[Secure-testing-commits] r17045 - data/CVE

Johnathan Ritzi jrdioko at gmail.com
Fri Jul 29 22:17:53 UTC 2011 

That's exactly what I was doing, I thought I was going to get away without
building a sid system (or at least a chroot), but I guess I was wrong :)

So it looks like the package description search finds binary or source
packages, while the package contents only searches binary ones. I'll go look
again and figure out how all this works.

-Johnathan

2011/7/29 Moritz Mühlenhoff <jmm at inutil.org>

> On Fri, Jul 29, 2011 at 07:19:08PM +0000, Johnathan Ritzi wrote:
> > Author: jrdioko-guest
> > Date: 2011-07-29 19:19:08 +0000 (Fri, 29 Jul 2011)
> > New Revision: 17045
> >
> > Modified:
> >    data/CVE/list
> > Log:
> > Issue research
> >
> > Affected files not found in a search, but not 100% sure how to
> > handle these, so left NOTEs.
> >
> >
> > Modified: data/CVE/list
> > ===================================================================
> > --- data/CVE/list     2011-07-29 17:40:37 UTC (rev 17044)
> > +++ data/CVE/list     2011-07-29 19:19:08 UTC (rev 17045)
> > @@ -5379,8 +5379,10 @@
> >       TODO: check
> >  CVE-2011-0990 (Race condition in the FastCopy optimization in the
> Array.Copy method ...)
> >       TODO: check
> > +     NOTE: There is no file icall.c in the Debian archive.
> >  CVE-2011-0989 (The RuntimeHelpers.InitializeArray method in
> metadata/icall.c in Mono, ...)
> >       TODO: check
> > +     NOTE: There is no file icall.c in the Debian archive.
> >  CVE-2011-0988 (pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server
> 10 SP3 and ...)
> >       TODO: check
> >  CVE-2010-4733 (WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU
> - TCP Gateway ...)
> > @@ -7404,6 +7406,7 @@
> >       RESERVED
> >  CVE-2010-4665 (Integer overflow in the ReadDirectory function in
> tiffdump.c in ...)
> >       TODO: check
> > +     NOTE: No file named tiffdump.c exists in the Debian archive.
> >  CVE-2010-4664
> >       RESERVED
> >  CVE-2010-4663 (Unspecified vulnerability in the News module in CMS Made
> Simple ...)
> > @@ -8643,6 +8646,7 @@
> >       [lenny] - openjdk-6 <no-dsa> (bug #614151)
> >  CVE-2011-0024 (Heap-based buffer overflow in wiretap/pcapng.c in
> Wireshark before 1.2 ...)
> >       TODO: check
> > +     NOTE: No file named pcapng.c exists in the Debian archive.
>
> It does:
>
> jmm at pisco:~/scratch/wireshark-1.6.1$ find . -name pcapng.c
> ./wiretap/pcapng.c
>
> How did you do your searches? packages.debian.org only covers the binary
> packages,
> but not the source code.
>
> Cheers,
>         Moritz
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20110729/740589c8/attachment.html>

More information about the Secure-testing-commits mailing list