap <unfixed> (bug #606962)
+	- offlineimap <unfixed> (low; bug #606962)
+	[squeeze] - offlineimap <no-dsa> (Long-standing, documented behaviour, can be updated in spu if needed)
+	[lenny] - offlineimap <no-dsa> (Long-standing, documented behaviour, can be updated in spu if needed)
 CVE-2010-4532 [no SSL cert validation]
 	RESERVED
-	- offlineimap <unfixed> (bug #603450)
+	- offlineimap <unfixed> (low; bug #603450)
+	[squeeze] - offlineimap <no-dsa> (Long-standing, documented behaviour, can be updated in spu if needed)
+	[lenny] - offlineimap <no-dsa> (Long-standing, documented behaviour, can be updated in spu if needed)
 CVE-2010-4531 (Stack-based buffer overflow in the ATRDecodeAtr function in the ...)
 	- pcsc-lite 1.5.5-4 (low; bug #607781)
 CVE-2010-4530 (Signedness error in ccid_serial.c in libccid in the USB Chip/Smart ...)
@@ -1898,9 +1902,8 @@
 	RESERVED
 CVE-2011-0011 [qemu-kvm: Setting VNC password to empty string silently disables all authentication]
 	RESERVED
-	- qemu <unfixed>
-	- kvm <removed>
-	TODO: check
+	- qemu <unfixed> (bug #611134)
+	- kvm <removed> (bug #611134)
 CVE-2011-0010 (check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is ...)
 	- sudo 1.7.4p4-6 (bug #609641)
 	[lenny] - sudo <not-affected> (Only affects 1.7.x)
@@ -2345,7 +2348,7 @@
 CVE-2010-4342 (The aun_incoming function in net/econet/af_econet.c in the Linux ...)
 	- linux-2.6 2.6.32-30
 CVE-2010-4341 (The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in ...)
-	- sssd <unfixed> (bug #610032)
+	- sssd 1.2.1-4.1 (bug #610032)
 CVE-2010-4333 (Pointter PHP Micro-Blogging Social Network 1.8 allows remote attackers ...)
 	NOT-FOR-US: Pointter PHP Micro-Blogging Social Network
 CVE-2010-4332 (Pointter PHP Content Management System 1.0 allows remote attackers to ...)
@@ -8329,8 +8332,7 @@
 CVE-2010-2088 (ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted ...)
 	NOT-FOR-US: Microsoft .NET
 CVE-2010-2087 (Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application ...)
-	- mojarra <unfixed>
-	TODO: check
+	- mojarra <unfixed> (bug #611130)
 CVE-2010-2086 (Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application ...)
 	NOT-FOR-US: Apache MyFaces
 CVE-2010-2085 (The default configuration of ASP.NET in Microsoft .NET before 1.1 has ...)

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2011-01-25 21:17:21 UTC (rev 15965)
+++ data/spu-candidates.txt	2011-01-25 21:35:04 UTC (rev 15966)
@@ -482,6 +482,11 @@
 
 --
 
+offlineimap (CVE-2010-4533, CVE-2010-4532)
+#606962
+
+--
+
 openldap
 #253838
 notified maintainer