[Secure-testing-commits] r17193 - in data: CVE DSA

Thu Sep 8 21:41:07 UTC 2011

Author: nion
Date: 2011-09-08 21:41:06 +0000 (Thu, 08 Sep 2011)
New Revision: 17193

Modified:
   data/CVE/list
   data/DSA/list
Log:
claim DSA-2304-1 (vsftpd)

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2011-09-08 21:14:18 UTC (rev 17192)
+++ data/CVE/list	2011-09-08 21:41:06 UTC (rev 17193)
@@ -125,7 +125,13 @@
 CVE-2009-5086 (Cross-site scripting (XSS) vulnerability in Appliance Configuration ...)
 	TODO: check
 CVE-2011-XXXX [vsftpd namespace DoS]
+	{DSA-2304-1}
 	- vsftpd 2.3.4-1 (bug #629373)
+	[squeeze] - vsftpd 2.3.2-3+squeeze2
+	[lenny] - vsftpd 2.0.7-1+lenny1
+	NOTE: this is technically a kernel bug. however this has been workarounded specifically
+	NOTE: for vsftpd by adding a kernel check before using this feature, see DSA-2304-1
+	NOTE: for details
 CVE-2011-3339
 	RESERVED
 CVE-2011-3338
@@ -7259,6 +7265,8 @@
 	RESERVED
 CVE-2011-0762 (The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 ...)
 	- vsftpd 2.3.4-1 (bug #622741)
+	[squeeze] - vsftpd 2.3.2-3+squeeze3
+	[lenny] - vsftpd 2.0.7-1+lenny1
 CVE-2011-0761 (Perl 5.10.x allows context-dependent attackers to cause a denial of ...)
 	- perl 5.12.0-1 (low; bug #628817)
 CVE-2011-0760 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2011-09-08 21:14:18 UTC (rev 17192)
+++ data/DSA/list	2011-09-08 21:41:06 UTC (rev 17193)
@@ -1,3 +1,8 @@
+[08 Sep 2011] DSA-2304-1 vsftpd - denial of service
+	{CVE-2011-0762}
+	[squeeze] - vsftpd 2.3.2-3+squeeze3
+	[lenny] - vsftpd 2.0.7-1+lenny1
+	NOTE: additionally CVE-2011-2189 has been fixed for vsftpd by adding a kernel check
 [08 Sep 2011] DSA-2303-1 linux-2.6 - several issues
 	{CVE-2011-1020 CVE-2011-1576 CVE-2011-2484 CVE-2011-2491 CVE-2011-2492 CVE-2011-2495 CVE-2011-2496 CVE-2011-2497 CVE-2011-2517 CVE-2011-2525 CVE-2011-2700 CVE-2011-2723 CVE-2011-2905 CVE-2011-2909 CVE-2011-2918 CVE-2011-2928 CVE-2011-3188 CVE-2011-3191}
 	[squeeze] - linux-2.6 2.6.32-35squeeze1


