[Secure-testing-commits] r16803 - in data: . CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Tue Jun 14 13:16:06 UTC 2011
Author: jmm
Date: 2011-06-14 13:16:06 +0000 (Tue, 14 Jun 2011)
New Revision: 16803
Modified:
data/CVE/list
data/ospu-candidates.txt
data/spu-candidates.txt
Log:
- new vte issue (no-dsa)
- update php5 status: one issue a non-issue, one issue already
fixed through a previous patch and one issue still unfixed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-06-14 08:37:20 UTC (rev 16802)
+++ data/CVE/list 2011-06-14 13:16:06 UTC (rev 16803)
@@ -1,3 +1,7 @@
+CVE-2011-2198 [vte memory exhaustion]
+ - vte <unfixed> (low; bug #629688)
+ [lenny] - vte <no-dsa> (Minor issue)
+ [squeeze] - vte <no-dsa> (Minor issue)
CVE-2011-XXXX [libpam-ssh: pam_ssh not dropping root gid(s)]
- libpam-ssh <unfixed> (low)
[squeeze] - libpam-ssh <no-dsa> (Minor issue)
@@ -4854,7 +4858,8 @@
CVE-2010-4699 (The iconv_mime_decode_headers function in the Iconv extension in PHP ...)
- php5 5.3.5-1 (unimportant)
CVE-2010-4698 (Stack-based buffer overflow in the GD extension in PHP before 5.2.15 ...)
- - php5 5.3.3-7 (low)
+ - php5 5.3.3-7 (unimportant)
+ NOTE: Only exloitable with malicious script
CVE-2010-4697 (Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 ...)
- php5 5.3.5-1 (unimportant)
NOTE: requires attacker to be able to execute code already
@@ -5506,7 +5511,7 @@
- statusnet <itp> (bug #491723)
CVE-2010-4657 [xmlTextWriterWriteAttribute heap disclosure]
RESERVED
- - php5 <unfixed>
+ - php5 <unfixed> (low)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=631551
NOTE: This was initially reported to be a bug in libxml2, but it later showed that PHP
NOTE: is using the libxml2 API in an incorrect manner
@@ -7546,6 +7551,8 @@
- xulrunner <undetermined>
CVE-2009-5016 (Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in ...)
- php5 5.3.3-4
+ [lenny] - php5 5.2.6.dfsg.1-1+lenny10
+ [squeeze] - php5 5.3.3-7+squeeze1
NOTE: Also fixed by debian/patches/CVE-2010-3870.patch
CVE-2010-4221 (Multiple stack-based buffer overflows in the pr_netio_telnet_gets ...)
- proftpd-dfsg 1.3.3a-5 (bug #603511; bug #602279)
Modified: data/ospu-candidates.txt
===================================================================
--- data/ospu-candidates.txt 2011-06-14 08:37:20 UTC (rev 16802)
+++ data/ospu-candidates.txt 2011-06-14 13:16:06 UTC (rev 16803)
@@ -480,6 +480,11 @@
--
+net-snmp (CVE-2008-6123)
+Noah will see to it.
+
+--
+
network-manager-applet (CVE-2009-4144)
#560067
notified maintainer through initial bugreport
@@ -601,8 +606,8 @@
--
-net-snmp (CVE-2008-6123)
-Noah will see to it.
+vte (CVE-2011-2198)
+#629688
--
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2011-06-14 08:37:20 UTC (rev 16802)
+++ data/spu-candidates.txt 2011-06-14 13:16:06 UTC (rev 16803)
@@ -138,6 +138,11 @@
--
+vte (CVE-2011-2198)
+#629688
+
+--
+
widelands
#617960
maintainer preparing upload
More information about the Secure-testing-commits
mailing list