[Secure-testing-commits] r15967 - in data: . CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Tue Jan 25 21:49:19 UTC 2011 

Author: jmm
Date: 2011-01-25 21:49:15 +0000 (Tue, 25 Jan 2011)
New Revision: 15967

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
NFUs
new minor pam issues
two ffmpeg issues (probably related to CVE-2010-0480)


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-01-25 21:35:04 UTC (rev 15966)
+++ data/CVE/list	2011-01-25 21:49:15 UTC (rev 15967)
@@ -1,25 +1,33 @@
 CVE-2011-0640 (The default configuration of udev on Linux does not warn the user ...)
 	TODO: check
 CVE-2011-0639 (Apple Mac OS X does not properly warn the user before enabling ...)
-	TODO: check
+	NOT-FOR-US: Mac OS X
 CVE-2011-0638 (Microsoft Windows does not properly warn the user before enabling ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Windows
 CVE-2011-0637 (The FC SCSI protocol driver in IBM AIX 6.1 does not verify that a ...)
-	TODO: check
+	NOT-FOR-US: AIX
 CVE-2011-0636 (The (1) cudaHostAlloc and (2) cuMemHostAlloc functions in the NVIDIA ...)
-	TODO: check
+	NOT-FOR-US: NVIDIA CUDA Toolkit
 CVE-2011-0635 (Static code injection vulnerability in Simploo CMS 1.7.1 and earlier ...)
-	TODO: check
+	NOT-FOR-US: Simploo 
 CVE-2010-4708 (The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the ...)
-	TODO: check
+	- pam <unfixed>
+	[lenny] - pam <no-dsa> (Minor issue)
+	[squeeze] - pam <no-dsa> (Minor issue)
 CVE-2010-4707 (The check_acl function in pam_xauth.c in the pam_xauth module in ...)
-	TODO: check
+	- pam <unfixed>
+	[lenny] - pam <no-dsa> (Minor issue)
+	[squeeze] - pam <no-dsa> (Minor issue)
 CVE-2010-4706 (The pam_sm_close_session function in pam_xauth.c in the pam_xauth ...)
-	TODO: check
+	- pam <unfixed>
+	[lenny] - pam <no-dsa> (Minor issue)
+	[squeeze] - pam <no-dsa> (Minor issue)
 CVE-2010-4705 (Integer overflow in the vorbis_residue_decode_internal function in ...)
-	TODO: check
+	- ffmpeg <unfixed> (bug #610550)
+	- ffmpeg-debian <removed>
 CVE-2010-4704 (libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and ...)
-	TODO: check
+	- ffmpeg <unfixed> (bug #610550)
+	- ffmpeg-debian <removed>
 CVE-2011-XXXX [xmlTextWriterWriteAttribute heap disclosure]
 	- libxml2 <unfixed>
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=631551

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2011-01-25 21:35:04 UTC (rev 15966)
+++ data/spu-candidates.txt	2011-01-25 21:49:15 UTC (rev 15967)
@@ -508,6 +508,8 @@
 #514437
 asked maintainer in mail
 
+CVE-2010-4708/CVE-2010-4707/CVE-2010-4706
+
 --
 
 pidgin (CVE-2009-1889, CVE-2009-3085)

More information about the Secure-testing-commits mailing list