[Secure-testing-commits] r16454 - in data: CVE DSA

[Moritz Muehlenhoff]

Author: jmm
Date: 2011-03-29 22:17:13 +0000 (Tue, 29 Mar 2011)
New Revision: 16454

Modified:
   data/CVE/list
   data/DSA/list
Log:
mahara DSA
openldap updates


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-03-29 22:14:36 UTC (rev 16453)
+++ data/CVE/list	2011-03-29 22:17:13 UTC (rev 16454)
@@ -1268,7 +1268,9 @@
 	RESERVED
 	- linux-2.6 2.6.38-1 (low)
 CVE-2011-1081 (modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote ...)
-	TODO: check
+	- openldap <unfixed> (low; bug #617606)
+	[lenny] - openldap <no-dsa> (Minor issue)
+	[squeeze] - openldap <no-dsa> (Minor issue)
 CVE-2011-1080
 	RESERVED
 	- linux-2.6 <unfixed> (low)
@@ -1437,9 +1439,8 @@
 CVE-2011-1026
 	RESERVED
 CVE-2011-1025 (bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require ...)
-	- openldap <unfixed> (low; bug #617606)
-	[squeeze] - openldap <no-dsa> (Minor issue)
-	[lenny] - openldap <not-affected> (Vulnerable code not present, introduced in 2.4.12)
+	- openldap <unfixed> (unimportant; bug #617606)
+	NOTE: NBD backend disabled in Debian builds
 CVE-2011-1024 (chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a ...)
 	- openldap <unfixed> (low; bug #617606)
 	[lenny] - openldap <no-dsa> (Minor issue)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2011-03-29 22:14:36 UTC (rev 16453)
+++ data/DSA/list	2011-03-29 22:17:13 UTC (rev 16454)
@@ -1,3 +1,7 @@
+[29 Mar 2011] DSA-2206-1 mahara - several
+	{CVE-2011-0439 CVE-2011-0440}
+	[squeeze] - mahara 1.2.6-2+squeeze1
+	[lenny] - mahara 1.0.4-4+lenny8
 [28 Mar 2011] DSA-2205-1 gdm3 - privilege escalation
 	{CVE-2011-0727 }
 	[squeeze] - gdm3 2.30.5-6squeeze2