[Secure-testing-commits] r14754 - data/CVE

Tue, 25 May 2010 14:47:10 -0700 

Author: jmm-guest
Date: 2010-05-25 21:46:43 +0000 (Tue, 25 May 2010)
New Revision: 14754

Modified:
   data/CVE/list
Log:
- systemtap fixed
- wicd not in Lenny
- older php issues also only exploitable through malicious script
- gnustep-base no-dsa
- orca issue not in Lenny
- transmission issue doesn't affect Lenny
- xulrunner no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2010-05-25 21:42:06 UTC (rev 14753)
+++ data/CVE/list       2010-05-25 21:46:43 UTC (rev 14754)
@@ -381,6 +381,7 @@
        NOT-FOR-US: Pay Per Watch & Bid Auktions System
 CVE-2010-1853 (Multiple stack-based buffer overflows in the tr_magnetParse 
function ...)
        - transmission 1.92-1
+       [lenny] - transmission <not-affected> (Support for Magnet links not yet 
available)
 CVE-2010-1852 (Microsoft Internet Explorer, when the Invisible Hand extension 
is ...)
        NOT-FOR-US: Microsoft Internet Explorer
 CVE-2010-1851 (Google Chrome, when the Invisible Hand extension is enabled, 
uses ...)
@@ -455,7 +456,6 @@
        [lenny] - serendipity <not-affected> (Only affects >= 1.4)
 CVE-2010-XXXX [wicd changes permissions of resolv.conf]
        - wicd 1.7.0+ds1-3 (low; bug #582798)
-       TODO: check lenny
 CVE-2010-1849
        RESERVED
 CVE-2010-1848
@@ -951,6 +951,8 @@
        TODO: check
 CVE-2010-1620 (Integer overflow in the load_iface function in Tools/gdomap.c 
in ...)
        - gnustep-base <unfixed>
+       [lenny] - gnustep-base <no-dsa> (Minor issue)
+       TODO: File bug
 CVE-2010-1612 (The IBM WebSphere DataPower XML Accelerator XA35, Low Latency 
...)
        NOT-FOR-US: IBM WebSphere DataPower XML Accelerator
 CVE-2010-1611 (Cross-site request forgery (CSRF) vulnerability in AlegroCart 
1.1 ...)
@@ -1372,6 +1374,7 @@
        - prosody <unfixed> (low; bug #579087)
 CVE-2010-XXXX [gnome-orca: shell access without logon]
        - gnome-orca 2.30.0-2 (bug #578928)
+        [lenny] - gnome-orca <not-affected> (Doesn't affect Lenny's version)
 CVE-2010-1431 (SQL injection vulnerability in templates_export.php in Cacti 
0.8.7e ...)
        {DSA-2039-1}
        - cacti 0.8.7e-3 (bug #578909)
@@ -4406,11 +4409,11 @@
 CVE-2010-0413
        RESERVED
 CVE-2010-0412 (stap-server in SystemTap 1.1 does not properly restrict the 
value of ...)
-       - systemtap <unfixed> (bug #572560)
+       - systemtap 1.2-1 (bug #572560)
        [lenny] - systemtap <not-affected> (Server component not yet present)
        [etch] - systemtap <not-affected> (Server component not yet present)
 CVE-2010-0411 (Multiple integer signedness errors in the (1) __get_argv and 
(2) ...)
-       - systemtap <unfixed> (low; bug #568809)
+       - systemtap 1.2-1 (low; bug #568809)
        [lenny] - systemtap <not-affected> (Vulnerable code not present)
        [etch] - systemtap <no-dsa> (Minor issue)
        NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=11234 and RH
@@ -6097,19 +6100,19 @@
 CVE-2009-XXXX [roundup: unspecified issue]
        - roundup 1.4.11-1
 CVE-2009-XXXX [php5 uksort() interruption memory corruption]
-       - php5 <unfixed> (low)
+       - php5 <unfixed> (unimportant)
        NOTE: CVE requested
 CVE-2009-XXXX [php5 usort interruption memory corruption]
-       - php5 5.2.11.dfsg.1-1 (low)
+       - php5 5.2.11.dfsg.1-1 (unimportant)
        TODO: protection was weak in .11, re-check .12 changes
        NOTE: CVE requested
        NOTE: from "Shocking News in PHP Exploitation" by Stefan Esser
 CVE-2009-XXXX [php5 explode() information leak]
-       - php5 5.2.11.dfsg.1-1 (low)
+       - php5 5.2.11.dfsg.1-1 (unimportant)
        NOTE: CVE requested
        NOTE: from "Shocking News in PHP Exploitation" by Stefan Esser
 CVE-2009-XXXX [php5 serialize() information leak]
-       - php5 5.2.11.dfsg.1-1 (low)
+       - php5 5.2.11.dfsg.1-1 (unimportant)
        NOTE: CVE requested
        NOTE: from "Shocking News in PHP Exploitation" by Stefan Esser
 CVE-2010-0065 (Disk Images in Apple Mac OS X before 10.6.3 allows 
user-assisted ...)
@@ -20495,7 +20498,8 @@
 CVE-2008-5914 (An unspecified function in the JavaScript implementation in 
Apple ...)
        NOT-FOR-US: Apple
 CVE-2008-5913 (An unspecified function in the JavaScript implementation in 
Mozilla ...)
-       - xulrunner <unfixed> (bug #559792)
+       - xulrunner <unfixed> (low; bug #559792)
+       [lenny] - xulrunner <no-dsa> (Minor issue)
        - iceape <unfixed>
        [lenny] - iceape <not-affected> (Just a stub package)
        NOTE: fixed upstream 
https://bugzilla.mozilla.org/show_bug.cgi?id=cve-2008-5913


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to