[Secure-testing-commits] r11367 - in data: . CVE

Tue, 10 Mar 2009 06:58:09 -0700 

Author: nion
Date: 2009-03-10 13:58:03 +0000 (Tue, 10 Mar 2009)
New Revision: 11367

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
- spu notifications
- CVE-2009-0819 does not affect mysql in Debian
- CVE-2009-0737 fixed in mediawiki 1:1.14.0-1
- CVE-2008-5076 fixed in htop 0.8.1-2
- CVE-2008-4968 fixed in lmbench 3.0-a9-1


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2009-03-10 12:44:59 UTC (rev 11366)
+++ data/CVE/list       2009-03-10 13:58:03 UTC (rev 11367)
@@ -65,7 +65,7 @@
 CVE-2009-0820 (Multiple eval injection vulnerabilities in phpScheduleIt before 
1.2.11 ...)
        NOT-FOR-US: phpScheduleIt
 CVE-2009-0819 (sql/item_xmlfunc.cc in MySQL before 5.1.32 allows remote 
authenticated ...)
-       TODO: check
+       - mysql-dfsg-5.0 <not-affected> (Vulnerable code introduced in 5.1.5)
 CVE-2009-0818 (Cross-site scripting (XSS) vulnerability in the ...)
        TODO: check
 CVE-2009-0817 (Cross-site scripting (XSS) vulnerability in the Protected Node 
module ...)
@@ -1310,7 +1310,7 @@
        - kdebase <unfixed> (low; bug #515106)
        NOTE: need to submit a request for CVE id
 CVE-2009-0737 (Multiple cross-site scripting (XSS) vulnerabilities in the 
web-based ...)
-       - mediawiki <unfixed> (low; bug #514547)
+       - mediawiki 1:1.14.0-1 (low; bug #514547)
        [lenny] - mediawiki 1:1.12.0-2lenny3
 CVE-2009-0524 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 6 
and 7, ...)
        NOT-FOR-US: Adobe RoboHelp
@@ -5608,7 +5608,7 @@
 CVE-2008-4802 (Cross-site scripting (XSS) vulnerability in complete.php in 
Simple PHP ...)
        NOT-FOR-US: Simple PHP Scripts blog
 CVE-2008-5076 (htop 0.7 writes process names to a terminal without sanitizing 
...)
-       - htop <unfixed> (unimportant; bug #504144)
+       - htop 0.8.1-2 (unimportant; bug #504144)
        NOTE: That scenario is too constructed to call it a security issue, 
especially
        NOTE: given that the standard top will display the maliciously hidden 
processes
        NOTE: just fine. 
@@ -8161,7 +8161,7 @@
        - audiolink 0.05-1.1 (low; bug #496433)
        [etch] - audiolink <no-dsa> (Minor issue)
 CVE-2008-4968 (The (1) rccs and (2) STUFF scripts in lmbench 3.0-a7 allow 
local users ...)
-       - lmbench <unfixed> (low; bug #496427)
+       - lmbench 3.0-a9-1 (low; bug #496427)
        [etch] - lmbench <no-dsa> (Non-free not supported)
 CVE-2008-4975 (mkmailpost in newsgate 1.6 allows local users to overwrite 
arbitrary ...)
        - newsgate <removed> (low; bug #496437)

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt     2009-03-10 12:44:59 UTC (rev 11366)
+++ data/spu-candidates.txt     2009-03-10 13:58:03 UTC (rev 11367)
@@ -274,6 +274,7 @@
 
 libarchive-tar-perl (CVE-2007-4829)
 #449544
+notified maintainer
 
 --
 
@@ -285,6 +286,7 @@
 
 libsamplerate (CVE-2008-5008)
 https://bugzilla.redhat.com/attachment.cgi?id=323069
+notified maintainer
 
 --
 
@@ -328,6 +330,7 @@
 
 mailscanner (CVE-2008-5312, CVE-2008-5313)
 #506353
+notified maintainer
 
 --
 
@@ -579,6 +582,7 @@
 
 tqsllib 2.0-8 (CVE-2009-0124)
 #511509
+notified maintainer
 
 --
 


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to