Author: derevko-guest
Date: 2009-06-14 07:12:37 +0000 (Sun, 14 Jun 2009)
New Revision: 12121
Modified:
data/CVE/list
data/ospu-candidates.txt
Log:
tracked some packages accepted in stable and oldstable
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-06-13 21:14:23 UTC (rev 12120)
+++ data/CVE/list 2009-06-14 07:12:37 UTC (rev 12121)
@@ -1121,8 +1121,7 @@
NOT-FOR-US: DFLabs
CVE-2008-6792 (system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10,
as used ...)
- system-tools-backends 2.6.0-6.1 (low; bug #527952)
- [lenny] - system-tools-backends <no-dsa> (Minor issue, scheduled for
next point update)
- TODO: add after r2 [lenny] - system-tools-backends 2.6.0-2lenny3
+ [lenny] - system-tools-backends 2.6.0-2lenny3
[etch] - system-tools-backends <not-affected> (SHA was added to
crypt(3) post-etch)
CVE-2009-1581 (functions/mime.php in SquirrelMail before 1.4.18 does not
protect the ...)
{DSA-1802-1}
@@ -2546,10 +2545,10 @@
CVE-2009-1215 (Race condition in GNU screen 4.0.3 allows local users to create
or ...)
- screen 4.0.3-13 (low; bug #521123)
[etch] - screen <not-affected> (etch version predates #433338)
- [lenny] - screen <no-dsa> (Minor issue)
- TODO: add after r2 4.0.3-11+lenny1
+ [lenny] - screen 4.0.3-11+lenny1
CVE-2009-1214 (GNU screen 4.0.3 creates the /tmp/screen-exchange temporary
file with ...)
- screen 4.0.3-13 (unimportant; bug #521123)
+ [lenny] - screen 4.0.3-11+lenny1
NOTE: documented behaviour "or the public accessible screen-exchange",
see man screen
CVE-2009-1213 (Cross-site request forgery (CSRF) vulnerability in
attachment.cgi in ...)
- bugzilla <unfixed> (low; bug #514143)
@@ -3181,8 +3180,7 @@
NOT-FOR-US: Apple Safari
CVE-2009-1041 (The ktimer feature (sys/kern/kern_time.c) in FreeBSD 7.0, 7.1,
and 7.2 ...)
- kfreebsd-7 7.1-3
- [lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
- TODO: lenny r02 - kfreebsd-7 7.0-7lenny1
+ [lenny] - kfreebsd-7 7.0-7lenny1
CVE-2008-6511 (Open redirect vulnerability in login.jsp in Openfire 3.6.0a and
...)
NOT-FOR-US: Openfire
CVE-2008-6510 (Cross-site scripting (XSS) vulnerability in login.jsp in the
Admin ...)
@@ -8833,8 +8831,7 @@
- kfreebsd-6 <unfixed>
[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
- kfreebsd-7 7.1-1
- [lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
- TODO: lenny r02 - kfreebsd-7 7.0-7lenny1
+ [lenny] - kfreebsd-7 7.0-7lenny1
CVE-2008-5161 (Error handling in the SSH protocol in (1) SSH Tectia Client and
Server ...)
- openssh <unfixed> (low; bug #506115)
[etch] - openssh <no-dsa> (Minor issue, see
http://www.openssh.org/txt/cbc.adv)
@@ -26664,7 +26661,7 @@
[etch] - perl <not-affected> (Was merged into Perl as of 5.10)
- libarchive-tar-perl 1.38-1 (low; bug #449544)
[sarge] - libarchive-tar-perl <no-dsa> (Minor issue)
- [etch] - libarchive-tar-perl <no-dsa> (Minor issue)
+ [etch] - libarchive-tar-perl 1.38-3~etch1
CVE-2007-4828 (Cross-site scripting (XSS) vulnerability in the API
pretty-printing ...)
- mediawiki 1.10.2-1 (low; bug #442255)
[etch] - mediawiki <not-affected> (Does not include the vulnerable code)
Modified: data/ospu-candidates.txt
===================================================================
--- data/ospu-candidates.txt 2009-06-13 21:14:23 UTC (rev 12120)
+++ data/ospu-candidates.txt 2009-06-14 07:12:37 UTC (rev 12121)
@@ -311,12 +311,6 @@
--
-libarchive-tar-perl (CVE-2007-4829)
-#449544
-notified maintainer
-
---
-
libpam-ssh (CVE-2007-0844)
#410236
notified maintainer
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
