[Secure-testing-commits] r19641 - data/CVE

Yves-Alexis Perez corsac at alioth.debian.org
Tue Jul 3 08:08:05 UTC 2012 

Author: corsac
Date: 2012-07-03 08:08:05 +0000 (Tue, 03 Jul 2012)
New Revision: 19641

Modified:
   data/CVE/list
Log:
harvest some pretty old TODOs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-07-03 06:09:49 UTC (rev 19640)
+++ data/CVE/list	2012-07-03 08:08:05 UTC (rev 19641)
@@ -23419,12 +23419,12 @@
 	- libarchive <unfixed> (bug #669197)
 	[squeeze] - libarchive <not-affected> (no cab support prior to 3.0)
 CVE-2010-4665 (Integer overflow in the ReadDirectory function in tiffdump.c in ...)
-	- tiff <unfixed>
+	- tiff3 3.9.5
 	TODO: check
+	NOTE: tiff (4) might be affected, it was branched after tiff3 3.8.2 but the tiffdump.c code is completely different so I'm unsure
 CVE-2010-4664
 	RESERVED
-	- consolekit <undetermined>
-	TODO: check
+	- consolekit 0.4.2-1
 CVE-2010-4663 (Unspecified vulnerability in the News module in CMS Made Simple ...)
 	NOT-FOR-US: CMS Made Simple
 CVE-2010-4662
@@ -31591,7 +31591,7 @@
 	- kfreebsd-7 <not-affected> (jail binary not yet provided, see bug #584930)
 	- kfreebsd-8 <not-affected> (jail binary not yet provided, see bug #584930)
 CVE-2010-2021 (Open redirect vulnerability in the Global Redirect module 6.x-1.x ...)
-	TODO: check
+	NOT-FOR-US: Global Redirect module for Drupal is not in Debian
 CVE-2010-2020 (sys/nfsclient/nfs_vfsops.c in the NFS client in the kernel in FreeBSD ...)
 	- kfreebsd-6 <removed>
 	[lenny] - kfreebsd-6 <no-dsa> (Minor issue, not enabled by default)
@@ -50552,11 +50552,11 @@
 	- bind9 1:9.6.1.dfsg.P1-1 (bug #538975; high)
 	NOTE: See also http://www.kb.cert.org/vuls/id/725188
 CVE-2009-0695 (hagent.exe in Wyse Device Manager (WDM) 4.7.x does not require ...)
-	TODO: check
+	NOT-FOR-US: Wyse Device Manager not in Debian
 CVE-2009-0694
 	RESERVED
 CVE-2009-0693 (Multiple buffer overflows in Wyse Device Manager (WDM) 4.7.x allow ...)
-	TODO: check
+	NOT-FOR-US: Wyse Device Manager not in Debian
 CVE-2009-0692 (Stack-based buffer overflow in the script_write_params method in ...)
 	{DSA-1833-2 DSA-1833-1}
 	- dhcp3 3.1.2p1-1 (medium)

More information about the Secure-testing-commits mailing list