[Secure-testing-commits] r16743 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Wed Jun 1 05:28:39 UTC 2011
Author: jmm
Date: 2011-06-01 05:28:38 +0000 (Wed, 01 Jun 2011)
New Revision: 16743
Modified:
data/CVE/list
Log:
record asterisk and ikiwiki fixes in sid (already fixed in stable through DSAs)
two roundcube issues (fixed in unstable)
new systemtap issue (front desk, please file bug, might need a ticket, dunno enough about stap)
new perl issue (affecting oldstable/stable) (front desk, please create ticket/bug)
NFU
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-05-31 21:08:48 UTC (rev 16742)
+++ data/CVE/list 2011-06-01 05:28:38 UTC (rev 16743)
@@ -791,7 +791,7 @@
CVE-2011-1829
RESERVED
CVE-2011-1828 (usb-creator-helper in usb-creator before 0.2.28.3 does not enforce ...)
- TODO: check
+ NOT-FOR-US: usb-creator, Ubuntu-specific package
CVE-2010-4803 (Mojolicious before 0.999927 does not properly implement HMAC-MD5 ...)
- libmojolicious-perl 0.999929-1
CVE-2010-4802 (Commands.pm in Mojolicious before 0.999928 does not properly perform ...)
@@ -982,6 +982,10 @@
RESERVED
CVE-2011-1781
RESERVED
+ - systemtap <unfixed>
+ [squeeze] - systemtap <not-affected> (Only affects version 1.4.x)
+ [lenny] - systemtap <not-affected> (Only affects version 1.4.x)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=702687#c29
CVE-2011-1780
RESERVED
CVE-2011-1779
@@ -1015,6 +1019,9 @@
[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.29 with commit e77b8363b2ea7c0d89919547c1a8b0562f298b57)
CVE-2011-1769
RESERVED
+ - systemtap <unfixed>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=702687#c29
+ NOTE: http://sourceware.org/git/?p=systemtap.git;a=commit;h=fa2e3415185a28542d419a641ecd6cddd52e3cd9
CVE-2011-1768
RESERVED
CVE-2011-1767
@@ -1668,7 +1675,7 @@
RESERVED
CVE-2011-1507 (Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, ...)
{DSA-2225-1}
- TODO: check
+ - asterisk 1:1.8.3.3-1
CVE-2010-4776 (SQL injection vulnerability in takefreestart.php in PreProjects Pre ...)
NOT-FOR-US: PreProjects Pre Online Tests Generator Pro
CVE-2010-4775 (The Relevant Content module 5.x before 5.x-1.4 and 6.x before 6.x-1.5 ...)
@@ -1722,9 +1729,11 @@
RESERVED
- linux-2.6 2.6.38-4
CVE-2011-1492 (steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does not ...)
- TODO: check
+ - roundcube 0.5.1-1
+ TODO: check impact with maintainer for stable with maintainer, seems harmless
CVE-2011-1491 (The login form in Roundcube Webmail before 0.5.1 does not properly ...)
- TODO: check
+ - roundcube 0.5.1-1
+ TODO: check impact with maintainer for stable with maintainer, seems harmless
CVE-2011-1490
RESERVED
- rsyslog 5.7.6-1 (low)
@@ -2072,7 +2081,7 @@
- mahara 1.3.6-1
CVE-2011-1401 (ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber ...)
{DSA-2214-1}
- TODO: check
+ - ikiwiki 3.20110328
CVE-2011-1400 (The default configuration of the shell_escape_commands directive in ...)
{DSA-2198-1}
- tex-common 2.09
@@ -3890,7 +3899,7 @@
CVE-2011-0762 (The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 ...)
TODO: check
CVE-2011-0761 (Perl 5.10.x allows context-dependent attackers to cause a denial of ...)
- TODO: check
+ - perl 5.12.0-1 (low)
CVE-2011-0760 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
NOT-FOR-US: WP Related Posts plugin for WordPress
CVE-2011-0759 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
More information about the Secure-testing-commits
mailing list