[Secure-testing-commits] r34039 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sun May 3 04:37:29 UTC 2015 

Author: carnil
Date: 2015-05-03 04:37:29 +0000 (Sun, 03 May 2015)
New Revision: 34039

Modified:
   data/CVE/list
Log:
Mark cobbler as unfixed, now in the archive

Add TODO entry to each cobbler CVE to recheck the status of it now that
it enterd the Debian archive.

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-05-02 21:10:17 UTC (rev 34038)
+++ data/CVE/list	2015-05-03 04:37:29 UTC (rev 34039)
@@ -26378,7 +26378,8 @@
 	[wheezy] - python-soappy <no-dsa> (Minor issue)
 	NOTE: http://www.pnigos.com/?p=260
 CVE-2014-3225 (Absolute path traversal vulnerability in the web interface in Cobbler ...)
-	- cobbler <itp> (bug #545583)
+	- cobbler <unfixed>
+	TODO: check after having entered the archive
 CVE-2014-3219
 	RESERVED
 	- fish 2.1.1-1 (low; bug #746259)
@@ -65729,7 +65730,8 @@
 	- vlc <unfixed> (unimportant; bug #671727)
 	- taglib 1.7.2-1 (unimportant)
 CVE-2012-2395 (Incomplete blacklist vulnerability in action_power.py in Cobbler 2.2.0 ...)
-	- cobbler <itp> (bug #545583)
+	- cobbler <unfixed>
+	TODO: check after having entered the archive
 CVE-2012-2394 (Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and ...)
 	- wireshark 1.6.8-1 (unimportant)
 	NOTE: Not suitable for code injection
@@ -66564,7 +66566,8 @@
 	- gajim 0.15-1.1 (low; bug #668710)
 CVE-2012-2092
 	RESERVED
-	- cobbler <itp> (bug #545583)
+	- cobbler <unfixed>
+	TODO: check after having entered the archive
 CVE-2012-2091 (Multiple buffer overflows in FlightGear 2.6 and earlier and SimGear ...)
 	- simgear 2.10.0-3 (unimportant; bug #669024)
 	- flightgear 2.6.0-1.1 (unimportant; bug #669025)
@@ -71453,12 +71456,15 @@
 	NOT-FOR-US: wordpress bsuite plugin
 CVE-2011-4954
 	RESERVED
-	- cobbler <itp> (bug #545583)
+	- cobbler <unfixed>
+	TODO: check after having entered the archive
 CVE-2011-4953 (The set_mgmt_parameters function in item.py in cobbler before 2.2.2 ...)
-	- cobbler <itp> (bug #545583)
+	- cobbler <unfixed>
+	TODO: check after having entered the archive
 CVE-2011-4952
 	RESERVED
-	- cobbler <itp> (bug #545583)
+	- cobbler <unfixed>
+	TODO: check after having entered the archive
 CVE-2011-4951 (Open redirect vulnerability in phpgwapi/ntlm/index.php in EGroupware ...)
 	NOT-FOR-US: EGroupware
 CVE-2011-4950 (Cross-site scripting (XSS) vulnerability in ...)
@@ -82138,7 +82144,8 @@
 	- xpdf 3.02-9
 	- poppler <not-affected> (never used t1lib)
 CVE-2011-1551 (SUSE openSUSE Factory assigns ownership of the /var/log/cobbler/ ...)
-	- cobbler <itp> (bug #545583)
+	- cobbler <unfixed>
+	TODO: check after having entered the archive
 CVE-2011-1550 (The default configuration of logrotate on SUSE openSUSE Factory uses ...)
 	- logrotate <not-affected> (SuSE-specific, see CVE-2011-1548 for Debian)
 CVE-2011-1549 (The default configuration of logrotate on Gentoo Linux uses root ...)
@@ -87125,7 +87132,8 @@
 CVE-2010-4513 (Multiple cross-site scripting (XSS) vulnerabilities in Zimplit CMS ...)
 	NOT-FOR-US: Zimplit CMS
 CVE-2010-4512 (Cobbler before 2.0.4 uses an incorrect umask value, which allows local ...)
-	- cobbler <itp> (bug #545583)
+	- cobbler <unfixed>
+	TODO: check after having entered the archive
 CVE-2010-4511 (Unspecified vulnerability in Movable Type 4.x before 4.35 and 5.x ...)
 	- movabletype-opensource 4.3.5+dfsg-1 (bug #606311)
 	[lenny] - movabletype-opensource 4.2.3-1+lenny2
@@ -87174,7 +87182,8 @@
 	[lenny] - tiff <not-affected> (3.9+ only)
 	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=1999
 CVE-2009-5021 (Cobbler before 1.6.1 does not properly determine whether an ...)
-	- cobbler <itp> (bug #545583)
+	- cobbler <unfixed>
+	TODO: check after having entered the archive
 CVE-2010-4507 (Multiple cross-site request forgery (CSRF) vulnerabilities on the ...)
 	NOT-FOR-US: iSpot/ClearSpot hardware devices
 CVE-2010-4506 (Passlogix v-GO Self-Service Password Reset (SSPR) and OEM before 7.0A ...)
@@ -93549,7 +93558,8 @@
 CVE-2010-2236 (The monitoring probe display in spacewalk-java before 2.1.148-1 and ...)
 	NOT-FOR-US: Red Hat Satellite
 CVE-2010-2235 (template_api.py in Cobbler before 2.0.7, as used in Red Hat Network ...)
-	- cobbler <itp> (bug #545583)
+	- cobbler <unfixed>
+	TODO: check after having entered the archive
 CVE-2010-2233 (tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used ...)
 	- tiff 3.9.4-2
 	- tiff3 <not-affected> (fixed prior to initial upload)
@@ -106018,7 +106028,8 @@
 CVE-2008-6955 (mxCamArchive 2.2 stores sensitive information under the web root with ...)
 	NOT-FOR-US: mxCamArchive
 CVE-2008-6954 (The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote ...)
-	- cobbler <itp> (bug #545583)
+	- cobbler <unfixed>
+	TODO: check after having entered the archive
 CVE-2008-6953 (Buffer overflow in oovoo.exe in ooVoo 1.7.1.35, and possibly other ...)
 	NOT-FOR-US: ooVoo
 CVE-2008-6952 (SQL injection vulnerability in Rss.php in MauryCMS 0.53.2 and earlier ...)

More information about the Secure-testing-commits mailing list